Endor Labs Launches AURI Free, Citing 10% Secure AI-Generated Code
Endor Labs, the application security startup backed by over $208 million in venture funding, today launched AURI, a new platform designed to embed real-time security intelligence directly into AI coding tools. This

Endor Labs, the application security startup backed by over $208 million in venture funding, today launched AURI, a new platform designed to embed real-time security intelligence directly into AI coding tools. This release comes as new research indicates a significant security gap: only 10% of AI-generated code is found to be both functional and secure.
AURI is immediately available free for individual developers, integrating natively with popular AI coding assistants like Cursor, Claude, and Augment through the Model Context Protocol (MCP). The company aims to address a critical challenge arising from the widespread adoption of AI in software development, where 90% of teams now leverage these tools.
The Urgent Need for Secure AI-Generated Code
The launch highlights a growing concern within the developer community. While AI coding models accelerate productivity, they are often trained on vast repositories of open-source code that include not only best practices but also known vulnerabilities and insecure patterns. Varun Badhwar, CEO of Endor Labs, explained that models, despite learning best practices, tend to replicate past security issues.
Traditional security scanning tools, designed for human-paced coding, struggle to keep up with the speed and volume of AI-generated code. This creates a feedback loop where AI tools rapidly produce code, much of it potentially insecure, overwhelming security teams and increasing the risk of new vulnerabilities.
AURI's Innovative Code Context Graph
Endor Labs distinguishes AURI through its "code context graph," a deep, function-level map tracing how an application's first-party code, open-source dependencies, container layers, and AI models interconnect. Unlike competitors that merely check imported libraries against vulnerability databases, AURI pinpoints the exact usage and context of components, identifying precise lines of code with vulnerabilities.
This approach, developed by a team including 13 PhDs specializing in program analysis, drastically reduces false positives. Badhwar cites an example where an application might only use 10 lines from a 100,000-line AWS SDK; AURI's full-stack reachability analysis ignores vulnerabilities in the 99,990 unused lines. This leads to an average 80% to 95% reduction in security findings for enterprise customers, saving significant developer productivity.
Freemium Strategy for Broad Adoption
To drive rapid adoption, AURI's core functionality is offered free to individual developers through an MCP server that integrates with IDEs like VS Code and Cursor. This free tier requires no sign-up or credit card and crucially, runs entirely on the developer's machine, ensuring code privacy by keeping all scanning local.
The enterprise version expands on this with features essential for large organizations, including full customization, policy configuration, role-based access control, and integration across CI/CD pipelines. This freemium model mirrors successful strategies from companies like GitHub and Atlassian, aiming to embed AURI where code is being written.
Championing Independent Security Review
Badhwar emphasizes the importance of independence in security review, particularly as AI model providers begin offering their own security tools. He argues that relying on the same tool to generate and review code poses a conflict of interest, advocating for separate, deterministic, and verifiable security solutions.
Endor Labs combines the reasoning capabilities of LLMs with deterministic tools, ensuring consistency and verifiability of findings. Beyond detection, AURI simulates upgrade paths and recommends remediation routes that avoid breaking changes, which can then be confidently executed by developers or AI agents.
Real-World Impact and Future Outlook
AURI has already demonstrated its effectiveness, notably identifying seven zero-day vulnerabilities in the popular agentic AI assistant OpenClaw in February 2026, six of which were subsequently patched. The company also actively tracks malware campaigns in ecosystems like NPM.
Well-capitalized with a $93 million Series B round closed in April 2025, Endor Labs serves major clients including OpenAI, Dropbox, Atlassian, Snowflake, and Robinhood. Its platform protects over 5 million applications and performs more than 1 million scans weekly, supporting compliance with frameworks like FedRAMP, NIST, and the European Cyber Resilience Act.
Badhwar remains optimistic about security tooling evolving alongside AI-driven development, drawing parallels to the industry's adaptation to cloud computing. He believes AI agents, given the right context, can solve long-standing security challenges by prioritizing fixes without human intervention.
FAQ
Q: What is AURI by Endor Labs? A: AURI is a free tool launched by Endor Labs that integrates directly into AI coding assistants to provide real-time security intelligence, helping developers identify and fix vulnerabilities in AI-generated code early in the development process.
Q: How does AURI differ from other application security tools? A: AURI utilizes a unique "code context graph" to perform full-stack reachability analysis. Instead of just flagging all known vulnerabilities in imported libraries, it traces exactly how and where components are used, reducing false positives by focusing on truly reachable and exploitable flaws.
Q: Is the free version of AURI secure and private for individual developers? A: Yes, the free version of AURI is designed with privacy in mind. It runs entirely on the developer's local machine, meaning all code scanning and analysis occurs locally, and no proprietary code is copied to Endor Labs' servers.
Related articles
Uber’s Robotaxi Lobbying Effort Pits It Against Waymo in DC Battle
Uber and Waymo are clashing over a proposed D.C. robotaxi bill, with Uber pushing for a hybrid model that includes human drivers on ride-hailing platforms, while Waymo backs direct driverless deployment. This lobbying battle highlights fundamentally different visions for the future of autonomous transportation and could set a national precedent.
Augmodo Secures $21M to Propel Spatial AI Beyond Retail to Physical
Seattle-based startup Augmodo has successfully closed a $21 million funding round, boosting its valuation to $350 million. This significant investment is set to accelerate the company’s expansion of its spatial AI
A Leak of San Francisco Police Drone Footage Exposes Urban
Hours of SFPD drone footage from a Skydio platform have leaked, revealing extensive aerial surveillance over San Francisco. This exposure highlights how broadly police are monitoring the city and the critical risks of sensitive data spilling online, raising significant privacy and security concerns.
NHTSA Issues Robotaxi Ultimatum Over Emergency Interference
NHTSA has issued a stark warning to autonomous vehicle developers, demanding immediate solutions to prevent interference with first responders. This federal directive follows recent high-profile incidents involving Waymo robotaxis in San Francisco and escalating tensions between major industry players like Uber and Waymo. The ultimatum marks a critical juncture for the burgeoning robotaxi sector.
DeepSeek's 75% Price Cut: A Glimmer of Hope Dimmed by '100x Problem
DeepSeek's recent 75% price reduction for its V4-Pro model, a move that should have been unequivocally celebrated by the enterprise AI sector, is instead revealing a critical flaw in the economic model of AI agent
regional: Etzioni on AI: Who disagrees with you about AI? Here’s what
Oren Etzioni's latest analysis reveals stark divisions in AI perception across countries, genders, ages, professions, and political affiliations. Trust in AI is highest in growing economies and among developers, while caution or fear dominates in mature economies and among those threatened by job displacement.






