The biggest security threat isn’t in the cloud, it’s hidden in the code you trust the most.

In this episode, Ron sits down with Varun Badhwar, Co-Founder & CEO of Endor Labs, who shares why research shows that nearly 80–90% of application code comes from open source and third-party libraries, not your own developers. Varun discusses the unseen risks of AI-generated software, how attackers can now weaponize vulnerabilities in hours, and why precision in security matters more than ever. He also reveals how AI can be both the ultimate accelerator and the ultimate weakness in modern development.

Impactful Moments:

00:00 - Introduction

02:00 - Varun’s journey from RedLock to Endor Labs

04:00 - Why the software supply chain is broken

07:00 - AI coding assistants and insecure code risks

10:00 - The NPM self-replicating worm discovery

13:00 - Simple controls to enforce Zero Trust in code

16:00 - Pairing AI with security to prevent slop

19:00 - AI-powered security code reviews explained

22:00 - Why 88% of code goes unused

26:00 - Developer efficiency as the new security metric

29:00 - The next wave of AI-driven software threats

Links:

Connect with our Endor on LinkedIn: https://www.linkedin.com/in/vbadhwar/

Check out our upcoming events: https://www.hackervalley.com/livestreams

Join our creative mastermind and stand out as a cybersecurity professional:

https://www.patreon.com/hackervalleystudio

Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com

Continue the conversation by joining our Discord: https://hackervalley.com/discord

Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/