We may have heard on more than one occasion the term “Vibe Coding”, which has become popular in social networks. It suggests a new way of “programming”, in which the programmer is driven by the AI's ability to create code. This is a major breakthrough in the area of application development, except that code generation can come to include a number of bugs that could create drastic security problems.
On a personal level a user might be determined to develop software primarily with AI code generation. This approach could change dramatically when we are presented with a scenario where there is a company behind it that could experience major security issues in the code, allowing access to databases or exposure of private keys, which would be extremely risky for the company.
It is clear that artificial intelligence is beginning to be our ally with respect to the way we work. In fact, we could assure that a process of adaptation is taking place right now as this technology molds itself to our lifelong tools. A clear example could be GitHub Copilot that works as a programming assistant, which has been trained with data from public repositories.
According to a 2023 survey conducted by a developer security firm Synk, an estimated 50% of organizations using AI-generated code encounter alarming security issues, either in isolation or on a recurring basis. As we had said earlier, experiencing problems of this nature could affect the security of the company, which places it in the possibility that the most sensitive information in the organization could be breached.
This was a great opportunity for the Endor Labs startup, so Varun Badhwar and Dimitri Stiliadis, co-founders of the company, felt they had to offer a solution to these increasingly in-demand problems. There was definitely a need to help engineers detect and address vulnerabilities in AI code.
Endor's platform itself allows code review and risk identification, but also offers recommendations that can be considered or applied automatically. To do this the company has an add-on that communicates with AI tools such as Cursor and GitHub Copilot, which allow code to be scanned in real time as the code is written, achieving problem detection.
Obtained from Endor Labs official site
The company had initially been created with the idea of helping companies protect open source dependencies, until this change in perspective came about as a result of an opportunity that needed to be taken. It had previously raised $70 million through a Series A round, with the goal of using it to expand a pipeline governance service for developers.
New financial information has recently transpired, in which Endor has announced the closing of a new Series B funding round of an impressive $93 million. Round led by DFJ Growth, with participation from firms such as Salesforce Ventures, Lightspeed Ventures Partners, Coatue, Dell Technologies Capital, Section 32, and Citi Ventures.
With this new funding in mind, Endor Labs plans that the total capital raised, which amounts to $163 million, will be used to expand the platform as well as to improve its services.
We cannot deny that this startup has grown tremendously. It is in a context in which it offers solutions to the most recognized clients in the world. In fact, among them are OpenAI, Rubrik, Peloton, Snowflake, Egnyte, and Dropbox, witnessing the protection of more than 5 million applications and the execution of more than 1 million scans per week.
Considering that generative AI is capable of building functional code, but not for that reason efficient or secure, it is more than enough reason for the existence of Endor Labs and its projection towards a service that offers a new security standard that more organizations should adopt to protect their systems in direct collaboration with developers and engineers. After all, this adaptation process involves work on both sides; a collaboration that makes it clear that human-machine is part of the future we are scaling.
- Main image edited in Canva (DreamLab AI).
- Information accessed via techcrunch.com.
- Translated to English with DeepL.