Endor Labs expands its AI-native application security platform through a major move that strengthens its reach across the entire software stack. The company has acquired Autonomous Plane, and this deal brings new technology that improves how teams understand risk inside modern applications. The acquisition also ensures that the growing demand for deeper visibility across code and container images receives a reliable solution.
Endor Labs explains that today’s software development market is shifting fast. AI coding agents now generate complete software components, and that creates new blind spots. Traditional scanners cannot see how these components connect. As a result, teams struggle to understand which vulnerabilities actually matter. However, Endor Labs aims to solve this gap by adding full‑stack reachability to its application security platform.
This new capability uses the technology built by Kyle Quest, the founder of Autonomous Plane and the creator of DockerSlim. He has now joined Endor Labs. His work helps map how vulnerabilities travel through application code, open‑source libraries, language runtimes, and even operating system layers. This end‑to‑end view allows security teams to see real risk rather than long, confusing lists of issues.
Moreover, full‑stack reachability blends static code analysis with dynamic and static container analysis. It looks at how applications behave when they run. Then it identifies which components load in real time. Because of that, the system filters out around 90 percent of false positives that most scanners report. This reduction helps teams save time, focus on urgent threats, and move faster without losing control.
Endor Labs stresses that its approach is different from other tools. Many scanners only examine code. Yet modern applications depend heavily on containers, and these containers include many libraries that may never run. Without reachability analysis, teams must fix every reported issue, even if the code never loads. That wastes time and increases operational pressure.
The company believes this upgrade will matter even more for regulated industries. Sectors that follow frameworks such as FedRAMP must fix vulnerabilities within strict timelines. However, container images often contain hundreds of unused packages. If teams cannot identify which ones matter, they risk both wasted effort and compliance failures. Full‑stack reachability solves this by highlighting only the vulnerabilities that the application can reach while running.
Quest explains that most scanners report every CVE inside an image. Yet only some of those components load. His approach uses information from the application layer to show which packages activate. This evidence-based method gives teams clarity and reduces noise. It helps them stay compliant without losing focus.
Endor Labs states that the new feature is available immediately to its customers. It becomes part of the company’s expanding application security platform. The company believes this marks a major step forward in how teams secure software built in the age of AI.
With organizations adopting AI-generated code at a rapid pace, the need for accurate and high‑confidence security insights continues to grow. Endor Labs positions itself as the platform built for this shift. The acquisition of Autonomous Plane shows its intent to lead in a market that demands both speed and precision. As more teams embrace automated development, the company expects full‑stack reachability to become a core requirement for modern application security.
