Introducing the AI coding agent security benchmark

Product

Platform

Platform Overview

Developer Tools

Languages & Integrations

Use cases

Code

AI Security Code Review

Secrets Detection

Open Source

Reachability-based SCA

Upgrade Impact Analysis

Malicious Package Detection

AI Model Governance

SBOM & Compliance

Security Patches

Container

Container Security

Artifact Signing

Learn

Resources

Customer Stories

Ebooks & Reports

Tools

Code Prompt Library

Featured resources

State of Dependency Management 2025

3D render of a book titled '2023 Dependency Management Report' by Endor Labs with icons and author photos on the cover.

Code Prompt Library

Dark green square with rounded corners featuring a coding symbol consisting of less-than and greater-than signs with a slash.

Artifact Signing

SCA for Python and AI Apps

Research

Agent Benchmark

Threat Research

Company

About

Customer Stories

Achievements

Gartner Cool Vendor

CRN Stellar Startup

Intellyx Digital Innovation Award

See How It Works in Action

Introducing the AI coding agent security benchmark

Product

Platform

Platform Overview

Developer Tools

Languages & Integrations

Use cases

Code

AI Security Code Review

Secrets Detection

Open Source

Reachability-based SCA

Upgrade Impact Analysis

Malicious Package Detection

AI Model Governance

SBOM & Compliance

Security Patches

Container

Container Security

Artifact Signing

Learn

Resources

Customer Stories

Ebooks & Reports

Tools

Code Prompt Library

Featured resources

State of Dependency Management 2025

3D render of a book titled '2023 Dependency Management Report' by Endor Labs with icons and author photos on the cover.

Code Prompt Library

Dark green square with rounded corners featuring a coding symbol consisting of less-than and greater-than signs with a slash.

Artifact Signing

SCA for Python and AI Apps

Research

Agent Benchmark

Threat Research

Company

About

Customer Stories

Achievements

Gartner Cool Vendor

CRN Stellar Startup

Intellyx Digital Innovation Award

See How It Works in Action

Learn

Learn about software supply chain security and Endor Labs.

Featured resources

Claude Opus 4.7 Sets New Records in the Endor Labs Agent Security League

Blog

Claude Opus 4.7 Sets New Records in the Endor Labs Agent Security League

Apr 17, 2026

Surge in submissions forces NIST to change how it handles CVEs. Here's what it means for vulnerability management.

Blog

Surge in submissions forces NIST to change how it handles CVEs. Here's what it means for vulnerability management.

Apr 17, 2026

Agent Security League: Evaluating the Security of AI-Coded Software

Ebook/Report

Agent Security League: Evaluating the Security of AI-Coded Software

Apr 15, 2026

Ebook/Report

Malware in Open Source Ecosystems

Apr 1, 2026

Topic

AI/ML

CI/CD

Compliance & SBOM

DevSecOps Tools

Developer Productivity

First Party Code

Malware

News

Open Source

Opinion

SCA

Security

Tech

Medium

Blog

Customer Story

Ebook/Report

Solution Brief

Video

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

AI/ML

Claude Opus 4.7 Sets New Records in the Endor Labs Agent Security League

Blog

Claude Opus 4.7 Sets New Records in the Endor Labs Agent Security League

Apr 17, 2026

Open Source

Security

Surge in submissions forces NIST to change how it handles CVEs. Here's what it means for vulnerability management.

Blog

Surge in submissions forces NIST to change how it handles CVEs. Here's what it means for vulnerability management.

Apr 17, 2026

Security

Open Source

The Dangers of Reusing Protobuf Definitions: Critical Code Execution in protobuf.js (GHSA-xq3m-2v4x-88gg)

Blog

The Dangers of Reusing Protobuf Definitions: Critical Code Execution in protobuf.js (GHSA-xq3m-2v4x-88gg)

Apr 17, 2026

Security

Open Source

A critical sandbox bypass lets attackers run arbitrary code in Spring apps.

Blog

It's About Thyme: How a Whitespace Character Broke Thymeleaf's Expression Sandbox (CVE-2026-40478)

Apr 16, 2026

AI/ML

Agent Security League: Evaluating the Security of AI-Coded Software

Ebook/Report

Agent Security League: Evaluating the Security of AI-Coded Software

Apr 15, 2026

AI/ML

Is AI Coding Safe? Introducing the Agent Security League

Blog

Is AI Coding Safe? Introducing the Agent Security League

Apr 15, 2026

Malware

Open Source

Security

The Unkillable C2: How Attackers Are Moving Command and Control to the Blockchain

Blog

The Unkillable C2: How Attackers Are Moving Command and Control to the Blockchain

Apr 13, 2026

Security

News

Open Source

Root in One Request: Marimo's Critical Pre-Auth RCE (CVE-2026-39987)

Blog

Root in One Request: Marimo's Critical Pre-Auth RCE (CVE-2026-39987)

Apr 9, 2026

Security

Malware

What Security and Engineering Teams Fear Most About Malware

Blog

What Security and Engineering Teams Fear Most About Malware

Apr 8, 2026

No items found.

Ebook/Report

Malware in Open Source Ecosystems

Apr 1, 2026

News

Malware

Security

New research: malware in open source ecosystems surges 14x as attackers hijack trusted packages

Blog

New research: malware in open source ecosystems surges 14x as attackers hijack trusted packages

Apr 1, 2026

Security

Malware

Blog

Axios compromised: hijacked maintainer account pushes malicious npm versions

Mar 30, 2026

Malware

Ebook/Report

A Practitioner’s Guide to Responding to the TeamPCP Supply Chain Attacks

Mar 27, 2026

Malware

Security

Blog

TeamPCP Strikes Again: Telnyx Compromised Three Days After LiteLLM

Mar 27, 2026

CI/CD

Blog

What We Can Learn About GitHub Actions Security from the Trivy Breach

Mar 26, 2026

Opinion

Blog

SolarWinds took a nation-state. The next attack just needs an LLM and $5.

Mar 26, 2026

Malware

Security

Blog

TeamPCP Isn't Done: Threat Actor Behind Trivy and KICS Compromises Now Hits LiteLLM's 95 Million Monthly Downloads on PyPI

Mar 24, 2026

Security

Malware

Blog

CanisterWorm: Malicious npm Packages Deploy Self-Propagating Supply Chain Worm

Mar 21, 2026

AI/ML

Security

AURI: Security Intelligence for Agentic Software Development

Solution Brief

AURI: Security Intelligence for Agentic Software Development

Mar 19, 2026

Malware

Malicious 'Pyronut' Package Backdoors Telegram Bots with Remote Code Execution

Blog

Malicious 'Pyronut' Package Backdoors Telegram Bots with Remote Code Execution

Mar 18, 2026

Security

Malware

Blog

npm is serving malware to 134,000 developers, and the maintainer can’t stop it

Mar 18, 2026

...

1 / 16

Want to stay in the loop?

Sign up for our newsletter.

Email

Welcome to the resistance

Oops! Something went wrong while submitting the form.

Company

Home Pricing Contact Us About Careers

LEARN

Blog Documentation eBook / Reports Events LeanAppSec Solution Brief Video

Tools

TEI Calculator Risk Explorer

Why Us?

vs Snyk vs Semgrep vs Socket vs Traditional SCA vs Runtime SCA

Products

Products

Endor Labs Supply Chain

Endor Open Source

Use Cases

AI Apps AI Apps

AI Code Governance AI Code Governance

AI Static Application Security Testing (SAST)AI Static Application Security Testing (SAST)

Artifact Signing Artifact Signing

Bazel Monorepos Bazel Monorepos

CI/CD Discovery CI/CD Discovery

Code Scanning Code Scanning

Compliance & SBOM Compliance & SBOM

Container Scanning Container Scanning

Digital Operational Resilience Act (DORA)Digital Operational Resilience Act (DORA)

GitHub Actions GitHub Actions

Malicious Package Detection Malicious Package Detection

PCI DSS PCI DSS

SBOM Ingestion SBOM Ingestion

SCA with Reachability SCA with Reachability

Secrets Detection Secrets Detection

Upgrades & Remediation Upgrades & Remediation

Integrations

.NET (C#).NET (C#)

Bitbucket Bitbucket

CircleCI CircleCI

VS Code / GitHub Copilot VS Code / GitHub Copilot

JavaScript JavaScript

Jenkins Jenkins

Microsoft Defender for Cloud Microsoft Defender for Cloud

TypeScript TypeScript

Home Pricing Contact Us

Company

LEARN

Blog Documentation eBook / Reports Events LeanAppSec Solution Brief Video

Tools

TEI Calculator Risk Explorer

Why Us?

vs. Snyk vs. Semgrep vs. Socket vs. Traditional SCA vs. Runtime SCA

Products

Endor Labs Supply Chain

Endor Open Source

Use Cases

Secrets Detection Secrets Detection

AI Static Application Security Testing (SAST)AI Static Application Security Testing (SAST)

Malicious Package Detection Malicious Package Detection

Code Scanning Code Scanning

AI Code Governance AI Code Governance

Upgrades & Remediation Upgrades & Remediation

SBOM Ingestion SBOM Ingestion

AI Apps AI Apps

Bazel Monorepos Bazel Monorepos

Digital Operational Resilience Act (DORA)Digital Operational Resilience Act (DORA)

PCI DSS PCI DSS

Container Scanning Container Scanning

GitHub Actions GitHub Actions

CI/CD Discovery CI/CD Discovery

Artifact Signing Artifact Signing

Compliance & SBOM Compliance & SBOM

SCA with Reachability SCA with Reachability

Integrations

VS Code / GitHub Copilot VS Code / GitHub Copilot

Microsoft Defender for Cloud Microsoft Defender for Cloud

Bitbucket Bitbucket

.NET (C#).NET (C#)

TypeScript TypeScript

JavaScript JavaScript

Jenkins Jenkins

CircleCI CircleCI

© 2026 Endor Labs. All rights reserved.

Legal and Privacy Trust and Security

All names, logos, and brands of third parties listed on our site are trademarks of their respective owners. Endor Labs and its products and services are not endorsed by, sponsored by, or affiliated with these third parties. Our use of these names, logos, and brands is for identification purposes only, and does not imply any such endorsement, sponsorship, or affiliation.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.