[ad_1]
Endor Labs, the appliance safety startup backed by greater than $208 million in enterprise funding, at present launched AURI, a platform that embeds real-time safety intelligence immediately into the AI coding instruments which can be reshaping how software program will get constructed. The product is on the market free to particular person builders and integrates natively with standard AI coding assistants together with Cursor, Claude, and Increase by means of the Mannequin Context Protocol (MCP).
The announcement arrives in opposition to a sobering backdrop. Whereas 90% of growth groups now use AI coding assistants, analysis printed in December by Carnegie Mellon College, Columbia College, and Johns Hopkins College discovered that leading fashions produce functionally right code solely about 61% of the time — and simply 10% of that output is each practical and safe.
"Despite the fact that AI can now produce functionally right code 61% of the time, solely 10% of that output is each practical and safe," Endor Labs CEO Varun Badhwar advised VentureBeat in an unique interview. "These coding brokers had been educated on open supply code from throughout the web, in order that they've realized finest practices — however they've additionally realized to copy numerous the identical safety issues of the previous."
That hole between code that works and code that’s protected defines the market AURI is designed to seize — and the urgency behind its launch.
The safety disaster hiding contained in the AI coding revolution
To know why Endor Labs constructed AURI, it helps to know the structural downside on the coronary heart of AI-assisted software program growth. AI coding fashions are educated on huge repositories of open-source code scraped from throughout the web — code that features not solely finest practices but in addition well-documented vulnerabilities, insecure patterns, and flaws that will not be found for years after the code was initially written.
Badhwar, a repeat cybersecurity entrepreneur who beforehand constructed RedLock (acquired by Palo Alto Networks), based Endor Labs 4 years in the past with Dimitri Stiliadis. The unique thesis was simple: builders had been changing into "software program assemblers," writing much less unique code and importing most parts from open supply repositories. Then got here the explosion of AI-powered coding instruments, which Badhwar described as "the as soon as in a technology alternative of methods to rewrite software program growth life cycle powered by AI."
The productiveness good points are actual — extra effectivity, sooner time to market, and the democratization of software program creation past educated engineers. However the safety penalties are doubtlessly devastating. New vulnerabilities are found daily in code that will have been written a decade in the past, and that continuously evolving risk intelligence isn’t simply obtainable to the AI fashions producing new code.
"Day by day, each hour, new vulnerabilities are present in software program that may have been written 5, 10, 12 years in the past — and that info isn't simply obtainable to the fashions," Badhwar defined. "For those who began filtering out something that ever had a vulnerability, you'd haven’t any code left to coach on."
The result’s a suggestions loop: AI instruments generate code at unprecedented pace, a lot of it modeled on insecure patterns, and safety groups scramble to maintain up. Conventional scanning instruments, designed for a world the place people wrote and reviewed code at human pace, are more and more overmatched.
How AURI traces vulnerabilities by means of each layer of an software
AURI's core technical differentiator is what Endor Labs calls its "code context graph" — a deep, function-level map of how an software's first-party code, open supply dependencies, container layers, and AI fashions interconnect. The place opponents like Snyk and GitHub's Dependabot study what libraries an software imports and cross-reference them in opposition to identified vulnerability databases, Endor Labs traces precisely how and the place these parts are literally used, all the way down to the person line of code.
"We’ve got this code intelligence graph that understands not simply what libraries and dependencies you employ, however pinpoints precisely how, the place, and in what context they're used — all the way down to the particular line of code the place you're calling a chunk of performance that has a vulnerability," Badhwar stated.
He illustrated the distinction with a concrete instance. A developer may import a big library like an AWS SDK however solely name two companies comprising 10 traces of code. The remaining 99,000 traces in that open supply library are unreachable by the appliance. Conventional instruments flag each identified vulnerability throughout your entire library. AURI's full-stack reachability evaluation trims these irrelevant findings away.
Constructing that functionality required vital funding. Endor Labs employed 13 PhDs specializing in program evaluation, a lot of whom beforehand constructed comparable know-how internally at corporations like Meta, GitHub, and Microsoft. The corporate has listed billions of capabilities throughout tens of millions of open supply packages and created over half a billion embeddings to determine the provenance of copied code, even when operate names or buildings have been modified.
The platform combines this deterministic evaluation with agentic AI reasoning. Specialised brokers work collectively to detect, triage, and remediate vulnerabilities routinely, whereas multi-file name graphs and dataflow evaluation detect advanced enterprise logic flaws that span a number of parts. The end result, in accordance with Endor Labs, is a mean 80% to 95% discount in safety findings for enterprise clients — trimming away what Badhwar referred to as "tens of tens of millions of {dollars} a 12 months in developer productiveness" misplaced to investigating false positives.
A free tier for builders, a paid platform for the enterprise
In a strategic transfer geared toward speedy adoption, Endor Labs is providing AURI's core performance free to particular person builders by means of an MCP server that integrates immediately with standard IDEs together with VS Code, Cursor, and Windsurf. The free tier requires no bank card, no sign-up course of, and no advanced registration.
"The concept is that there's no coverage, no administration, no customization. It simply helps your code technology instruments cease creating extra vulnerabilities," Badhwar stated.
Privateness-conscious builders will notice a key architectural alternative: the free product runs completely on the developer's machine. Solely non-proprietary vulnerability intelligence is pulled from Endor Labs' servers. "Your entire code stays native and is scanned domestically. It by no means will get copied into AURI or Endor Labs or the rest," Badhwar defined.
The enterprise model provides the options giant organizations want: full customization, coverage configuration, role-based entry management for groups of 1000’s of builders, and integration throughout CI/CD pipelines. Enterprise pricing is predicated on the variety of builders and the quantity of scans. Deployment choices embrace native scanning, ephemeral cloud containers, and on-premises Kubernetes clusters with full tenant isolation — flexibility Badhwar stated is "probably the most any vendor provides on this area."
The freemium strategy mirrors the playbook that labored for developer instruments corporations like GitHub and Atlassian: win particular person builders first, then increase into their organizations. But it surely additionally displays a sensible actuality. In a world the place AI coding brokers are proliferating throughout each workforce, Endor Labs must be wherever code is being written — not ready behind a procurement course of.
"Over 97% of vulnerabilities flagged by our earlier software weren't reachable in our software," stated Travis McPeak, Safety at Cursor, in a press release despatched to VentureBeat. "AURI by Endor Labs reveals the few vulnerabilities which can be impactful, so we patch shortly, specializing in what issues."
Why Endor Labs says independence from AI coding instruments is crucial
The applying safety market is more and more crowded. Snyk, GitHub Superior Safety, and a rising variety of startups all compete for developer consideration. Even the AI mannequin suppliers themselves are coming into the fray: Anthropic lately introduced a code safety product constructed into Claude, a transfer that despatched ripples by means of the market.
Badhwar, nevertheless, framed Anthropic's announcement as validation relatively than risk. "That's one of many largest validations of what we do, as a result of it says code safety is likely one of the hottest issues out there," he advised VentureBeat. The deeper query, he argued, is whether or not enterprises need to belief the identical software producing code to additionally overview it.
"Claude isn’t going to be the one software you employ for agentic coding. Are you going to make use of a separate safety product for Cursor, a separate one for Claude, a separate one for Increase, and one other for Gemini Code Help?" Badhwar stated. "Do you need to belief the identical software that's creating the software program to additionally overview it? There's a purpose we've all the time had reviewers who’re totally different from the builders."
He outlined three ideas he believes will outline efficient safety within the agentic period: independence (safety overview have to be separate from the software that generated the code), reproducibility (findings have to be constant, not probabilistic), and verifiability (each discovering have to be backed by proof). It’s a direct problem to purely LLM-based approaches, which Badhwar characterised as "fully non-deterministic instruments that you haven’t any management over by way of having verifiability of findings, consistency."
AURI's strategy combines LLMs for what they do finest — reasoning, clarification, and contextualization — with deterministic instruments that present the consistency enterprises require. Past detection, the platform simulates improve paths and tells builders which remediation route will work with out introducing breaking modifications, a step past what most opponents supply. Builders can then execute these fixes themselves or route them to AI coding brokers with confidence that the modifications have been deterministically validated.
Actual-world outcomes present AURI can already discover zero-day vulnerabilities
Endor Labs has already demonstrated AURI's capabilities in high-profile eventualities. In February 2026, the corporate introduced that AURI had recognized and validated seven safety vulnerabilities in OpenClaw, the favored agentic AI assistant, which had been later acknowledged by the OpenClaw growth workforce. As reported by Infosecurity Journal, OpenClaw subsequently patched six of the vulnerabilities, which ranged from high-severity server-side request forgery bugs to path traversal and authentication bypass flaws.
"These are zero days. They've by no means been discovered, however AURI did an unbelievable job of discovering these," Badhwar stated. The corporate has additionally been detecting energetic malware campaigns in ecosystems like NPM, together with monitoring campaigns like Shai-Hulud for a number of months.
The corporate is well-capitalized to maintain its push. Endor Labs closed an oversubscribed $93 million Sequence B spherical in April 2025 led by DFJ Development, with participation from Salesforce Ventures, Lightspeed Enterprise Companions, Coatue, Dell Applied sciences Capital, Part 32, and Citi Ventures. The corporate reported 30x annual recurring income progress and 166% web income retention since its Sequence A simply 18 months earlier. Its platform now protects greater than 5 million functions and runs over 1 million scans every week for patrons together with OpenAI, Cursor, Dropbox, Atlassian, Snowflake, and Robinhood.
A number of dozen enterprise clients already use Endor Labs to speed up compliance with frameworks together with FedRAMP, NIST requirements, and the European Cyber Resilience Act — a rising precedence as regulators more and more deal with software program provide chain safety as a matter of nationwide safety.
The guess that safety can hold tempo with autonomous software program brokers
The broader query hanging over AURI's launch — and over the appliance safety business as an entire — is whether or not safety tooling can evolve quick sufficient to match the tempo of AI-driven growth. Critics of agentic safety warn that the business is shifting too shortly, granting AI brokers permissions throughout vital methods with out absolutely understanding the dangers. Badhwar acknowledged the priority however argued that resistance is futile.
"I've seen this play out after I was constructing cloud safety merchandise, and folks had been terrified of shifting to AWS," he stated. "There was a notion of management when it was in your information heart. But, guess what? That was the most important motion of its time, and we as an business constructed the appropriate know-how and safety tooling and visibility round it to make ourselves snug."
For Badhwar, probably the most thrilling implication of agentic growth isn’t the brand new dangers it creates however the outdated issues it will probably lastly clear up. Safety groups have spent many years struggling to get builders to prioritize fixing vulnerabilities over constructing options. AI brokers, he argued, should not have that downside — when you give them the appropriate directions and the appropriate intelligence, they merely execute.
"Safety has all the time struggled for lack of a developer's consideration," Badhwar stated. "However we expect you may get an AI agent that's writing software program's consideration by giving them the appropriate context, integrating into the appropriate workflows, and simply having them do the appropriate factor for you, so that you don't take an automation alternative and make it a human's downside."
It’s a characteristically optimistic framing from a founder who has constructed his profession on the intersection of tectonic know-how shifts and the safety gaps they depart behind. Whether or not AURI can ship on that imaginative and prescient on the scale the AI coding revolution calls for stays to be seen. However in a world the place machines are writing code sooner than people can overview it, the choice — hoping the fashions get safety proper on their very own — is a guess few enterprises can afford to make.
[ad_2]
