Introducing security for AI coding agents and workstations

Product

Platform

Platform Overview

Developer Tools

FREE

Languages & Integrations

Use cases

AI Governance

AI Code

Open Source

SCA With Reachability

Malicious Package Detection

Package Firewall

Upgrade Impact Analysis

Container

Learn

Learn about software supply chain security and Endor Labs.

Featured resources

Blog

Introducing Security for AI Coding Agents and Workstations

May 12, 2026

Ebook/Report

Beyond Mythos: A CISO's Guide to Building an Effective Software Security Program for the AI Era

Apr 29, 2026

Blog

Claude Opus 4.7 Sets New Records in the Endor Labs Agent Security League

Apr 17, 2026

Blog

Surge in submissions forces NIST to change how it handles CVEs. Here's what it means for vulnerability management.

Apr 17, 2026

Show filters

Topic

AI/ML

CI/CD

Compliance & SBOM

Developer Productivity

DevSecOps Tools

First Party Code

Malware

News

Open Source

Opinion

SCA

Security

Tech

Medium

Blog

Customer Story

Ebook/Report

Solution Brief

Video

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

AI/ML

Open Source

Security

Blog

Introducing Agent Governance: Using Hooks to Bring Visibility to AI Coding Agents

May 12, 2026

Open Source

News

Blog

Introducing Package Firewall

May 12, 2026

Malware

Ebook/Report

Malware Defense: A multi-agent detection engine and package firewall

May 12, 2026

AI/ML

News

Open Source

Blog

Introducing Security for AI Coding Agents and Workstations

May 12, 2026

Malware

Open Source

Security

Shai-Hulud compromises the @tanstack ecosystem: 80+ packages compromised

Blog

Shai-Hulud compromises the @tanstack ecosystem: 160+ packages compromised

May 11, 2026

Malware

Security

Blog

Popular lightning PyPI Package Backdoored in Latest Shai-Hulud Wave

Apr 30, 2026

AI/ML

Ebook/Report

Beyond Mythos: A CISO's Guide to Building an Effective Software Security Program for the AI Era

Apr 29, 2026

Malware

Security

Blog

Mini Shai-Hulud: npm Worm Hits SAP Developer Packages

Apr 29, 2026

AI/ML

Blog

GPT-5.5 Sets a New Code Security Record with Cursor, not Codex, in Agent Security League

Apr 27, 2026

Malware

Security

Shai-Hulud: The Third Coming — Inside the @bitwarden/cli@2026.4.0 Supply Chain Attack

Blog

The Bitwarden CLI Supply Chain Attack: What Happened and What to Do

Apr 23, 2026

AI/ML

Blog

The agent control plane needs a security layer

Apr 23, 2026

Malware

Blog

Organizational Behavior Predicts OSS Malware Program Success

Apr 22, 2026

AI/ML

Blog

Claude Opus 4.7 Sets New Records in the Endor Labs Agent Security League

Apr 17, 2026

Open Source

Security

Blog

Surge in submissions forces NIST to change how it handles CVEs. Here's what it means for vulnerability management.

Apr 17, 2026

Security

Open Source

Blog

The Dangers of Reusing Protobuf Definitions: Critical Code Execution in protobuf.js (GHSA-xq3m-2v4x-88gg)

Apr 17, 2026

Security

Open Source

A critical sandbox bypass lets attackers run arbitrary code in Spring apps.

Blog

It's About Thyme: How a Whitespace Character Broke Thymeleaf's Expression Sandbox (CVE-2026-40478)

Apr 16, 2026

AI/ML

Ebook/Report

Agent Security League: Evaluating the Security of AI-Coded Software

Apr 15, 2026

AI/ML

Blog

Is AI Coding Safe? Introducing the Agent Security League

Apr 15, 2026

Malware

Open Source

Security

Blog

The Unkillable C2: How Attackers Are Moving Command and Control to the Blockchain

Apr 13, 2026

Security

News

Open Source

Blog

Root in One Request: Marimo's Critical Pre-Auth RCE (CVE-2026-39987)

Apr 9, 2026

Security

Malware

Blog

What Security and Engineering Teams Fear Most About Malware

Apr 8, 2026

...

1 / 17

Want to stay in the loop?

Welcome to the resistance

Oops! Something went wrong while submitting the form.

Company

Home Pricing Contact Us About Careers

LEARN

Blog Documentation eBook / Reports Events LeanAppSec Solution Brief Video

Tools

TEI Calculator Risk Explorer

Why Us?

vs Snyk vs Semgrep vs Socket vs Traditional SCA vs Runtime SCA

Products

Endor Labs Supply Chain

Use Cases

AI Code Governance AI Code Governance

AI Static Application Security Testing (SAST)AI Static Application Security Testing (SAST)

Artifact Signing Artifact Signing

Bazel Monorepos Bazel Monorepos

CI/CD Discovery CI/CD Discovery

Code Scanning Code Scanning

Compliance & SBOM Compliance & SBOM

Container Scanning Container Scanning

Digital Operational Resilience Act (DORA)Digital Operational Resilience Act (DORA)

GitHub Actions GitHub Actions

Malicious Package Detection Malicious Package Detection

PCI DSS PCI DSS

RSPM RSPM

SBOM Ingestion SBOM Ingestion

SCA with Reachability SCA with Reachability

Secrets Detection Secrets Detection

Upgrades & Remediation Upgrades & Remediation

Integrations

Endor Labs with GitHub Advanced Security

IDE

Microsoft Defender for Cloud

PHP

Legal and Privacy Trust and Security

All names, logos, and brands of third parties listed on our site are trademarks of their respective owners. Endor Labs and its products and services are not endorsed by, sponsored by, or affiliated with these third parties. Our use of these names, logos, and brands is for identification purposes only, and does not imply any such endorsement, sponsorship, or affiliation.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.