Endor Labs, which builds tools to scan AI-generated code for vulnerabilities, lands $93M
For Endor Labs, that opportunity proved alluring enough that it chose to change course somewhat. Endor started off helping companies secure their open-source package dependencies — in fact, it even raised a $70 million Series A round just two years ago to grow its developer pipeline governance service.
But the startup's co-founders Varun Badhwar and Dimitri Stiliadis saw growing demand elsewhere — spotting and combating vulnerabilities in the growing masses of code that engineers use AI to generate and fine-tune.
Today, Endor runs a platform that, it claims, can not only review code and identify risks, but also recommend "precise" fixes and apply them automatically. The company offers a plugin for AI-powered programming tools like Cursor and GitHub Copilot that scans code as it's written and flags issues.
The pivot could prove to be a wise choice. On Wednesday, Endor announced that it closed a $93 million Series B round led by DFJ Growth, with participation from Salesforce Ventures, Lightspeed Venture Partners, Coatue, Dell Technologies Capital, Section 32, and Citi Ventures.
Badhwar (CEO) said that the round values Endor at "orders of magnitude higher" than its Series A valuation. The proceeds will be used to expand Endor's platform, he added. The Series B brings the startup's total capital raised to $163 million.
"This new round positions us to continue delivering, even in a tougher macro environment than similar companies faced five to ten years ago," Badhwar told TechCrunch. "We raised now because we're seeing strong momentum — 30x annual recurring revenue growth since our Series A in 2023 — and this lets us double down on delivering outcomes for our customers."
Several months ago, Endor launched a tool designed to help organizations spot where AI models and services integrate with their codebase, and evaluate the integrations for security flaws. The idea is to provide better oversight as AI programming tools proliferate, said Badhwar.
Endor says it now protects more than 5 million applications and runs over a million scans each week for customers including OpenAI, Rubrik, Peloton, Snowflake, Egnyte and Dropbox.
"We came out of stealth in October 2022 — right as interest rates spiked — and we've seen strong traction ever since," Badhwar said.
Ramin Sayar, venture partner at DFJ Growth, said his firm invested because Endor found itself at the right place, at the right time.
"As generative AI transforms coding practices, developers are generating vast amounts of code without thorough visibility and control," Sayar told TechCrunch. 'Endor Labs is not only setting a new standard in application security — the team is creating a movement by launching their expanded platform."
Endor currently has 133 employees concentrated in its offices in Palo Alto and Bangalore.
This article originally appeared on TechCrunch at https://techcrunch.com/2025/04/23/endor-labs-which-builds-tools-to-scan-ai-generated-code-for-vulnerabilities-lands-93m/
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
CNBC
21 hours ago
- CNBC
GPT-5's rollout fell flat for consumers, but the AI model is gaining where it matters most
Sam Altman turned OpenAI into a cultural phenomenon with ChatGPT. Now, three years later, he's chasing where the real money is: Enterprise. Last week's rollout of GPT-5, OpenAI's newest artificial intelligence model, was rocky. Critics bashed its less-intuitive feel, ultimately leading the company to restore its legacy GPT-4 to paying chatbot customers. But GPT-5 isn't about the consumer. It's OpenAI's effort to crack the enterprise market, where rival Anthropic has enjoyed a head start. One week in, and startups like Cursor, Vercel, and Factory say they've already made GPT-5 the default model in certain key products and tools, touting its faster setup, better results on complex tasks, and a lower price. Some companies said GPT-5 now matches or beats Claude on code and interface design, a space Anthropic once dominated. Box, another enterprise customer, has been testing GPT-5 on long, logic-heavy documents. CEO Aaron Levie told CNBC the model is a "breakthrough," saying it performs with a level of reasoning that prior systems couldn't match. Behind the scenes, OpenAI has built out its own enterprise sales team — more than 500 people under COO Brad Lightcap — operating independently of Microsoft, which has been the startup's lead investor and key cloud partner. Customers can access GPT models through Microsoft Azure or go directly to OpenAI, which controls the API and product experience. Still, the economics are brutal. The models are expensive to run, and both OpenAI and Anthropic are spending big to lock in customers, with OpenAI on track to burn $8 billion this year. That's part of why both Anthropic and OpenAI are courting new capital. OpenAI is exploring a secondary stock sale that could value the company around $500 billion and said ChatGPT is nearing 700 million weekly users. Anthropic is seeking fresh funding at a potential $170 billion valuation. GPT-5 is significantly cheaper than Anthropic's top-end Claude Opus 4.1 — by a factor of seven and a half, in some cases — but OpenAI is spending huge amounts on infrastructure to sustain that edge. For OpenAI, it's a push to win customers now, get them locked in and build a real business on the back of that loyalty. Cursor, still a major Anthropic customer, is now steering new users to OpenAI. The company's co-founder and CEO Michael Truell underscored the change during OpenAI's launch livestream, describing GPT-5 as "the smartest coding model we've ever tried." Truell said the change applies only to new sign-ups, as existing Cursor customers will continue using Anthropic as their default model. Cursor maintains a committed-revenue contract with Anthropic, which has built its business on dominating the enterprise layer. As of June, enterprise makes up about 80% of its revenue, with annualized revenue growing 17x year-over-year, said a person familiar with the matter who requested anonymity in order to discuss company data. The company added $3 billion in revenue in just the past six months — including $1 billion in June alone — and has already signed triple the number of eight- and nine-figure deals this year compared to all of 2024, the person said. Anthropic said its enterprise footprint extends far beyond tech. Claude powers tools for Amazon Prime, Alexa, and AIG, and is used by top players in pharma, retail, aviation, and professional services. The company is embedded across Amazon Web Services, GCP, Snowflake, Databricks, and Palantir — and its deals tend to expand fast. Average customer spend has grown more than fivefold over the past year, with over half of business clients now using multiple Claude products, the person said. Excluding its two largest customers, revenue for the rest of the business has grown more than elevenfold year-over-year, the person said. Even with that broad reach, OpenAI is gaining ground with enterprise customers. GPT-5 API usage has surged since launch, with the model now processing more than twice as much coding and agent-building work, and reasoning use cases jumping more than eightfold, said a person familiar with the matter who requested anonymity in order to discuss company data. Enterprise demand is rising sharply, particularly for planning and multi-step reasoning tasks. GPT-5's traction over the past week shows how quickly loyalties can shift when performance and price tip in OpenAI's favor. AI-powered coding platform Qodo recently tested GPT-5 against top-tier models including Gemini 2.5, Claude Sonnet 4, and Grok 4, and said in a blog post that it led in catching coding mistakes. The model was often the only one to catch critical issues, such as security bugs or broken code, suggesting clean, focused fixes and skipping over code that didn't need changing, the company said. Weaknesses included occasional false positives and some redundancy. Vercel, a cloud platform for web applications, has made GPT-5 the default in its new open-source "vibe coding" platform — a system that turns plain-English prompts into live, working apps. It also rolled GPT-5 into its in-dashboard Agent, where the company said it's been especially good at juggling complex tasks and thinking through long instructions. "While there was a lot of competition already in AI models, Claude was just owning this space. It was by far the best coding model. It was not even close," said Malte Ubl, CTO of Vercel. "OpenAI was just not in the game." That changed with GPT-5. "They at least caught up," Ubl said. "They're better at some stuff, they're worse at other stuff." He said GPT-5 stood out for early-stage prototyping and product design, calling it more creative than Claude's Sonnet. "Traditionally, you have to optimize for the new model, and we saw really good results from the start," he said about the ease of integration. JetBrains has adopted GPT-5 as the default in its AI Assistant and in Kineto, a new no-code tool for building websites and apps, after finding it could generate simple, single-purpose tools more quickly from user prompts. Developer platform Factory said it collaborated closely with OpenAI to make GPT-5 the default for its tools. "When it comes to getting a really good plan for implementing a complex coding solution, GPT-5 is a lot better," said Matan Grinberg, CEO of Factory. "It's a lot better at planning and having coherence over its plan over a long period of time." Grinberg added that GPT-5 integrates well with their multi-agent platform: "It just plays very nicely with a lot of these high-level details that we're managing at the same time as the low-level implementation details." Pricing flexibility was a major factor in Factory's decision to default to GPT-5, as well. "Pricing is mostly what our end users care about," said Grinberg, adding that cheaper inference now makes customers more comfortable experimenting. Instead of second-guessing whether a question is worth the cost, they can "shoot from the hip more readily" and explore ideas without hesitation. Anton Osika, co-founder and CEO of Lovable, a company that builds an AI-powered tool that lets anyone create real software businesses without writing a single line of code, said his team was beta testing GPT-5 for weeks before it officially launched and was "super happy" with the improvement. "What we found is that it's more powerful. It's smarter in many complex use cases," Osika said, adding that the new model is "more prone to take actions and reflect on the action it takes" and "spends more time to make sure it really gets it right." Box's Levie said the biggest gains for him showed up in enterprise workflows that have nothing to do with writing code. His team has been testing the model for weeks on complex, real-world business data — from hundred-page lease agreements to product roadmaps — and found that it excelled at problems that tripped up earlier AI systems. Levie added that for corporate use, where AI agents run in the background to execute tasks, those step-change improvements are critical, and can turn GPT-5 into a real breakthrough for work automation. "GPT-5 has performed unbelievably well — certainly OpenAI's best model — and in many of our tests it's the best available," he said.
Tom's Guide
a day ago
- Tom's Guide
Anthropic looks to beat GPT-5 and Grok 4 with this one major upgrade
GPT-5 might be the big talking point in AI right now, but Anthropic's Claude is looking for ways to fight back and compete in the crowded market. The company's latest trick is to up its prompt length. This feature, exclusively for enterprise customers, is in part looking to bring developers over to its tool. The context window, meaning the amount of text that the model can consider, has been raised to 1 million. That is, as it sounds, absolutely massive. It translates to roughly 750,000 words. Compared to Claude's previous limit, it is roughly five times higher and more than double the amount offered by GPT-5 right now. However, this new feature will only be made available through Anthropic's cloud partners, including Amazon Bedrock and Google Cloud's Vertex AI. This means it is only going to apply to a small number of Anthropic users. This is an area where Anthropic has seen large amounts of growth in recent years, deploying one of the more successful business-focused AI plans. It has been selling it to partners, including Microsoft's GitHub Copilot, Windsurf, and Anysphere's Cursor. However, while it does have a grasp on this market right now, the competition is getting competitive, even with these new longer context windows. Both Grok 4 and GPT-5 claim to have some of the best coding capabilities available in AI tools right now. With the rollout of GPT-5, OpenAI, which has frequently been the first choice for people, could steal away business. OpenAI has largely been a consumer-focused brand, whereas Anthropic has made a lot of its money on the business side. But Altman has shown interest in this other area, too. Right now, the advancement in context length does give Anthropic a major advantage. To keep up with the progression from both Grok and ChatGPT, Anthropic announced Claude Opus 4.1 recently. This brought with it improvements to the coding capabilities of the model. Right now, the advancement in context length does give Anthropic a major advantage. However, it isn't an entirely unique feature. Google's Gemini 2.5 Pro offers a 2-million context window, and Meta's Llama 4 Scout goes up to a whopping 10 million. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. Standing out in this market is challenging. While the improvement in context windows from Anthropic makes a big difference, it is unlikely to be enough to make a massive difference. Especially considering some research seems to show that, even with a larger context window at hand, AI can't usually handle incredibly long prompts. Either way, Anthropic is looking for ways to stay competitive.
Business Insider
2 days ago
- Business Insider
This startup lets you vibe code your own app on your iPhone. It just raised $9 million from Alexis Ohanian's fund.
I bet you have an app idea. And if you do, you've probably asked yourself, "Could I use AI to code it into reality?" That's what Vibecode, a startup that uses AI to help you "vibe code" apps, is trying to make easier with a mobile app of its own. Vibecode exclusively told Business Insider that it recently nabbed a $9.4 million seed investment led by Reddit cofounder Alexis Ohanian 's Seven Seven Six, with participation from Long Journey Ventures, Neo, First Harmonic, and Afore Capital, as well as angel investors from Google, OpenAI, and Expo. "For me, it was the democratization of coding and app creation that made Vibecode stand out," Ohanian told Business Insider in a statement. "Just describe your idea in plain language, right on your phone, and that's it. The mobile interface is a massive unlock in terms of accessibility, fun, and real-world use." Ansh Nanda, CEO of Vibecode and a former engineer at Bluesky, said that after watching AI coding take off last year with tools like Cursor, he was convinced this AI use case would only grow. "How do we bring this from technical people to the masses?" Nanda said he and one of his cofounders asked themselves at the time. Vibecode has eight employees, including Nanda and his two cofounders, AI content creator Riley Brown and Kehan Zhang. In June, Vibecode launched its iOS mobile app after testing a small beta through the spring. As of Wednesday, it's ranked the 12th most popular app in the "Developer Tools" category on the Apple App Store. The app lets users explain their vision for an app using plain language, and provides examples like "note-taking app" or "Wordle clone." Then, Vibecode starts, well, vibe coding. Up until this week, Vibecode was relying on Anthropic 's Claude model to develop apps. The startup has expanded its offerings to include multiple AI models, including OpenAI's new GPT-5, Kimi K2, and Qwen 3 Coder. After you describe the app you want to build, Vibecode starts building the code, which you can then tweak and update "as many times as you want" by prompting the AI chat, Nanda said. While it's free to start using Vibecode, sending more prompts and triggering updates for the app costs money. Vibecode has subscriptions from $20 to $200 a month. Nanda told BI that more than 40,000 apps have been made with Vibecode. He did not disclose the number of users Vibecode has. Apps as content in the AI era Some early creations by Vibecode include a clone of the running app Strava, but with the slight twist of tracking what shoes the person is wearing. There are also recipe tracking apps and other personal utility tools, like one that helps someone track how many alcoholic drinks they're consuming, per Nanda. "We're also seeing a bunch of users trying to build apps that they want to get onto the app store, either for their own business or for just starting a new business," Nanda said. With tools like Loveable, Replit, Cursor, and now Vibecode, making apps is only getting easier. If Instagram made everyone a photographer, and TikTok made us video stars, will AI make us all developers? "Apps are becoming something anyone can create and share as easily as a meme or a story, which means we're fully in the 'apps as content' era," Ohanian said. "As more people look to build, remix, and distribute quick-turn ideas, our investment aligns with the belief that the next billion-dollar platforms will be those that allow people to continually 'ship' creative output as easily as posting content online." But in the AI era, with ease also comes slop. Nanda said Vibecode's goal is to make quality apps, especially as it streamlines its tools for publishing apps. "We want to make sure that we're not just creating more apps in the app store," he said.
