Endor Labs’ 2025 State of Dependency Management report is live!
-49% of dependencies imported by AI agents had known vulns.
-34% didn’t exist at all.
-Only 1 in 5 was safe.
www.endorlabs.com/lp/state-of-...

#MCP #AIAgents #DMR2025

🔔 Update on the ongoing "Shai-Hulud" malware campaign

The Endor Labs security research team has identified more than 550+ packages and versions affected by the ongoing "Shai-Hulud" software supply chain attack targeting the npm registry.
www.endorlabs.com/learn/npm-ma...

AI is changing how software gets built. Today, we’re changing how it gets secured with the expansion of our application security platform and a $93M Series B to accelerate what we’re building.

More here: bit.ly/42DqUmB

#AppSec #SeriesB #EndorLabs #DevSecOps #Cybersecurity

Developers are moving faster than ever with tools like GitHub Copilot.

The result?
62% of AI-generated code has flaws
Nearly 30% contains known security weaknesses

Next week, we’re announcing a new way for AppSec teams to understand what’s changing and why it matters.

#AppSec #AI #LLM #DevSecOps

OWASP OSS Risk 2: Explore the compromise of legitimate open-source packages, with an in-depth case study of the tj-actions/changed-files GitHub Action supply chain attack.

www.endorlabs.com/learn/owasp-...

#OSSRisk #OWASPOSSRisk #tjactions

Attackers compromised tj-actions/changed-files, used by 23,000+ repos, injecting malicious code to steal CI/CD secrets.

What you need to know and how to mitigate:
www.endorlabs.com/learn/github...

Less than 9.5% of vulnerabilities are actually exploitable, but FedRAMP ConMon requires fixing everything.

With Endor Labs, you can:
- Prove false positives to your 3PAO
- Correlate SCA & container scans
- Patch vulnerabilities 6.2x faster with Endor Patches

www.endorlabs.com/landing-page...

The latest CISO guide from The Hacker News makes it clear - EU AI Act, ISO 42001, and NIST AI RMF all require it.

But inventory is just the start. You also need to enforce AI policies. Endor Labs can help you there.

About CLEAR framework:
thehackernews.com/2025/02/how-...

#AI #AppSec #DevSecOps

Endor Labs ❤️ GitHub

Context switching is a productivity killer. Developers live on GitHub, so #AppSec should too.

With Endor Labs Reachability-based SCA now integrated into GHAS, teams can get best-in-class application security, all in one place.
github.blog/security/fro...

DeepSeek R1 is the latest open source AI model to generate a lot of buzz. Developers are trying it out, and AppSec teams may be wondering about risks.

Endor Labs can give AppSec teams data and tools to make and enforce decisions about acceptable AI risk from DeepSeek R1.

#DeepSeek #AIModels #SCA

On Dec 13, Semgrep's license changes limited access to key security tools and community rules. Enter Opengrep: a fully open source, drop-in replacement backed by 10+ security companies.

Key benefits: no paywalls, community rules accessible, foundation governance, and easy migration!

Curious to know—how often do AppSec and CloudSec work together? Share your thoughts in the comments!

a) Often, we're the same team!
b) Sometimes, depending on work
c) Lol, who?

Big news! 🎉 Microsoft has natively integrated our advanced SCA within Defender for Cloud. Our integration is in Public Preview and available to try now!
www.endorlabs.com/learn/micros...