Fastest-growing AppSec company ever, brings to bear the most comprehensive security dataset for AI-generated code and the vibe coding era
PALO ALTO, Calif., April 23, 2025 — Endor Labs, the fastest-growing company in application security, today announced a major expansion of its AppSec platform—purpose-built for the era of AI-generated code and “vibe coding.” Powered by Agentic AI and the industry’s richest security dataset, the platform doesn’t just identify risks—it prioritizes them, proposes remediations, and can apply fixes automatically. The result: entire classes of threats are neutralized before they ever reach production.
“We’re in the middle of the software development revolution. Until recently, 80% of code came from open source. Moving forward, 80% will be generated by AI. That future isn’t far off—it’s already reshaping how software gets built today, ” said Varun Badhwar, co-founder and CEO of Endor Labs. “Everyone’s building AI agents, but most are just wrappers around LLMs. What makes our agents powerful is the data underneath. We’ve spent years building the security dataset the industry needs to make AI actually useful for AppSec teams.”
Endor Labs is built for a world where software is being written faster—and with less oversight—than ever before. With 62% of AI-generated solutions containing bugs or security vulnerabilities, and nearly 30% including critical weaknesses, traditional tools simply can’t keep up. Endor Labs addresses this head-on with a unique combination of deep technical analysis and intelligent automation. Over the past three years, the team of world-renowned program analysis experts at Endor Labs has:
- Analyzed 4.5 million open source projects and AI models
- Mapped 150+ risk factors to each
- Built call graphs indexing billions of functions and libraries
- Annotated the exact lines where known vulnerabilities exist
This context powers a new generation of AI agents that operate inside the software development lifecycle—not just alerting, but acting.
The company today also announced its $93 million Series B funding round led by DFJ Growth, with participation from Salesforce Ventures and existing backers including Lightspeed Venture Partners, Coatue, Dell Technologies Capital, Section 32, and Citi Ventures. This funding will support the expanded AppSec platform and Endor Labs’ position as the fastest-growing AppSec platform. You can read further details about the financing here.
What’s New: Agentic AI for AppSec
At the core of the platform are dedicated AI agents built specifically for application security. These agents reason about code like developers, architects, and security engineers. They work in concert to review code, identify risks, and recommend precise fixes—extending the capabilities of security teams without creating developer friction.
Endor Labs is launching the first capabilities built on this platform today:
AI Security Code Review
Endor Labs uses multiple AI agents to review every pull request (PR) for architectural changes that impact your security posture, and fall outside the scope of legacy Static Application Security Testing (SAST) and vulnerability scanning tools. For example:
- Addition of AI systems that are vulnerable to prompt injection
- Modifications to authentication or authorization mechanisms
- Introduction of new public API endpoints
- Changes to cryptographic implementations
- Alterations to sensitive data handling
Key benefits:
- Surfaces high-risk changes buried in thousands of pull requests
- Cuts false positives and alert fatigue with contextual prioritization
- Lets security engineers focus on what actually matters
“We’re looking for better ways to scale how we identify business logic risks and unknown unknowns in our codebase.” Said Mark Breitenbach, Security Engineer at Dropbox. “Traditional static analysis tools haven’t really given us the lift we need. Being able to detect risks that we’d otherwise miss manually or through traditional automation is hugely valuable.”
MCP Plugin for Cursor (Real-Time AI Code Security)
As “vibe coding” becomes the norm—where developers move fast and follow intuition—the MCP plugin brings security directly into AI-native tools like Cursor and GitHub Copilot. It scans code as it’s written, flags risks, and helps developers and AI coding agents fix issues without slowing them down. In short, it brings the power and context of Endor Labs right into Cursor and Copilot, long before a pull request is even created. This transforms what used to be a weeks-long process involving security tickets, developer back-and-forth, and manual fixes into an automated workflow that resolves issues in minutes—all without disrupting the developer experience.
“Despite the advances we see on a daily basis, application security teams are still struggling to adopt AI in a way that helps them improve productivity,” said Chris Steffen, Vice President of Research at Enterprise Management Associates. “They need greater visibility and context into AI-generated code, and solutions to help them uncover security risks sooner and faster. Endor Labs is ahead of the game with AI innovations built specifically for application security engineers using its wealth of data and knowledge.”
Availability
AI Code Security Review will be available to all Endor Labs customers in May. To see it in action or book a meeting at RSA Conference, visit endorlabs.com.
About Endor Labs
Endor Labs is building the application security platform for the software development revolution. From open source to AI-generated code, it helps teams identify, prioritize, and fix the vulnerabilities that actually matter—faster. With deep program analysis, automated remediation, and unmatched dataset coverage, Endor Labs empowers modern engineering and security teams to move fast without compromise.
Founded by Varun Badhwar and Dimitri Stiliadis, Endor Labs has raised $163M from leading VCs including DFJ Growth, Lightspeed Venture Partners, Salesforce Ventures, Coatue, Section32, and Dell Technologies Capital.
Media Contact
Ray George
Story Changes Culture
650-922-3825
[email protected]
SOURCE Endor Labs
