Endor Labs unveils AURI to secure AI-driven coding
Endor Labs has launched AURI, a security intelligence platform for agent-driven software development. A free developer tier is available via the Model Context Protocol (MCP), a command line interface, and integrations with tools including VS Code, Cursor, and Windsurf.
AURI targets teams using AI coding assistants and autonomous agents for code generation and maintenance. It brings security checks into development workflows, rather than relying solely on post-development scanning.
The platform combines agent-based reasoning with static analysis, running assessments across first-party code, open-source dependencies, and container images. It also draws on more than 150 risk signals, according to Endor Labs.
Endor Labs positions AURI as a layer alongside AI coding tools, providing security and integrity checks for code produced by different agents and assistants.
"Every AI coding agent faces the same blind spot: it can generate code, but it can't see your full application context - how your code, dependencies, containers, and services actually connect," said Varun Badhwar, CEO and Co-Founder of Endor Labs.
Badhwar said AURI moves away from security gates and alerts toward continuous intelligence during software development.
"With AURI, we're seizing a once-in-a-generation opportunity to shift security down into the SDLC, not as gates or alerts, but as intelligence at every step. The best engineering and security teams shouldn't have to compromise between speed and safety, and now they don't have to," he said.
Market shift
Security tooling has been adapting to changes in developer practices, particularly the use of AI for code generation and review. Endor Labs cited internal figures pointing to widespread adoption of AI coding assistants, along with its view of the quality and security outcomes that follow.
IDC Research Manager for DevSecOps and Software Supply Chain Security Katie Norton linked AURI to broader changes in the application security market.
"The application security market is undergoing a structural shift in how controls are implemented, embedding them directly into code generation, review, and maintenance workflows rather than relying primarily on post-development scanning," Norton said.
She added that AURI reflects how teams are adopting AI-assisted workflows. "Endor Labs' agentic approach with AURI aligns with this evolution, integrating security as an independent, verifiable, and reproducible layer within the AI-driven software development lifecycle," she said.
Ramin Sayar, Venture Partner at DFJ Growth and former CEO of Sumo Logic, said these development changes require new security patterns.
Sayar said, "AI is driving a structural shift in software development, and it requires a fundamentally new security architecture. As development becomes agent-driven, security must be embedded intelligence, not a downstream gate. With AURI, Endor Labs is defining the security control plane for AI native software, combining deep program analysis with AI reasoning to give developers real-time confidence."
How it works
AURI aims to close visibility gaps that arise when assistants and agents generate code in pieces. Endor Labs says it unifies information about code, dependencies, containers, and AI models in a single view across the development lifecycle.
One feature is full-stack reachability analysis, which traces data flow across first-party code, dependencies, and container layers. It flags vulnerabilities that are reachable in a running application, rather than producing long lists that require manual filtering.
AURI also includes multi-file call-graph and dataflow analysis. Endor Labs says these methods help detect business logic flaws that may not show up in simpler pattern-matching checks.
The platform includes ecosystem monitoring for open-source projects and AI models, designed to identify risky or malicious dependencies before they enter a codebase.
Another component is agent orchestration, where multiple specialised agents collaborate on detection, triage, and remediation. Endor Labs says the goal is to reduce the workload for security teams supporting large numbers of developers and repositories.
"This isn't about replacing security teams with AI," said Amod Gupta, VP of Product & Design at Endor Labs. "AURI gives AppSec professionals the leverage to focus on high-value work - reducing false positives, accelerating remediation, and scaling security across hundreds of developers. It turns security from a bottleneck into a competitive advantage, enabling organizations to move fast and safely with AI-generated code."
Developer access
AURI's free developer tier is delivered through an MCP server, alongside CLI access and integrations in popular editors. Developers can install it in IDEs including Cursor and VS Code, and connect it to AI coding assistants and autonomous agents, according to Endor Labs.
Organisations can also extend AURI across CI/CD pipelines for broader coverage and consistency across workflows, including review and deployment processes.
Early user feedback highlighted reachability and prioritisation.
"Over 97% of vulnerabilities flagged by our previous tool weren't reachable in our application," said Travis McPeak, Security at Cursor. "AURI by Endor Labs shows the few vulnerabilities that are impactful, so we patch quickly, focusing on what matters."
AURI is also being positioned for teams building agent-based development tools. Joe Pelletier, Head of Product at OpenHands, said security intelligence needs to be built into those workflows.
"The future of software development is autonomous agents that handle the everyday toil of code reviews, test coverage, dependency upgrades, and production issues so engineers can focus on inner-loop work. But that only scales if security is built into how those agents operate, not layered on as an afterthought," he said.
"AURI gives our agents the security intelligence to ship safe code by default, without adding friction to the workflow," Pelletier said.