Today, we’re launching Aikido Malware — our proprietary malware feed built to detect and track malicious packages in open-source ecosystems like npm and soon, PyPI.

Our Aikido Intel team has been identifying undisclosed open-source vulnerabilities using LLM-driven analysis and human verification. Now, we’re expanding our supply chain security research to detect and track malware in open-source packages, cheaper, better, & faster than what exists today. The results speak for themselves–
• In March alone, Aikido Malware flagged 611 malicious packages vs 156 flagged by OpenSSF (the next-best open feed).
• Our median detection time? 5 minutes.
• OpenSSF’s median? 10 days.
This is a massive jump in both speed and signal—and we’re open-sourcing the feed so the rest of the community can benefit to.
Why does this matter? Open-source is the backbone of modern development—but it’s also a growing attack surface.
Since 2019, over 778,500 malicious packages have been identified across open-source ecosystems—and it’s accelerating fast: malware volume grew 156% last year alone. 🚨
Attackers are getting smarter: impersonating popular packages like typosquatting, hijacking maintainer accounts, and slipping in malicious updates. But most malware feeds today are locked behind enterprise paywalls.
We think developers deserve better. So, we’re changing that. By expanding Aikido Intel with malware intelligence, security teams and developers can get early warnings for emerging supply chain threats—faster, broader, and accessible.
• High-signal, fast threat data
• Open-source feed, AGPL-licensed
• Built for developers and security teams, not just enterprises with 6-figure budgets
We’re starting with npm. PyPI is next. GitHub Actions coming soon.
Let’s make open-source safer—together.
Find out how our Intel team discovered a North Korean attack 👀
Our security researcher, Charlie, dissects a recent North Korean hacking group attack. Get a minute-by-minute analysis of how we discovered the Lazarus attack “hiding in plain sight”
"On March 13th 2025, our malware analysis engine alerted us to a potential malicious package that was added to NPM. First indications suggested this would be a clear-cut case, however, when we started peeling back the layers things weren’t quite as they seemed.
Here is a story about how sophisticated nation state actors can hide malware within packages…. (read on)
Or watch Mackenzie break down the Lazarus attack on video.
Interested to leverage our Intel?
1. Open Source | The Feed is open source, updated with all new threats: https://intel.aikido.dev/
Aikido Intel is available under AGPL license, developers may freely use, modify, and distribute the vulnerability & malware feed.
2. Liscense our Intel | If you want to leverage Aikido Intel - vulnerability DB + Malware feed - in your own product, the API is available to license. Reach out to license here.
3. Get protected by Aikido– its free | Easily secure your software supply chain, and more. Secure your code, cloud, and runtime with Aikido’s all-in-one security platform. Get secure here.
