People.ai transforms security and compliance with Endor Labs
People.ai is the leading AI data platform for go-to-market teams. Since 2016, People.ai has been transforming how go-to-market teams improve sales effectiveness and win rates via industry-leading comprehensive data foundation and generative AI capabilities.
People.ai is the leading AI data platform for go-to-market teams. Since 2016, People.ai has been transforming how go-to-market teams improve sales effectiveness and win rates via industry-leading comprehensive data foundation and generative AI capabilities.
People.ai is the leading AI data platform for go-to-market teams. Since 2016, People.ai has been transforming how go-to-market teams improve sales effectiveness and win rates via industry-leading comprehensive data foundation and generative AI capabilities.
Key Results with Endor Labs:
- 95.7% reduction in false positives
- Security is shifted left
- Faster MTTR
- Enhanced compliance and customer trust
Endor Labs is a rising star in AppSec. They're helping us fix what's necessary by providing context, and context is king when you’re dealing with open source software. For example, now we can easily see where a high severity finding is actually low priority, or a medium severity finding is a must-fix.”
People.ai is the leading AI data platform for go-to-market teams. Since 2016, People.ai has been transforming how go-to-market teams improve sales effectiveness and win rates via industry-leading comprehensive data foundation and generative AI capabilities.
People.ai is the leading AI data platform for go-to-market teams. Since 2016, People.ai has been transforming how go-to-market teams improve sales effectiveness and win rates via industry-leading comprehensive data foundation and generative AI capabilities.
Application security is integral to the success of People.ai, and only becoming more important as the organization sought to unlock new business opportunities with a Microsoft 365 certification and following the new ISO 42001 standard. But they found their existing application security platform (Snyk) was not helping them achieve outcomes related to developer experience and compliance because of:
- Excessive False Positives and Manual Triage: The tool generated a large number of false positives because it couldn’t reliably understand whether the code was actually running, connected, or being used. The team (including security and software engineers) spent significant time manually triaging these findings, most of which turned out to be irrelevant because the dependencies weren’t used in their applications. This led to wasted effort on vulnerabilities that posed no actual risk.
- Impact on Developer Experience and Velocity: Developers experienced friction and disruptions to their workflow, with the tool often blocking Pull Requests (PRs) for issues that were later downgraded or found to be non-actionable. And because the tool couldn’t be trusted, there was frequent debate between developers and security about whether a vulnerability was really a risk.
- Limited Codebase and Language Coverage: The prior solution lacked the capability to scan 100% of their codebase because it didn’t offer full language support.
- Evolving Generative AI Risks: The rise of generative AI fundamentally reshaped their risk landscape, introducing new threats like "shadow AI" where employees might use unapproved AI tools. The incumbent tool wasn’t designed to handle these new types of risks or the increasing amount of code being generated by AI assistants.
People.ai’s security team ran a competitive evaluation to find an AppSec platform that could deliver on four key requirements:
- High Accuracy and Trust: They needed findings to be accurate and reliable so that they could stop manually triaging and use it to strategically block builds. To get there, the team wanted to see deep context on each finding. For example, the new tool had to understand if a library was actually running, connected, or being used rather than just being present in a package.
- Full Coverage and CI Integration: The platform had to support all their coding languages so they could achieve 100% scanning coverage of their code repositories. And because they care about automation and catching risk early, the tool had to integrate smoothly into the CI/CD pipeline.
- Modern, Flexible Architecture: They looked for a solution built with modern, generative AI architectures in mind, one that was flexible enough to adapt to their all-cloud, all-SaaS, geographically distributed environment and future pivots.
- Strong Partnership and Customer Success: PeopleAI prioritized vendors who were receptive to feedback, leaned into their vision for scaling, and were willing to partner on feature development.
Why Endor Labs Won
People.ai chose Endor Labs’ entire suite of application security tools because:
- Reachability-Based Prioritization: Endor Labs showed which vulnerabilities were actually exploitable in PeopleAI’s code, reducing false positives dramatically.
- Developer-Centric Approach: Designed for modern workflows it has intuitive APIs, easy CI integration, and actionable reporting.
- Modern Architecture and AI Security Leadership: From embedding scanning within AI code assistants to using agents to parse PRs, Endor Labs is showing what it means to build an AI AppSec platform.
Strong Partnership and Responsiveness: PeopleAI was impressed by the ease of implementing the platform, the outstanding customer success team, and the organization’s readiness to act upon feedback.
People.ai transformed their application security program and are achieving their goals related to developer experience and compliance.
95.7% Reduction in False Positives
PeopleAI experienced a dramatic reduction in non-actionable findings due to Endor Labs' function-level reachability analysis. Where the previous tool generated 100s of alerts without context, Endor Labs can identify just the handful needing to be fixed. With a better understanding of where to focus, they no longer contend with a mountain of findings to triage.
“Endor Labs is a rising star in AppSec. They're helping us fix what's necessary by providing context, and context is king when you’re dealing with open source software. For example, now we can easily see where a high severity finding is actually low priority, or a medium severity finding is a must-fix.”
- James Wedewer, Director of Information Security
Security is Shifted Left
PeopleAI is now able to block multiple types of risk from entering the codebase, and they’re able to do this by integrating into developer workflows. Critical, reachable findings are blocked from entering production without concern of false positives. And when developers select new dependencies, automation with Endor Labs warns or blocks selections based on PeopleAI policy decisions.
“Endor Labs shows us the exact line of code that has the issue, and provides the context to show it’s exploitable. This has reduced the back-and-forth between security and developers, so we can focus on fixing.”
- Naveen Ede, Senior Manager Platform Engineering
Faster Mean Time to Remediation (MTTR)
Fixing issues earlier in the CI/CD pipeline is less time-consuming and costly because it avoids the burden of testing, deploying and validating later in the cycle. And Endor Labs’ upgrade impact analysis informs developers about how a given upgrade might impact application performance (e.g. breaking changes), eliminating time-consuming research or trial-and-error. When a new risk is discovered in production, Endor Labs detects repository ownership so remediation can be assigned automatically. Together, these capabilities have reduced PeopleAI’s MTTR to a standard they can be proud of.
Enhanced Compliance and Customer Trust
Endor Labs helped PeopleAI achieve the strenuous Microsoft 365 certification, showcasing their adherence to best practices and strengthening customer confidence. It’s now also easier to meet Meeting Service Level Agreements (SLAs) required by certifications and customers. And as PeopleAI implements ISO 42001 best practices, they’ll be well-positioned to satisfy their Fortune 100 customers that care deeply about how AI is used within their products.
“As a society, we are going to generate more and more code. I am confident that Endor Labs is the AppSec platform of choice if you want to be on the cutting edge of where software development is going.”
- Aman Sirohi, SVP - Chief Security Officer & Platform
