William OGOU Cybersecurity Blog

Published

- 8 min read

Automating the AppSec with AI

By William OGOU
AI and AppSec Endor Labs Agent Kit AURI Agents automated vulnerability remediation AI SAST Triage Claude Code Cursor IDE AI Security
img of Automating the AppSec with AI

Ask any AppSec team how their backlog is looking, and you will hear a variation of the same exhausted truth: Detection has never been faster, and human remediation has never been slower.

Frontier AI models, advanced researchers, and modern scanners are surfacing vulnerabilities at a staggering rate. At Endor Labs, we have observed new CVEs moving from public disclosure to active exploitation in under 10 hours often before a security engineer has even had the chance to assign a Jira ticket.

The structural gap is obvious. We are using machine speed to find vulnerabilities, but we are still relying on human speed to fix them. Developers are already trying to solve this by pointing general-purpose AI coding agents (like Claude or Cursor) at security findings. The instinct is right, but the execution fails because general-purpose agents operate blind; they lack the contextual security data needed to formulate a safe, non-breaking fix.

This changes today. Defenders now have the tools to push remediation to machine speed.

Here is how you can use AI to automate your AppSec workflows using the newly released AURI Agents and the open-source Endor Labs Agent Kit.

What to Remember

  • The AppSec Gap: AI has accelerated vulnerability detection and exploitation; remediation must adopt AI agents to keep pace.
  • AURI Agents: Pre-configured, expert AI agents by Endor Labs that plug directly into tools developers already use (Claude Code, Cursor IDE, Codex, Gemini).
  • Context is King: General-purpose AI fails at security patching. AURI Agents succeed because they are wired directly into Endor Labs’ reachability analysis and policy graphs.
  • Local Execution: The agents run on your infrastructure using your LLM keys. Your code and secrets never cross into a vendor’s backend.
  • Open Source: The Endor Labs Agent Kit is fully open-source, allowing you to build, customize, and deploy your own security agents via simple Markdown and YAML recipes.

The Power of Context: Why General AI Fails at Security

If you paste a CVE alert into an LLM and ask it to write a patch, it will hallucinate. It doesn’t know if the vulnerable function is actually reachable in your specific codebase. It doesn’t know if upgrading that package will break three other transitive dependencies.

General AI lacks context.

To bridge this gap, Endor Labs introduced AURI Agents. Instead of exposing raw data through a clunky API and hoping an LLM figures it out, Endor Labs packaged their deep contextual data reachability analysis, upgrade impact, and finding graphs directly into pre-built AI agents.

According to a recent study, using these expert agents allows teams to perform security tasks 2.8 times faster while consuming 92% fewer tokens compared to unaugmented AI agents.

Meet the AURI Agent Catalog

The catalog launches with specialized agents designed to tackle the heaviest, most requested AppSec workflows. Here are the standouts:

1. SCA Remediation Agent (endor-sca-remediation-agent)

  • The Problem: You have 50 open dependency vulnerabilities. Which ones actually matter, and what is the safest upgrade path?
  • The Agent: This agent takes an open dependency vulnerability, uses reachability analysis to verify if your code actually calls the vulnerable function, calculates the safest upgrade path, and automatically opens a Pull Request (PR) with the justifying evidence attached to the PR body.

2. AI SAST Triage Agent (endor-ai-sast-triage-agent)

  • The Problem: SAST scanners are notoriously noisy, producing hundreds of false positives.
  • The Agent: It reviews SAST findings, confirms true positives against the exact commit SHA, generates patches for confirmed flaws, and routes false positives with logical explanations. It even handles exceptions directly from PR comments, allowing AppSec reviewers to approve them straight into policy without filing a ticket.

3. Probe Droid (endor-probe-droid-agent)

  • The Problem: “Are we actually scanning everything?”
  • The Agent: Probe Droid audits your scan coverage across GitHub. It finds the blind spots and prescribes exactly what configurations, toolchains, or package integrations need to change to ensure complete repository coverage.

4. Vulnerability Explainer (endor-vulnerability-explainer-agent)

  • The Problem: A developer encounters a complex GHSA or CVE ID and doesn’t know where to start.
  • The Agent: It turns a cryptic CVE ID into a plain-language explanation, specifically detailing what it means for your specific repository and outlining the exact next steps.

How to Install and Deploy (Running Locally)

Security leaders rightfully panic when they hear “AI agent looking at our codebase.” AURI Agents alleviate this by running exactly where your developers already live.

There is no new runtime to adopt. The agents install directly into tools like Claude Code, Cursor IDE, Codex, or Gemini CLI. Most importantly, they run on your infrastructure. Your code, your secrets, and your LLM token spend stay on your side of the fence.

Quick Start: Cursor IDE

If your team uses Cursor, installation is seamless.

  1. Open the Cursor Agent chat.
  2. Install the plugin: /add-plugin endorlabs
  3. Run the setup skill to check your readiness (it will not run unauthorized scans).

Quick Start: Claude Code

To drop the agent into your local Claude Code environment, use the CLI:

   /plugin marketplace add endorlabs/ai-plugins
/plugin install endor-labs-agent-kit@endorlabs
/reload-plugins
/agents

Once installed, point it at your repository: Prompt: @agent-sca-remediation check this repository for P0 SCA findings I can start remediating.

Python SDK for CI/CD Automation

If you want to run these agents headlessly in your CI/CD pipelines or backend orchestration, you can use the Cursor SDK lane:

   python3 -m pip install -r cursor-sdk/requirements.txt
export CURSOR_API_KEY="crsr_..."
python cursor-sdk/run_cursor_agent.py endor-sca-remediation-agent \
  --mode cloud \
  --repo-url https://github.com/your-org/your-repo \
  --ref main \
  "Prepare a remediation plan only. Do not edit files or open a PR."

Security by Design: Guardrails and Trust

Endor Labs built these agents like security software.

  • Read-Only by Default: By default, the majority of the agents are read-only. They can assess CI/CD posture, summarize package risks, and preview remediation plans, but they cannot edit files, push branches, or open PRs.
  • Approval-Gated Workflows: For agents that do mutate state (like the SCA Remediation agent), they operate under strict approval-gated workflows. File edits, branch pushes, and policy writes are split into separate execution gates, ensuring a human remains in the loop for critical actions. Furthermore, agents act with scoped credentials allowing you to audit exactly what actions were taken by a developer versus what actions were executed by their agent.

The Endor Labs Agent Kit: Build Your Own

Every security team has highly specific, bespoke workflows. If the pre-built AURI Agents don’t fit your exact needs, you don’t have to start from scratch.

The Endor Labs Agent Kit is completely open-source. Every agent is defined as a “Source Recipe” a readable YAML file combined with plain-markdown instructions.

Don’t want to write YAML? You don’t have to. The kit includes a “Create Endor Labs Agent” skill. You simply describe the workflow you want in plain English to your coding agent, and it walks you through authoring the recipe, the prompt, and the evaluation cases. It then validates your new agent against the exact same strict guardrails Endor Labs uses for its official catalog.

Conclusion

The era of drowning in the AppSec backlog is ending. Attackers are using AI to scale their operations; defenders must do the same. By bringing rich, contextual security data directly into the AI environments where developers already work, AURI Agents allow teams to fix vulnerabilities as fast as scanners find them.

Stop compromising between development speed and security. Grab the code from the Endor Labs Agent Kit on GitHub, install the plugins, and let the agents do the heavy lifting.

To further enhance your cloud security and implement Zero Trust, contact me on LinkedIn Profile or [email protected].

Frequently Asked Questions (FAQ)

What are AURI Agents?

AURI Agents are free, pre-configured AI agents built by Endor Labs. They integrate deep security context (like reachability analysis) into AI coding assistants to automatically triage and remediate vulnerabilities.

Do AURI Agents send my source code to a third-party server?

No. AURI Agents execute locally on your infrastructure within the IDEs and CLI tools your developers already use (like Cursor or Claude Code), ensuring your code and secrets never cross into a vendor's backend.

What platforms do AURI Agents support?

The agents are compatible with Claude Code, Cursor IDE, Codex, Gemini CLI, and Antigravity CLI. They also offer a Python SDK for integration into CI/CD pipelines.

Can an AURI Agent push code to my production environment?

No. The agents are designed with strict safety guardrails. Most are read-only, and mutating agents (like those that open PRs) require explicit human approval gates for file edits, branch pushes, and policy writes.

Can I build my own custom security agent?

Yes. The Endor Labs Agent Kit is open-source. You can use simple Markdown and YAML recipes, or use the 'Create Agent' skill to have an LLM build a custom, guardrailed agent for your specific workflows.

William OGOU

William OGOU

Need help implementing Zero Trust strategy or securing your cloud infrastructure? I help organizations build resilient, compliance-ready security architectures.

Connect on LinkedIn