Endor Labs Secures $93M to Enhance AI Code Protection Platform

Endor Labs, a finalist in the RSA Conference’s Innovation Sandbox contest, has secured $93 million in funding aimed at enhancing its capabilities in AI governance and code security, building on its foundation in application security.

See Also: OnDemand | AI in the Spotlight: Exploring the Future of AppSec Evolution

With the Series B funding, Endor Labs plans to focus on securing code produced by AI tools. According to co-founder and CEO Varun Badhwar, the company’s infrastructure, developed over years of securing open-source code, positions it to introduce AI security checks directly into developer tools like Cursor, addressing unique challenges associated with AI-generated code.

Badhwar emphasized that the founders’ history of entrepreneurial success in the cloud security domain has attracted significant investor interest, a situation he describes as a “game of chicken” due to the high demand for their offering.

Founded in 2021 and currently employing 145 individuals, Endor Labs has been under Badhwar’s leadership since its inception. His track record includes scaling Palo Alto Networks’ Prisma Cloud business to $300 million in annual recurring revenue. The recent funding follows a $70 million Series A round led by Lightspeed and Coatue, completed 20 months earlier.

Transitioning from Vulnerability Management to AI Governance

This latest funding round, led by DFJ Growth, is notable for its backing of firms like OpenAI and xAI. The firm plans to utilize the capital to scale its operations amidst a generally cautious market landscape. Badhwar noted that Endor Labs has attracted talent with exemplary credentials in program analysis, application security, and AI, with a third of its engineering team holding PhDs in these fields. This ensures that they maintain a high caliber of expertise within their talent pool.

As large language models increasingly contribute to enterprise code, the associated security risks are profound, particularly because these models are often trained on open-source software that may harbor vulnerabilities. Endor has developed proprietary databases that have identified these vulnerabilities, enabling the firm to function as an intelligent intermediary between AI-generated code and its deployment in production settings.

Badhwar stated that up to 90% of code in modern enterprises is derived from open-source, a fact that underlines their extensive domain knowledge in this area. The company has harnessed this expertise to build tools that provide precise insights into customer software development practices.

Distinguishing Endor Labs in the Competitive Landscape

Endor Labs competes with companies like Snyk and Checkmarx, yet Badhwar asserts that the company’s deep integration into the developer workflow sets it apart. Endor’s focus on securing both human-generated and AI-generated code targets critical unaddressed issues in enterprise cybersecurity. Badhwar mentioned that their solution encompasses a range of concerns including vulnerabilities and malicious code, positioning Endor as a comprehensive platform for secure software development.

Target clients span multiple industries, including software, financial services, and insurance, catering to organizations of various sizes. The platform has drawn initial interest from application security teams but is increasingly appealing to platform engineering teams and CTO organizations in light of its potential to enhance developer productivity through automated vulnerability management.

Badhwar highlighted the positive indicators of Endor’s growth, noting a net recurring revenue (NRR) rate of 166%, while actively tracking metrics essential for building a business sustainable enough to pursue an IPO. He emphasized the need for efficiency in customer acquisition and gross margins as fundamental components of their long-term strategy.