Endor Labs, which builds tools to scan AI-generated code for vulnerabilities, lands $93M
AI-generated code is no doubt changing how software is built, but it's also introducing new security challenges. More than 50% of organizations encounter security issues with AI-produced code sometimes or frequently, according to a late 2023 survey by developer security platform Synk.
For Endor Labs, that opportunity proved alluring enough that it chose to change course somewhat. Endor started off helping companies secure their open-source package dependencies — in fact, it even raised a $70 million Series A round just two years ago to grow its developer pipeline governance service.
But the startup's co-founders Varun Badhwar and Dimitri Stiliadis saw growing demand elsewhere — spotting and combating vulnerabilities in the growing masses of code that engineers use AI to generate and fine-tune.
Today, Endor runs a platform that, it claims, can not only review code and identify risks, but also recommend "precise" fixes and apply them automatically. The company offers a plugin for AI-powered programming tools like Cursor and GitHub Copilot that scans code as it's written and flags issues.
The pivot could prove to be a wise choice. On Wednesday, Endor announced that it closed a $93 million Series B round led by DFJ Growth, with participation from Salesforce Ventures, Lightspeed Venture Partners, Coatue, Dell Technologies Capital, Section 32, and Citi Ventures.
Badhwar (CEO) said that the round values Endor at "orders of magnitude higher" than its Series A valuation. The proceeds will be used to expand Endor's platform, he added. The Series B brings the startup's total capital raised to $163 million.
"This new round positions us to continue delivering, even in a tougher macro environment than similar companies faced five to ten years ago," Badhwar told TechCrunch. "We raised now because we're seeing strong momentum — 30x annual recurring revenue growth since our Series A in 2023 — and this lets us double down on delivering outcomes for our customers."
Several months ago, Endor launched a tool designed to help organizations spot where AI models and services integrate with their codebase, and evaluate the integrations for security flaws. The idea is to provide better oversight as AI programming tools proliferate, said Badhwar.
Endor says it now protects more than 5 million applications and runs over a million scans each week for customers including OpenAI, Rubrik, Peloton, Snowflake, Egnyte and Dropbox.
"We came out of stealth in October 2022 — right as interest rates spiked — and we've seen strong traction ever since," Badhwar said.
Ramin Sayar, venture partner at DFJ Growth, said his firm invested because Endor found itself at the right place, at the right time.
"As generative AI transforms coding practices, developers are generating vast amounts of code without thorough visibility and control," Sayar told TechCrunch. 'Endor Labs is not only setting a new standard in application security — the team is creating a movement by launching their expanded platform."
Endor currently has 133 employees concentrated in its offices in Palo Alto and Bangalore.
This article originally appeared on TechCrunch at https://techcrunch.com/2025/04/23/endor-labs-which-builds-tools-to-scan-ai-generated-code-for-vulnerabilities-lands-93m/
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Fast Company
a day ago
- Fast Company
Vibe coding lets anyone write software—but comes with risks
Whether you're streaming a show, paying bills online or sending an email, each of these actions relies on computer programs that run behind the scenes. The process of writing computer programs is known as coding. Until recently, most computer code was written, at least originally, by human beings. But with the advent of generative artificial intelligence, that has begun to change. Just as you can ask ChatGPT to spin up a recipe for a favorite dish or write a sonnet in the style of Lord Byron, now you can ask generative AI tools to write computer code for you. Andrej Karpathy, an OpenAI co-founder who previously led AI efforts at Tesla, recently termed this ' vibe coding.' For complete beginners or nontechnical dreamers, writing code based on vibes—feelings rather than explicitly defined information—could feel like a superpower. You don't need to master programming languages or complex data structures. A simple natural language prompt will do the trick. How it works Vibe coding leans on standard patterns of technical language, which AI systems use to piece together original code from their training data. Any beginner can use an AI assistant such as GitHub Copilot or Cursor Chat, put in a few prompts, and let the system get to work. Here's an example: 'Create a lively and interactive visual experience that reacts to music, user interaction, or real-time data. Your animation should include smooth transitions and colorful and lively visuals with an engaging flow in the experience. The animation should feel organic and responsive to the music, user interaction, or live data and facilitate an experience that is immersive and captivating. Complete this project using JavaScript or React, and allow for easy customization to set the mood for other experiences.' But AI tools do this without any real grasp of specific rules, edge cases, or security requirements for the software in question. This is a far cry from the processes behind developing production-grade software, which must balance trade-offs between product requirements, speed, scalability, sustainability, and security. Skilled engineers write and review the code, run tests, and establish safety barriers before going live. But while the lack of a structured process saves time and lowers the skills required to code, there are trade-offs. With vibe coding, most of these stress-testing practices go out the window, leaving systems vulnerable to malicious attacks and leaks of personal data. And there's no easy fix: If you don't understand every—or any—line of code that your AI agent writes, you can't repair the code when it breaks. Or worse, as some experts have pointed out, you won't notice when it's silently failing. The AI itself is not equipped to carry out this analysis either. It recognizes what 'working' code usually looks like, but it cannot necessarily diagnose or fix deeper problems that the code might cause or exacerbate. Why it matters Vibe coding could be just a flash-in-the-pan phenomenon that will fizzle before long, but it may also find deeper applications with seasoned programmers. The practice could help skilled software engineers and developers more quickly turn an idea into a viable prototype. It could also enable novice programmers or even amateur coders to experience the power of AI, perhaps motivating them to pursue the discipline more deeply. Vibe coding also may signal a shift that could make natural language a more viable tool for developing some computer programs. If so, it would echo early website editing systems known as WYSIWYG editors that promised designers 'what you see is what you get,' or 'drag-and-drop' website builders that made it easy for anyone with basic computer skills to launch a blog. For now, I don't believe that vibe coding will replace experienced software engineers, developers, or computer scientists. The discipline and the art are much more nuanced than what AI can handle, and the risks of passing off 'vibe code' as legitimate software are too great. But as AI models improve and become more adept at incorporating context and accounting for risk, practices like vibe coding might cause the boundary between AI and human programmer to blur further.
Yahoo
3 days ago
- Yahoo
Why investing in growth-stage AI startups is getting riskier and more complicated
Making a bet on AI startups has never been so exciting -- or more risky. Incumbents like OpenAI, Microsoft, and Google are scaling their capabilities fast to swallow many of the offerings of smaller companies. At the same time, new startups are reaching the growth stage much faster than they historically have. But defining "growth stage" in AI startups is not so cut-and-dried today. Jill Chase, partner at CapitalG, said on stage at TechCrunch AI Sessions that she's seeing more companies that are only a year old, yet have already reached tens of millions in annual recurring revenue and more than $1 billion in valuation. While those companies might be defined as mature due to their valuation and revenue generation, they often lack much of the necessary safety, hiring, and executive infrastructure. 'On one hand, that's really exciting. It represents this brand new trend of extremely fast growth, which is awesome,' Chase said. 'On the other hand, it's a little bit scary because I'm gonna pay at an $X billion valuation for this company that didn't exist 12 months ago, and things are changing so quickly.' 'Who knows who is in a garage somewhere, maybe in this audience somewhere, starting a company that in 12 months will be a lot better than this one I'm investing in that's at $50 million ARR today,' Chase continued. 'So it's made growth investing a little confusing.' To cut through the noise, Chase said it's important for investors to feel good about the category and the 'ability of the founder to very quickly adapt and see around corners.' She noted that AI coding startup Cursor is a great example of a company that 'jumped on the exact right use case of AI code generation that was available and possible given the technology at the time.' However, Cursor will need to work to maintain its edge. 'There will be, by the end of this year, AI software engineers,' Chase said. 'In that scenario, what Cursor has today is going to be a little less relevant. It is incumbent on the Cursor team to see that future and to think, okay, how do I start building my product so that when those models come out and are much more powerful, the product surface represents those and I can very quickly plug those in and switch into that state of code generation?' This article originally appeared on TechCrunch at
Yahoo
3 days ago
- Yahoo
Why investing in growth-stage AI startups is getting riskier and more complicated
Making a bet on AI startups has never been so exciting -- or more risky. Incumbents like OpenAI, Microsoft, and Google are scaling their capabilities fast to swallow many of the offerings of smaller companies. At the same time, new startups are reaching the growth stage much faster than they historically have. But defining "growth stage" in AI startups is not so cut-and-dried today. Jill Chase, partner at CapitalG, said on stage at TechCrunch AI Sessions that she's seeing more companies that are only a year old, yet have already reached tens of millions in annual recurring revenue and more than $1 billion in valuation. While those companies might be defined as mature due to their valuation and revenue generation, they often lack much of the necessary safety, hiring, and executive infrastructure. 'On one hand, that's really exciting. It represents this brand new trend of extremely fast growth, which is awesome,' Chase said. 'On the other hand, it's a little bit scary because I'm gonna pay at an $X billion valuation for this company that didn't exist 12 months ago, and things are changing so quickly.' 'Who knows who is in a garage somewhere, maybe in this audience somewhere, starting a company that in 12 months will be a lot better than this one I'm investing in that's at $50 million ARR today,' Chase continued. 'So it's made growth investing a little confusing.' To cut through the noise, Chase said it's important for investors to feel good about the category and the 'ability of the founder to very quickly adapt and see around corners.' She noted that AI coding startup Cursor is a great example of a company that 'jumped on the exact right use case of AI code generation that was available and possible given the technology at the time.' However, Cursor will need to work to maintain its edge. 'There will be, by the end of this year, AI software engineers,' Chase said. 'In that scenario, what Cursor has today is going to be a little less relevant. It is incumbent on the Cursor team to see that future and to think, okay, how do I start building my product so that when those models come out and are much more powerful, the product surface represents those and I can very quickly plug those in and switch into that state of code generation?' Error in retrieving data Sign in to access your portfolio Error in retrieving data
