Belgian cybersecurity company Aikido Security BV today launched Endpoint, a lightweight security agent designed to secure artificial intelligence use on developer workstations and address supply chain attacks against open-source software. 

Endpoint delivers a platform for enterprises to gain visibility and control over software packages, independent development environments, browser extensions and the AI tools now integrated into modern software development. 

The company argues that developer workstations and laptops have become blind spots for many organizations. Much of the time, these computers and devices are secured like any other appliance in the business. Traditional security either puts developers through lengthy approval processes — which they then bypass — or relies on weak controls that don’t address the risks. 

AI-driven development and deployment have introduced a variety of new attack surfaces that traditional security has not quite caught up to. Aikido said Endpoint helps enterprises fully embrace AI-native software development securely and at scale by providing real-time monitoring and policy enforcement, while still giving developers flexibility. 

That means developers can import tools, packages, Model Context Protocol hooks, extensions, AI tools and agents, while Endpoint checks them before installation. 

“Enterprises are rolling out AI coding tools to thousands of developers with little to no visibility and control of what is really running on developer workstations,” co-founder and Chief Executive Willem Delbare said. “Our approach to self-securing software builds the guardrails for this new era of development by protecting not just the code that is being shipped, but also the environment where it’s generated.” 

Endpoint is built on Aikido Safe Chain, the company’s open-source malware detection and defense system, which has more than 200,000 weekly downloads. It uses a lightweight AI agent that persists across developer environments and activates before any package, IDE, plugin or browser extension is installed. It inspects and reports. 

As an added security measure, any packages published less than 48 hours earlier are automatically held, eliminating the highest-risk window for attacks after installation. 

Security teams can audit every action Endpoint takes, while also gaining visibility into which AI tools, models and services are running across developer systems. It also provides enforcement and policy rules by team, role and device. The objective is to replace rigid, organization-wide rules with controls tailored to actual use. 

The company said its threat intelligence models defend against more than 100,000 weekly threats and that supply chain attacks are on the rise, especially through insecure npm packages.  

A supply chain attack is a cyberattack in which hackers compromise a trusted vendor, software package or service to reach the organizations or users that depend on it. Recent headlines have become a bellwether for this trend, including the compromise of the Axios JavaScript library late last month. 

Image: SiliconANGLE/Microsoft Designer