CIO Influence Interview With Varun Badhwar, CEO and co-founder of Endor Labs

Modern day CISOs and security teams have to rely on intelligent automation to surface the most important risks and remediate them efficiently; Varun Badhwar, CEO and co-founder of Endor Labs weighs in with some proven best practices in this CIO Influence interview:

________

Hi Varun, tell us about yourself. We’d love to hear about Endor Labs’ recent acquisition of Autonomous Plane and how it will impact end users?

I’ve spent most of my career working at the intersection of software development and security. Before founding Endor Labs, I helped build large-scale security programs and saw firsthand how difficult it was for teams to keep up with the growing complexity of modern software stacks, especially once open source became the foundation of almost every application.

At Endor Labs, our mission has always been to help developers move fast without introducing unnecessary risk into the software supply chain. Developers today rely heavily on open source and third-party components, and now we’re entering a world where a large percentage of new code is generated by AI systems. That creates incredible productivity gains—but also new security challenges.

The acquisition of Autonomous Plane is really about getting ahead of that shift. Autonomous Plane has been doing very interesting work around understanding how AI-generated code behaves inside real applications. By bringing that technology into Endor Labs, we’re able to give customers much deeper visibility into the risks introduced by both traditional dependencies and AI-generated code.

For end users, the benefit is pretty straightforward: faster development without sacrificing trust. As teams adopt AI coding tools, they’ll have the guardrails and analysis needed to understand what code is actually doing, where risk exists, and how to remediate it before it becomes a production issue.

As AI-driven software development cycles become more mainstream, how will this impact the software security market in terms of how products are made and deployed?

AI is fundamentally compressing the software development lifecycle.

What used to take weeks or months—designing features, writing code, testing components—can now happen in hours with AI copilots and autonomous agents generating large portions of the codebase. That’s an incredible productivity shift, but it also means the volume of code entering organizations is exploding.

Security tooling and processes weren’t designed for that kind of scale.

Historically, security teams relied on periodic scans, manual reviews, and vulnerability databases to manage risk. But in a world where AI can generate thousands of lines of code in minutes, those reactive approaches simply won’t keep up.

What we’re seeing is the beginning of a shift toward continuous, intelligent security analysis that operates directly in the developer workflow. Instead of scanning everything after the fact, security tools need to understand code contextually, identify which risks actually matter, and help developers fix them while they’re building.

In many ways, security will start to look more like an autonomous co-pilot for developers, continuously evaluating dependencies, AI-generated code, and configuration choices as the software evolves.

Also Read: CIO Influence Interview With Jake Mosey, Chief Product Officer at Recast

What are some of the top factors that keep CISOs and CTOs up at night around software development and SaaS/data security?

There are a few themes we consistently hear from security leaders.

The first is software supply chain risk. Modern applications are assembled from thousands of open source packages and third-party libraries. Most teams don’t have full visibility into what those components actually do, which vulnerabilities they introduce, or whether they’re actively maintained.

The second is the rise of AI-generated code. AI tools are fantastic productivity boosters, but they can also generate code that introduces vulnerabilities, pulls in risky dependencies, or replicates insecure patterns from training data. Security teams are still figuring out how to evaluate and govern that.

Another major concern is security signal overload. Many organizations are dealing with tens or hundreds of thousands of vulnerability alerts across their environments. The challenge isn’t finding problems—it’s figuring out which ones actually matter.

Finally, there’s the issue of speed versus safety. Businesses expect engineering teams to move faster than ever. But every acceleration in development also increases the potential attack surface, which puts pressure on security leaders to protect the organization without slowing innovation.

What top-of-mind tips and best practices would you share with modern CTOs and CISOs, given how today’s digital threats are far more evolved (because of AI) than before?

One of the biggest shifts organizations need to make is moving security earlier in the development lifecycle. Waiting until code reaches production to evaluate risk is simply too late in an AI-accelerated environment.

Another key principle is focus on reachability and exploitability, not just vulnerabilities. Not every vulnerability represents real risk. The most mature organizations prioritize issues based on whether vulnerable code can actually be executed in their applications.

Third, security and development teams need to become much more aligned. Security tools should be designed to help developers fix problems quickly, not just generate reports for security teams.

It’s also critical to build governance around AI development tools. Organizations should have clear policies about how AI-generated code is reviewed, what dependencies are allowed, and how those outputs are validated.

And finally, automation is essential. The scale of modern software development means security teams have to rely on intelligent automation to surface the most important risks and remediate them efficiently.

Five thoughts on the future of software cycles and AI before we wrap up?

A few things I’m watching closely: First, AI will generate a significant portion of new application code within the next few years. Developers won’t disappear, but their role will shift toward guiding and validating AI output.

Second, the volume of software will increase dramatically. When code becomes easier to produce, organizations build more of it—which means the software supply chain will become even more complex.

Third, we’ll see the rise of AI-assisted security tools that analyze applications continuously and help developers remediate issues in real time.

Fourth, trust will become a competitive differentiator. Companies that can prove their software supply chains are secure and transparent will have a major advantage with customers and regulators.

And finally, the organizations that succeed will be the ones that treat security as part of the development platform itself, rather than something layered on after the fact.

Catch more CIO Insights: Why CIOs are becoming chief risk orchestrators?

[To share your insights with us, please write to psen@itechseries.com ]