Endor Labs acquires Autonomous Plane to extend AI-native application security with full-stack reachability from code to containers

Endor Labs, a leader in AI-native application security, today announced the acquisition of Autonomous Plane, a cloud-native application security company founded by DockerSlim creator Kyle Quest. This acquisition expands Endor Labs’ AI-native application security platform to provide full-stack reachability across applications and container images, enabling organizations to dramatically improve vulnerability prioritization and securely protect modern AI-generated software.

AI coding agents are fundamentally changing the way software is built, increasingly producing complete software artifacts across code, open source dependencies, and container images. This shift creates security blind spots because traditional point-in-time scans miss the interconnected nature of AI-generated applications. Enabled by technology developed by Kyle Quest, who joined Endor Labs through acquisition, full-stack reachability combines source code analysis with dynamic and static container analysis to model applications end-to-end and trace the impact of vulnerabilities from application code through language runtimes and OS components.

By combining static dependency graph analysis and automatic runtime profiling, full-stack reachability identifies real exploitable vulnerabilities and eliminates up to 90% of false positives reported by traditional scanners. Unlike competitors that offer application code-only reachability, Endor Labs offers an industry-first full-stack approach that analyzes SCA findings and container image vulnerabilities together.

“Container scanning remains in inventory mode, telling teams what is installed, not what is important,” said Varun Badhwar, CEO and co-founder of Endor Labs. “Security tools need to evolve beyond scanning individual components. With this acquisition and the launch of Full Stack Reachability, we can provide evidence-based visibility across the entire stack, allowing teams to focus on real risk, reduce operational noise, and achieve compliance.”

Evidence-based approaches have also proven particularly valuable for regulated industries. Standards such as FedRAMP mandate strict remediation schedules for vulnerabilities, but container bloat means that the base image contains hundreds of general-purpose libraries that most applications will never use. Without reachability analysis, teams can waste engineering resources fixing vulnerabilities in unused code or miss important issues buried in noise and face compliance penalties.

“Traditional container scanners report all CVEs in an image, requiring our team to manually sift through hundreds of findings,” Quest said. “Full-stack reachability uses information from the application layer to understand which container image packages are loaded and identify which packages and vulnerabilities are reachable in running applications. In a regulated industry, this evidence-based approach allows teams to focus on the real risks and not get lost in the noise.”