Endor Labs Launches AURI Free, Citing 10% Secure AI-Generated Code

Endor Labs, the application security startup backed by over $208 million in venture funding, today launched AURI, a new platform designed to embed real-time security intelligence directly into AI coding tools. This release comes as new research indicates a significant security gap: only 10% of AI-generated code is found to be both functional and secure.

AURI is immediately available free for individual developers, integrating natively with popular AI coding assistants like Cursor, Claude, and Augment through the Model Context Protocol (MCP). The company aims to address a critical challenge arising from the widespread adoption of AI in software development, where 90% of teams now leverage these tools.

The Urgent Need for Secure AI-Generated Code

The launch highlights a growing concern within the developer community. While AI coding models accelerate productivity, they are often trained on vast repositories of open-source code that include not only best practices but also known vulnerabilities and insecure patterns. Varun Badhwar, CEO of Endor Labs, explained that models, despite learning best practices, tend to replicate past security issues.

Traditional security scanning tools, designed for human-paced coding, struggle to keep up with the speed and volume of AI-generated code. This creates a feedback loop where AI tools rapidly produce code, much of it potentially insecure, overwhelming security teams and increasing the risk of new vulnerabilities.

AURI's Innovative Code Context Graph

Endor Labs distinguishes AURI through its "code context graph," a deep, function-level map tracing how an application's first-party code, open-source dependencies, container layers, and AI models interconnect. Unlike competitors that merely check imported libraries against vulnerability databases, AURI pinpoints the exact usage and context of components, identifying precise lines of code with vulnerabilities.

This approach, developed by a team including 13 PhDs specializing in program analysis, drastically reduces false positives. Badhwar cites an example where an application might only use 10 lines from a 100,000-line AWS SDK; AURI's full-stack reachability analysis ignores vulnerabilities in the 99,990 unused lines. This leads to an average 80% to 95% reduction in security findings for enterprise customers, saving significant developer productivity.

Freemium Strategy for Broad Adoption

To drive rapid adoption, AURI's core functionality is offered free to individual developers through an MCP server that integrates with IDEs like VS Code and Cursor. This free tier requires no sign-up or credit card and crucially, runs entirely on the developer's machine, ensuring code privacy by keeping all scanning local.

The enterprise version expands on this with features essential for large organizations, including full customization, policy configuration, role-based access control, and integration across CI/CD pipelines. This freemium model mirrors successful strategies from companies like GitHub and Atlassian, aiming to embed AURI where code is being written.

Championing Independent Security Review

Badhwar emphasizes the importance of independence in security review, particularly as AI model providers begin offering their own security tools. He argues that relying on the same tool to generate and review code poses a conflict of interest, advocating for separate, deterministic, and verifiable security solutions.

Endor Labs combines the reasoning capabilities of LLMs with deterministic tools, ensuring consistency and verifiability of findings. Beyond detection, AURI simulates upgrade paths and recommends remediation routes that avoid breaking changes, which can then be confidently executed by developers or AI agents.

Real-World Impact and Future Outlook

AURI has already demonstrated its effectiveness, notably identifying seven zero-day vulnerabilities in the popular agentic AI assistant OpenClaw in February 2026, six of which were subsequently patched. The company also actively tracks malware campaigns in ecosystems like NPM.

Well-capitalized with a $93 million Series B round closed in April 2025, Endor Labs serves major clients including OpenAI, Dropbox, Atlassian, Snowflake, and Robinhood. Its platform protects over 5 million applications and performs more than 1 million scans weekly, supporting compliance with frameworks like FedRAMP, NIST, and the European Cyber Resilience Act.

Badhwar remains optimistic about security tooling evolving alongside AI-driven development, drawing parallels to the industry's adaptation to cloud computing. He believes AI agents, given the right context, can solve long-standing security challenges by prioritizing fixes without human intervention.

FAQ

Q: What is AURI by Endor Labs? A: AURI is a free tool launched by Endor Labs that integrates directly into AI coding assistants to provide real-time security intelligence, helping developers identify and fix vulnerabilities in AI-generated code early in the development process.

Q: How does AURI differ from other application security tools? A: AURI utilizes a unique "code context graph" to perform full-stack reachability analysis. Instead of just flagging all known vulnerabilities in imported libraries, it traces exactly how and where components are used, reducing false positives by focusing on truly reachable and exploitable flaws.

Q: Is the free version of AURI secure and private for individual developers? A: Yes, the free version of AURI is designed with privacy in mind. It runs entirely on the developer's local machine, meaning all code scanning and analysis occurs locally, and no proprietary code is copied to Endor Labs' servers.