Endor Labs launches AURI to secure AI-driven coding
Endor Labs has launched AURI, a security intelligence platform for software teams that use AI agents and coding assistants to write and maintain code. It integrates into developer workflows and offers a free developer tier, while also extending into delivery pipelines for organisations that want consistent security checks across the software lifecycle.
The release comes as teams increasingly rely on AI tools for code generation and review. These tools can speed up delivery, but they can also produce insecure or incomplete results when they lack visibility into how an application is assembled. Endor Labs positions AURI as a way to give AI-driven workflows more context on code, dependencies, containers, and other components that shape real-world risk.
AURI ties together analysis of first-party code, open-source packages, container images, and AI models. It adds reachability analysis to focus attention on vulnerabilities that are actually exploitable in a given application path. It also includes automated remediation flows, using multiple specialised agents to handle detection, triage, and fixes.
Varun Badhwar, CEO and co-founder of Endor Labs, described the release as a shift away from security controls that appear late in the pipeline.
"Every AI coding agent faces the same blind spot: it can generate code, but it can't see your full application context - how your code, dependencies, containers, and services actually connect," said Varun Badhwar, CEO and co-founder of Endor Labs.
Endor Labs also pointed to adoption and quality concerns with AI-generated code. It cited research showing 90% of teams now use AI coding assistants, while a smaller share of code is both functionally correct and secure. As more code generation and maintenance becomes automated, it argues, independent verification becomes increasingly important.
Inside the workflow
AURI is available through a free tier of a Model Context Protocol server, giving AI coding assistants and autonomous agents access to the platform's security intelligence from within day-to-day tools. Endor Labs also offers command-line access and integrations with IDEs including VS Code, Cursor, and Windsurf.
The approach reflects a broader move in application security toward controls that sit closer to the point of code creation. Katie Norton, research manager for DevSecOps and software supply chain security at IDC, described a shift in how teams implement application security checks.
"The application security market is undergoing a structural shift in how controls are implemented, embedding them directly into code generation, review, and maintenance workflows rather than relying primarily on post-development scanning," said Katie Norton, research manager for DevSecOps and Software Supply Chain Security at IDC.
For organisations, AURI can extend beyond developer workstations into CI/CD pipelines and related workflows. This model addresses a common challenge in fast-moving teams, where local tooling and centralised scanning can drift apart, and it emphasises standardised policy and consistent findings across environments.
Reachability focus
Reachability analysis is central to AURI's pitch. Rather than treating every flagged issue the same, the platform traces data flows across code, third-party dependencies, and container layers, then identifies vulnerabilities that are reachable from application execution paths.
Cursor, which builds developer tools, shared a customer perspective on the operational impact of prioritisation.
"Over 97% of vulnerabilities flagged by our previous tool weren't reachable in our application," said Travis McPeak, Security at Cursor.
Alongside reachability, AURI includes deep code reasoning using multi-file call graphs and dataflow analysis. Endor Labs says this helps detect business logic flaws that can evade simpler scanning techniques. The platform also monitors open-source projects and AI models for risky or malicious dependencies before they enter a codebase.
AURI also includes "agent orchestration," which Endor Labs describes as specialised agents that collaborate on detection and remediation. The goal is to reduce manual effort as alert volumes rise with increasing code output.
Competitive landscape
The launch brings Endor Labs into more direct competition with established application security vendors, including those focused on developer-first tooling and software supply chain scanning. The company is betting that the next wave of differentiation will come from security systems built for agent-driven development, where automated systems may create, review, and maintain code as often as humans do.
Ramin Sayar, venture partner at DFJ Growth and former CEO of Sumo Logic, argued that security architecture must change as development becomes more agent-driven.
"AI is driving a structural shift in software development, and it requires a fundamentally new security architecture," said Ramin Sayar, Venture Partner at DFJ Growth and Former CEO at Sumo Logic.
Endor Labs also emphasised that AURI is not intended to replace security teams, but to reduce time spent on low-value triage. Amod Gupta, vice president of product and design at Endor Labs, connected the platform's automation to increased leverage for AppSec teams.
"This isn't about replacing security teams with AI," said Amod Gupta, VP of Product & Design.
The free developer tier is designed to help individual developers and small teams adopt the tooling within existing environments. Endor Labs expects broader rollouts as organisations connect the platform to build systems and deployment processes.
Joe Pelletier, head of product at OpenHands, linked AURI's positioning to the growing role of autonomous agents in routine engineering work.
"The future of software development is autonomous agents that handle the everyday toil of code reviews, test coverage, dependency upgrades, and production issues so engineers can focus on inner-loop work. But that only scales if security is built into how those agents operate, not layered on as an afterthought," said Joe Pelletier, Head of Product at OpenHands.