Endor Labs Launches AURI Free, Citing 10% Secure AI-Generated Code
Endor Labs, the application security startup backed by over $208 million in venture funding, today launched AURI, a new platform designed to embed real-time security intelligence directly into AI coding tools. This

Endor Labs, the application security startup backed by over $208 million in venture funding, today launched AURI, a new platform designed to embed real-time security intelligence directly into AI coding tools. This release comes as new research indicates a significant security gap: only 10% of AI-generated code is found to be both functional and secure.
AURI is immediately available free for individual developers, integrating natively with popular AI coding assistants like Cursor, Claude, and Augment through the Model Context Protocol (MCP). The company aims to address a critical challenge arising from the widespread adoption of AI in software development, where 90% of teams now leverage these tools.
The Urgent Need for Secure AI-Generated Code
The launch highlights a growing concern within the developer community. While AI coding models accelerate productivity, they are often trained on vast repositories of open-source code that include not only best practices but also known vulnerabilities and insecure patterns. Varun Badhwar, CEO of Endor Labs, explained that models, despite learning best practices, tend to replicate past security issues.
Traditional security scanning tools, designed for human-paced coding, struggle to keep up with the speed and volume of AI-generated code. This creates a feedback loop where AI tools rapidly produce code, much of it potentially insecure, overwhelming security teams and increasing the risk of new vulnerabilities.
AURI's Innovative Code Context Graph
Endor Labs distinguishes AURI through its "code context graph," a deep, function-level map tracing how an application's first-party code, open-source dependencies, container layers, and AI models interconnect. Unlike competitors that merely check imported libraries against vulnerability databases, AURI pinpoints the exact usage and context of components, identifying precise lines of code with vulnerabilities.
This approach, developed by a team including 13 PhDs specializing in program analysis, drastically reduces false positives. Badhwar cites an example where an application might only use 10 lines from a 100,000-line AWS SDK; AURI's full-stack reachability analysis ignores vulnerabilities in the 99,990 unused lines. This leads to an average 80% to 95% reduction in security findings for enterprise customers, saving significant developer productivity.
Freemium Strategy for Broad Adoption
To drive rapid adoption, AURI's core functionality is offered free to individual developers through an MCP server that integrates with IDEs like VS Code and Cursor. This free tier requires no sign-up or credit card and crucially, runs entirely on the developer's machine, ensuring code privacy by keeping all scanning local.
The enterprise version expands on this with features essential for large organizations, including full customization, policy configuration, role-based access control, and integration across CI/CD pipelines. This freemium model mirrors successful strategies from companies like GitHub and Atlassian, aiming to embed AURI where code is being written.
Championing Independent Security Review
Badhwar emphasizes the importance of independence in security review, particularly as AI model providers begin offering their own security tools. He argues that relying on the same tool to generate and review code poses a conflict of interest, advocating for separate, deterministic, and verifiable security solutions.
Endor Labs combines the reasoning capabilities of LLMs with deterministic tools, ensuring consistency and verifiability of findings. Beyond detection, AURI simulates upgrade paths and recommends remediation routes that avoid breaking changes, which can then be confidently executed by developers or AI agents.
Real-World Impact and Future Outlook
AURI has already demonstrated its effectiveness, notably identifying seven zero-day vulnerabilities in the popular agentic AI assistant OpenClaw in February 2026, six of which were subsequently patched. The company also actively tracks malware campaigns in ecosystems like NPM.
Well-capitalized with a $93 million Series B round closed in April 2025, Endor Labs serves major clients including OpenAI, Dropbox, Atlassian, Snowflake, and Robinhood. Its platform protects over 5 million applications and performs more than 1 million scans weekly, supporting compliance with frameworks like FedRAMP, NIST, and the European Cyber Resilience Act.
Badhwar remains optimistic about security tooling evolving alongside AI-driven development, drawing parallels to the industry's adaptation to cloud computing. He believes AI agents, given the right context, can solve long-standing security challenges by prioritizing fixes without human intervention.
FAQ
Q: What is AURI by Endor Labs? A: AURI is a free tool launched by Endor Labs that integrates directly into AI coding assistants to provide real-time security intelligence, helping developers identify and fix vulnerabilities in AI-generated code early in the development process.
Q: How does AURI differ from other application security tools? A: AURI utilizes a unique "code context graph" to perform full-stack reachability analysis. Instead of just flagging all known vulnerabilities in imported libraries, it traces exactly how and where components are used, reducing false positives by focusing on truly reachable and exploitable flaws.
Q: Is the free version of AURI secure and private for individual developers? A: Yes, the free version of AURI is designed with privacy in mind. It runs entirely on the developer's local machine, meaning all code scanning and analysis occurs locally, and no proprietary code is copied to Endor Labs' servers.
Related articles
Neil Rimer: AI Wealth Must Be Redistributed, Voluntarily or Not
Top VC Predicts Inevitable Wealth Redistribution in AI Boom Neil Rimer, co-founder of the highly successful venture capital firm Index Ventures, has made a striking prediction: the unprecedented wealth generated by
Capital One Releases VulnHunter: Open-Source AI for Proactive Security
Capital One has launched VulnHunter, an open-source AI tool designed to identify and fix software vulnerabilities proactively. This agentic AI scans source code using an "attacker-first" approach and a "falsification engine" to minimize false positives, providing targeted code fixes. The move reflects Capital One's commitment to collaborative defense against rising AI threats, especially after its significant 2019 data breach.
Pentagon Halts 155 Wind Projects in 24 States Over Drone Fears
The Pentagon has frozen permitting for 155 wind projects across 24 states for nearly a year, citing concerns that drones can hide within wind farms. This impacts 44 gigawatts of capacity and has cost developers $2 billion. The wind industry claims the freeze is politically motivated and has filed a lawsuit.
Apple Slaps OpenAI with Trade Secrets Lawsuit Amid IPO Rumors
Apple has launched a significant trade secrets lawsuit against OpenAI, alleging a "pattern of misconduct" that implicates OpenAI's chief hardware officer and includes over 400 former Apple employees. Filed last Friday,
ASML Low-NA EUV Pricing: Value Capture or Cost Burden
The Industry Reacts: ASML's EUV Pricing Shift Verdict: ASML’s strategic move to broaden its value-based pricing for Low-NA EUV tools, looking beyond mere wafer throughput, marks a significant shift in the semiconductor
in-depth: Chewy Promo Codes: $20 Off July 2026: coupons — Key Details
Pet owners can find substantial savings at Chewy in July 2026. New customers get $20 off first orders (code WELCOME) and free shipping. Existing users benefit from exclusive deals, Autoship discounts, and a Chewy+ membership for ongoing perks and rewards.






