Modern CTO The AI Coding Arms Race is Transforming Software with Henrik Plate & Amod Gupta of Endor Labs
10 snips
Nov 6, 2025 Henrik Plate and Amod Gupta from Endor Labs dive into the intersection of AI and software security. They discuss how AI coding assistants are inadvertently creating new vulnerabilities, with 90% of security issues lurking in unused code. The duo highlights alarming trends like malware exploiting local AI agents to steal credentials. They emphasize the importance of prioritizing security alerts based on reachable code paths and integrating safeguards directly into AI-assisted code generation, offering practical advice for enterprises navigating this fast-evolving landscape.
AI Snips
Chapters
Transcript
Episode notes
AI Assistants Are A New Dependency
- AI coding assistants are becoming a new kind of dependency in the software lifecycle.
- They introduce risks around dependency choices and versions that we must study closely.
Agents Misuse Tools And MCPs Exploded
- Henrik observed agents repeatedly failing to invoke tools correctly even after explicit instructions.
- He also found over 10,000 MCP server projects surfaced on GitHub within months of Anthropic's announcement.
Malware Colluding With Local AI Agents
- Malware authors have written code that colludes with local AI agents to extract credentials.
- The malicious package would ask local agents to search and list sensitive files for exfiltration.