By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

AppSec was built to find problems. The Mythos era demands you fix them, fast.

Introducing AURI Agents and the AURI Agent Hub, pre-built, context-grounded AppSec agents that close the gap between finding and fixing, and put remediation on the same clock as the attacker.

Written by

Robert Haynes

Published on

June 17, 2026

Updated on

June 17, 2026

Topics

AI/ML

Developer Productivity

Open Source

Summarize with AI

Ask any AppSec team how the backlog is going and you'll hear a version of the same thing: there's more work than there are people to do it, and no budget nor extra personnel coming anytime soon. Findings pile up faster than anyone can triage them, every upgrade needs checking, every exception needs a human to reason through it, and the headcount to keep pace is never coming.

Detection has never been faster. Frontier models, researchers, and scanners now surface vulnerabilities at a rate that would have been unthinkable a few years ago. That’s supposed to be the good news, helping defenders stay ahead of attackers. The problem is what’s on the other side of the finding.

Exploitation got faster too. At Endor Labs, we’ve observed new CVEs going from disclosure to active exploitation in under 10 hours, before a team has even had a chance to triage it. Meanwhile, the work to actually fix a finding — confirm it, find the safe upgrade, open the PR, not break three other things — still moves at human speed. The backlog is just what that gap looks like when it piles up.

This is a structural gap. Historically, AppSec was built for a slower race where remediating vulnerabilities within 30-day SLAs was the frontier. The only way to close this gap today is moving the fix to the same speed as the find, which means handing remediation to agents with rich context.

The instinct to do that is already there: teams are pointing general-purpose coding agents at security findings right now. The instinct is right, and the limitation isn’t the agent. It’s that the agent is working blind. The context it needs already exists; it’s just sitting in your security platform where the agent can’t easily reach it. The work to get the information has already been done; now it needs to get to the right ‘people’.

Today we're fixing that, with AURI Agents.

What we're announcing

AURI Agents are pre-configured AI agents that perform specific security tasks, each one wired into Endor Labs' contextual data — reachability analysis, upgrade impact, the full finding and policy graph. They're free, open source, and they run inside the agent tools your developers already use.

There are two pieces to this announcement:

AURI Agents, the catalog of ready-to-run agents, ten of them at launch.
The Endor Labs Agent Kit, an open source GitHub repository containing the raw agent definitions and the tooling to build your own.

I'll take each in turn, but the short version is this: we've taken the context that makes Endor Labs useful to a human analyst and packaged it into agents that put that same context to work, accurately, cheaply, and on your own infrastructure.

There's a half-decent chance someone on your team has already pointed an AI coding agent at a security problem. Maybe they asked Claude Code to "fix this CVE," or told Cursor to "deal with these dependency warnings," or handed Codex a stack trace from a failed scan and said, "sort this out."

Why agents, and why now

"Endor Labs' agents have changed how we work. The AI SAST triage agent uses dataflow and context to help us prioritize and patch vulnerabilities in our code. And when something needs an exception, we can approve and apply it quickly within the workflow instead of filing a ticket. The result is that security keeps pace with how fast we ship instead of becoming the bottleneck."

- Staff Security Engineer, Global Digital Ad Platform

Here's the uncomfortable truth about the current state of agentic security tooling: how well a security product works for an AI agent is becoming just as important as how well it works for a human. Developers are delegating work to agents whether or not the tools are ready for it.

You can respond to that in one of two ways. You can expose your data through an API and hope the agents figure out how to use it well (they mostly won't, at least not efficiently). Or you can ship the agents yourself, pre-built, grounded in the right context, with the guardrails already in place.

We've gone with the second option. Endor Labs has always treated agents as first-class citizens, with a complete API, an MCP server, and the endorctl CLI. AURI Agents are the logical next step: instead of just handing agents the raw data, we hand them the expertise.

The payoff shows up in two places: Speed and efficiency. To prove the point, we’ve recently published a study showing that using expert Endor Labs agents perform the same tasks as an unaugmented agent 2.8 times faster and using 92% fewer tokens.

What's in the catalog

The catalog launches with twelve agents. Four of them handle the heaviest, most-requested workflows:

SCA Remediation takes an open dependency vulnerability, uses Endor Labs' reachability and upgrade-impact analysis to choose the safest fix, and opens a pull request, with the evidence to justify the change attached to the PR body.

AI SAST Triage reviews AI SAST findings, confirms true positives against the code at the exact commit SHA, generates patches for the confirmed ones, and routes the rest with a reason rather than a shrug. It also handles exception workflows: a developer can request an exception from a PR comment, and an AppSec reviewer can approve it straight into policy.

Probe Droid audits your scan coverage, finds the gaps, and prescribes exactly what to change — scan profiles, toolchains, package integrations, reachability setup — to get clean, complete scans.

Endor Troubleshooter turns a failed scan from a support ticket into a self-service fix, classifying the failure and returning ordered remediation steps.

Six more specialists round out the set: a Remediation Planner that previews safe fixes without opening PRs, Upgrade Impact Analysis, a Dependency Decision Helper for instant "should I add this package?" assessments, Package Risk Summary, a Repository Dependency Reviewer, and a Vulnerability Explainer that turns a CVE ID into a plain-language answer to "what does this mean for me, and what do I do about it?"

You can chain them together, and you can combine them with your own agents to build complete workflows.

Runs where your agents already live

There's no new runtime to adopt, and no model spend that lands on our bill. AURI Agents install into the tools your team already uses:

Host	Notes
Claude Code	Drop the agent into .claude/agents/
Claude Managed Agents	Create via the Anthropic Console or ant CLI
OpenAI Codex	Install as a Codex skill
Cursor, Gemini, Antigravity	Supported via the plugin distribution
Portable / runtime-agnostic	For teams that already have their own agent runtime

‍
Source control is covered for both GitHub (via the gh CLI) and GitLab (via glab).

The important part, and the part that tends to matter most to the security leaders I talk to, is where execution happens. The agents run on your infrastructure, with your LLM keys and your source-control credentials. Your code and secrets never cross into our boundary, and your token spend stays yours. Telemetry flows back to the Hub so you get central visibility, but the work itself stays on your side of the fence.

Built like security software, because it is

It would be a bit rich to ship agents that touch your code and dependencies without holding them to the same standard as the rest of our product. So we did.

Most agents in the catalog are read-only by default, they cannot edit files, open pull requests, dismiss findings, or write policy. The agents that can mutate state declare exactly what they're allowed to do, and require confirmation before they do it. Mutating remediation work happens against your own git provider under your own credentials, not against our backend.

As a fast follow-up. We will be adding agent attribution: agents will act with scoped credentials, so you can always answer the question "Was that Bob, or was that Bob's agent?" And every published artifact will be validated, checksummed, and shipped with provenance through an automated pipeline, so you know the agent you installed is the agent we built.

Don't see the agent you need? Build it.

The catalog covers the common cases, but every security team has a workflow that's a little bit their own. That's what the Endor Labs Agent Kit is for.

The Agent Kit is the open-source repository behind the whole thing, and it's not just a download directory; it's the workshop. Every agent we ship is defined as a Source Recipe: a readable YAML file plus plain-markdown instructions that declare what the agent does, which Endor data it can touch, whether it's allowed to change anything, and what evidence it has to produce. The kit's builder compiles each recipe into ready-to-install artifacts for every supported host. Write the agent once; run it in Claude Code, Codex, or your own runtime.

The part I'm most pleased with is that you don't actually have to learn the recipe format to build an agent. The repo ships a Create Endor Labs Agent skill. You install it into your coding agent, describe the workflow you want in plain English, and it walks the agent through authoring the recipe, the prompt, the eval cases, and the architecture diagram, then validates the whole thing against the same guardrail checks our own agents have to pass.

Once it's built, keep it private to your organization, or open a pull request and contribute it back to the catalog. We review incoming agents, and if they're good, they ship — at which point our build pipeline pushes them out to every supported host automatically.

Getting started

You can have an agent running against a real finding in a couple of minutes. The existing agents can be installed as plugins or extensions (depending on what terms your harness uses), just follow the instructions in the ai-plugins repo. If you want to install from the agent-kit repo, there are installation instructions for several popular coding harnesses, and installation is generally as simple as cloning the repo and copying some files to the relevant directory:

# Claude Code

mkdir -p .claude/agents

cp /path/to/endor-labs-agent-kit/claude-code/sca-remediation/sca-remediation.md \

  .claude/agents/sca-remediation.md

Then point it at your repository:

@agent-sca-remediation check this repository for P0 SCA findings I can start remediating

Authentication runs through your local endorctl, configuration, so if you're already an Endor Labs user, there's nothing new to set up.

Summary

AURI Agents put Endor Labs' context to work inside the AI tools your developers already use, remediating vulnerabilities, triaging SAST findings, unblocking scans, accurately, cheaply, and on your own infrastructure. The AURI Agent Hub gives you one place to find and manage them, and the open-source Endor Labs Agent Kit lets you adapt the agents we ship or build entirely new ones.

Now you and your teams won’t have to compromise on security, speed, or token budgets; AURI agents bring Endor Labs expertise to the agentic experience.

They're free for every Endor Labs customer, and they're available today. Grab the code from the Endor Labs Agent Kit on GitHub, install the predefined agents as a plugin, or request a demo and we'll walk you through it.