Software supply chain security is moving faster than ever, and Endor Labs just made a major move. They’ve raised $93 million in Series B funding to expand their Application Security (AppSec) platform — and what’s really interesting is how they’re using AI to tackle modern risks.

The funding round was led by DFJ Growth, with backing from big names like Salesforce Ventures, Lightspeed, Coatue, Dell Technologies Capital, Section 32, and Citi Ventures.

This new investment adds to Endor Labs’ impressive funding history — they had already secured $70 million in Series A and more than $25 million in seed funding.

What really caught my attention is how Endor Labs is expanding their platform. They’re not just bolting on AI features — they’ve built dedicated AI agents specifically for application security teams.

These agents do much more than surface-level code checks:

• Review every pull request for architectural changes with security implications.
• Detect vulnerabilities related to AI system integrations, authentication, authorization updates, new API endpoints, cryptographic modifications, and sensitive data handling.
• Proactively recommend fixes, helping AppSec teams catch risks earlier in the software development lifecycle.

In simple terms, it’s the kind of smart, context-aware security automation that’s been missing from most AI implementations so far.

Endor Labs’ CEO, Varun Badhwar, made a critical point that we need to pay attention to:
“Until recently, 80% of code came from open source. Moving forward, 80% will be generated by AI.”

That shift isn’t something we can plan for in the distant future — it’s already reshaping how software gets built today. As AI-generated code becomes the norm, the way we think about application security has to evolve alongside it.

Traditional scanning tools aren’t enough when changes happen at the architecture level and are driven by AI engines we don’t fully control. We need smarter systems that understand context, intent, and risk at a deeper level.

Most of the AI tools we see today are just wrappers around LLMs (Large Language Models). Endor Labs claims their edge comes from years of building a specialized security dataset — giving their AI agents real-world training data that makes them far more effective for AppSec needs.

From what I’m seeing, this approach could offer a significant advantage, especially for organizations that are serious about shifting left on security without slowing down developers.