Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Last night, our automated Aikido Intel system alerted us that potentially malicious code was detected in some packages within the @nx scope, which include packages with as many as ~6 million weekly downloads. The scope and impact of this breach are significant, as the attacker chose to publish the stolen data directly on GitHub, rather than sending it to their own servers. This means that there’s a SIGNIFICANT amount of credentials that are publicly available on GitHub.

TL;DR: Bazel builds fast but made security a mess. No lockfiles, no visibility, lots of manual work. Aikido now scans Bazel projects automatically, flags risky dependencies, and saves you from custom scripts and CI hacks.

Modern development teams do far more than simply write code. Now, with the help of AI, software development organizations are orchestrating its creation, maintenance, and delivery at a bigger scale than ever before. Tools like Windsurf and Devin from Cognition help developers across the Software Development Lifecycle (SDLC) by augmenting people with multi-step reasoning agents that can write code.