Blog

Learn how to detect prompt injection vulnerabilities in GenAI applications and prevent attackers from exploiting LLM-powered workflows.

LLMs often recommend outdated or vulnerable open source packages—here’s why it happens, why it matters, and how AppSec and DevOps leaders can stay ahead.

How CWE-specific prompts cut LLM code vulnerabilities by more than half.

Secure AI-generated code at the source with a new integration for GitHub Copilot powered by the Endor Labs platform.

A CISO’s guide to analyzing and containing the security costs of AI-generated code

Endor Labs is now available on the Google Cloud Marketplace, enabling faster procurement and deployment of software supply chain security for GCP customers and partners.

Learn how to detect misconfigurations in Infrastructure as Code (IaC) files, preventing privilege escalation and unsafe defaults before they reach production.

Secure AI-generated code at the source with a new Cursor integration powered by the Endor Labs platform.

How a multi-step prompt technique can reduce vulnerabilities in AI-generated code

A step-by-step guide to testing Endor Labs SCA accuracy for C/C++ projects

CVE-2025-54313 tracks a supply chain attack on eslint-config-prettier, where four malicious versions of a popular npm library targeted Windows machines with a remote-code execution payload. Learn how it happened and how to stay safe.

The new FedRAMP RFC shifts the standard to require deep context into the reachability and exploitability of vulnerabilities. Here’s what you need to know.

A practical guide to embedding security requirements into AI coding workflows

Endor Outpost extends the full capabilities of the Endor Labs AppSec platform to Self-Hosted SCMs like Bitbucket Datacenter and GitLab Self-Managed.

Endor Labs and Oligo keep pipelines fast and secure with unified reachability, real-time threat blocking, and safe, automatic fixes.

Fixing Java deserialization vulnerabilities in Spring-Web is notoriously difficult, but Endor Labs offers an alternative with patches.

AI coding assistants make writing code a breeze, but they also contain security flaws. This free prompt library helps reduce vulnerabilities at the source, with more secure prompting practices and examples tailored to real-world use cases.

Hear how a CISO at an AI-first company is thinking about securing AI, and how AI should improve security programs.

Endor Labs Vulnerability Search helps you investigate CVEs with enriched metadata, call paths, and precise impact analysis—resolving conflicts across public feeds.

Learn what Application Security (AppSec) is, why it matters, and how to build a modern, scalable AppSec program across the SDLC.

How Mysten Labs builds secure and low-friction systems for blockchain by focusing on code ownership, usability, and AppSec strategy.

A new method for identifying OSS dependencies and vulnerabilities in C/C++ with greater accuracy and precision than legacy tools.

The critical SQL injection vulnerability in LlamaIndex shows how LLMs can be a backdoor into your vector store

A breakdown of DBIR, M-Trends, and DevSecOps reports and what they reveal about the future of AppSec in the age of AI.

Opengrep's improvements to rule load times resulted in 3.15x faster average scan times than Semgrep