Endor Labs launches free tool AURI after study finds only 10% of AI-generated code is secure
Summary
Endor Labs, an application security startup with over $208 million in venture funding, has launched AURI, a free platform designed to embed real-time security intelligence directly into AI coding tools. This release addresses a critical gap: while 90% of development teams use AI coding assistants, research indicates only 10% of AI-generated code is both functional and secure. AURI integrates with popular AI coding assistants like Cursor, Claude, and Augment via the Model Context Protocol (MCP). The platform's core differentiator is its "code context graph," which maps application components at a function level, performing full-stack reachability analysis to identify and prioritize actual vulnerabilities, reducing false positives by 80% to 95%. Endor Labs offers a free tier for individual developers that runs locally and an enterprise version with advanced features and flexible deployment options.
Key takeaway
For CTOs and VPs of Engineering evaluating AI coding assistant adoption, recognize that while these tools boost productivity, they introduce significant security risks. Your teams should implement independent, deterministic security solutions like AURI to validate AI-generated code, ensuring vulnerabilities are identified and remediated before deployment. This approach mitigates the risk of inheriting insecure patterns and reduces developer time lost to false positives.
Key insights
AI-generated code often lacks security, necessitating specialized tools for vulnerability detection and remediation.
Principles
- Security review must be independent of code generation.
- Vulnerability findings require reproducibility and verifiability.
Method
AURI uses a "code context graph" for deep, function-level mapping of code and dependencies, applying full-stack reachability analysis to pinpoint and prioritize actual vulnerabilities.
In practice
- Integrate AURI with AI coding assistants like Cursor or Claude.
- Utilize reachability analysis to reduce false positive security findings.
Topics
- AI Code Security
- Application Security
- Vulnerability Detection
- Program Analysis
- Software Supply Chain Security
Best for: CTO, VP of Engineering/Data, Director of AI/ML, Software Engineer, AI Security Engineer, MLOps Engineer
Related on AIssential
Editorial summary, takeaway, and curation by AIssential. Original article published by VentureBeat.