Welcome, Endor Labs!
Application security for the AI era.
April 24, 2025
- CEO: Varun Badhwar
- Sector: Cybersecurity
- Location: Palo Alto, CA
The Opportunity
AI coding tools and open source software have dramatically increased the number of vulnerability alerts developers must deal with. Research finds that over 62% of AI-generated code contains vulnerabilities, and AI-generated code is set to comprise the vast majority of code written in the coming years. Security teams waste countless hours sorting through this mass of alerts — often missing the real threats buried in the chaos.
Existing application security vendors have helped uplevel the general posture, but can’t find a way to keep up with the rapid changes of modern software development. Developers are still struggling to filter signal from the noise due to excessive false positives, forcing them to make “gut” decisions on which vulnerabilities deserve attention. This inadequacy translates to hundreds of thousands of alerts with little guidance on which handful actually pose real risk to applications.
The industry is ripe for a transformation – from an endless cycle of vulnerability whack-a-mole to a comprehensive approach that intelligently and methodically identifies the vulnerabilities that matter. We’re excited by the opportunity to back a market-leading application security platform driving a much needed change in this industry.
The Solution
Endor Labs offers a transformative solution with its proprietary “function call graph analysis.” Rather than creating excessive alerts by flagging every library with potential vulnerabilities, Endor’s call graph technology traces data paths through function calls to determine if code actually exposes the vulnerability. This innovative approach intelligently identifies only the vulnerabilities that contain a genuine exploit path, effectively reducing noise by 92% on average and allowing security teams and developers to focus on truly critical risks.
What’s more, Endor’s strong integration with advanced build systems like Bazel makes it particularly appealing to engineering organizations increasingly moving to monorepo-based architectures.
Endor has leveraged its proprietary reachability analysis as the underpinning to build a comprehensive platform that unites fragmented point solutions under one roof. Their vision is to deliver a unified suite that consolidates software composition analysis for third-party code (SCA), software application security testing (SAST) for first-party code, software bill of materials generation (SBOM), secrets scanning, container scanning, CI/CD security, and AI code security.
In an era defined by vulnerable AI-generated code, Endor will offer comprehensive visibility across the entire CI/CD pipeline and codebase to pinpoint the most critical vulnerabilities along with paths to remediate and patch them.
Endor’s panoptic platform is powered by one of the richest vulnerability datasets in the industry, cultivated by Endor’s in-house research team. Over the past 3 years, these program analysis experts have analyzed over 4.5 million open source projects and AI models, built call graphs to analyze billions of functions in these codebases, and annotated exact lines with known vulnerabilities. This has all fed the Endor platform with unique context – one which AI agents can leverage to multiply the productivity of application security teams.
Every pull request can be reviewed by Endor’s AI agents to identify changes to an application’s security design — a capability that’s especially crucial for detecting risks introduced by AI coding assistants that traditional SAST tools can’t detect.
Soon all Endor Labs customers will have a direct plugin to Cursor and other code generation tools, allowing them to scan the AI code, propose fixes, and automate remediations long before code ever hits production.
Why We’re Backing Endor Labs
Endor isn’t just improving application security — it has fundamentally reimagined it for the AI age. As more and more code is written by AI, Endor is the only platform that currently exists that can look past rules and patterns in code and understand it from the context of an engineer, systems architect, and security reviewer — and then rationalize what’s wrong, determine how it can be fixed, and potentially apply the fix. If we assume AI tools will rapidly increase the speed of writing, reviewing, and pushing code to production, enterprises will need Endor to help enable a more proactive and agentic approach to application security.
Endor’s platform is already delivering extraordinary results for some of the world’s most sophisticated organizations. Leading companies including OpenAI, Rubrik, and Dropbox are turning to Endor Labs to unify and transform their approach to application security. All of these customers report substantial reductions in false positives and incredibly efficient prioritization of the security issues that matter to them.
We believe Endor Labs is on the path to becoming the default application security platform for modern enterprises, fundamentally changing how engineering and security teams secure their software supply chain in the age of AI. This path is being blazed by an impressive team with decades of experience in cybersecurity building startups, innovating on products, and scaling commercial operations globally. Co-founders Varun Badhwar (CEO) and Dimitri Stiliadis (CTO) previously built and led Prisma Cloud at Palo Alto Networks – scaling one of the company’s flagship products to hundreds of millions in revenue. Both have also enjoyed numerous entrepreneurial successes, including Varun with RedLock (the foundation of Prisma Cloud) and CipherCloud, and Dimitri with Aporeto and Nuage Networks. At Endor, Varun and Dimitri have assembled an elite team with decades of deep research expertise in software supply chain security, fortifying Endor’s core intellectual property. The team’s deep technical bench and combined experience building security platforms at scale makes them uniquely qualified to tackle a crucial problem in cybersecurity today.
What’s Ahead?
Endor has successfully solved one of the most persistent, longstanding challenges in cybersecurity: prioritizing what actually matters. In a world increasingly driven by AI-generated code and complex software supply chains, Endor’s ability to cut through the noise and identify exploitable vulnerabilities is mission-critical.
We’re thrilled to formalize our partnership with Varun, Dimitri, and this incredible team and invest in their $93M Series B alongside DFJ Growth, Lightspeed, Coatue, Dell Technologies Capital, and others.
Welcome to the Salesforce Ventures family, Endor Labs!
