Blog

Understand ai-generated malware risk and learn how developers can detect malicious packages, stop supply chain attacks, and harden workflows

Endor Labs named a Representative Vendor for Software Supply Chain Security.

Malicious PyPI package durabletask 1.4.1-1.4.3 steals AWS, Azure, and GCP credentials on import. 417k monthly downloads affected.

Endor Labs and Chainguard Partner to Deliver End-to-End Software Supply Chain Security

Mini Shai-Hulud Returns: 42 Malicious npm Packages Fake Sigstore Badges in AntV Ecosystem Attack

Designing Agent Governance: A New Surface for AI Risk

When the Guardrails Slip: The Case for Hook-Based Governance Across Agent Platforms

Endor Labs joins the Wiz Integration Network (WIN), bringing reachability-backed SCA and AI SAST to Wiz for unified code-to-cloud risk context.

A technical explainer of the attack chain behind the May 11, 2026 TanStack compromise

Learn how hooks turn AI coding agents like Claude Code and Cursor into governed systems with deterministic policy, centralized audit, and defense in depth.

Introducing Package Firewall

AURI secures the code AI agents write. Now, in collaboration with Cursor and Google, it secures the agents themselves.

Shai-Hulud compromises the @tanstack ecosystem: 80+ packages compromised

Learn what Mythos is, how it found zero-day bugs, and why Mythos could reshape software security and vulnerability prioritization

Learn how secure AI workflows protect code, dependencies, and deployments with inline controls, policy enforcement, and reachability

Learn how to reduce ai risks with practical mitigation strategies for AI code, prompt injection, compliance, and scalable governance

Learn how to secure ai models in production with controls for prompt injection, model theft, malicious files, and inference attacks

Learn ai model security best practices for CISOs, from threat models and frameworks to governance and monitoring that reduce AI risk

Learn ai model risk assessment with a practical framework, key risk categories, and best practices for compliance and security

Learn how to assess vulnerability blast radius, understand BlastRADIUS, and reduce risk with reachability, segmentation, and fixes

Learn software distribution security basics, risks, and best practices to secure dependencies, containers, pipelines, and deployments

Learn what package integrity means in software, the top supply chain threats, and best practices to verify dependencies in CI/CD

Mini Shai-Hulud: npm Worm Hits SAP Developer Packages

OpenAI's newest model now holds the top security score on the Agent Security League through Cursor as the agent harness. Through Codex, it ties for third on security but trails on functional correctness.