Endor Labs Warns of 14x Surge in Open Source Malware as Organizations Underinvest in Protection

New updates have been reported about Endor Labs.

Endor Labs has released new research showing a dramatic escalation in open source malware, putting the company at the center of a fast-emerging risk in software supply chains and AI development. The report finds that over 90% of open source vulnerability malware advisories and 92% of npm account takeovers occurred in 2025, yet only 21% of organizations enforce basic safeguards such as cooldown periods after package releases, underscoring a significant market gap for Endor Labs’ security platform.

Based on a survey of more than 600 global IT professionals and analysis of OSV and npm data, Endor Labs concludes that enterprises still treat open source malware as isolated incidents rather than a strategic, program-level threat. CEO Varun Badhwar warns that traditional application security, focused on vulnerabilities rather than malware, is outpaced by attackers exploiting trusted packages, AI coding agents, and model dependencies, creating new entry points into critical systems.

The findings highlight several structural weaknesses that reinforce Endor Labs’ value proposition and potential growth trajectory. Malicious packages can be downloaded widely within hours, compromised packages often remain available even after disclosure, and only 14% of affected npm projects have adopted stronger controls like Trusted Publishing, leaving room for broader uptake of Endor Labs’ coordinated security approach.

Despite 81% of organizations ranking open source malware as a top priority and 88% recognizing the first days after release as the riskiest, fewer than half plan to materially increase 2026 security budgets, indicating a persistent awareness–action gap. For Endor Labs, this disconnect presents both a challenge and an opportunity: customers acknowledge the risk but have yet to fully fund comprehensive defenses, suggesting a sales cycle focused on quantifying business impact and regulatory exposure.

Endor Labs positions its agentic application security platform as a response to these trends, aiming to give engineering and security teams unified visibility and remediation across source code, open source dependencies, and container images. As AI coding agents and machine learning infrastructure become more deeply embedded in enterprise software stacks, the company’s emphasis on software supply chain integrity and automated remediation is likely to grow more central to risk management strategies and procurement decisions.

The report, titled “Malware in Open Source Ecosystems,” also underscores the need for cross-functional responsibility across DevOps, security, and engineering teams, a dynamic that could drive multi-stakeholder adoption of Endor Labs’ offerings. With data collected at a 95% confidence level and a ±4% margin of error, the research provides a statistically grounded narrative that Endor Labs can leverage in go-to-market efforts, customer education, and potential partnerships with ecosystem players such as registries and cloud platforms.

For executives and investors, the key takeaway is that malware in open source ecosystems is moving from a niche concern to a systemic risk, and Endor Labs is positioning itself as a primary enabler of coordinated defense. If organizations begin to align budgets with the level of threat indicated in this study, the company stands to benefit from increasing demand for platforms that can both detect and rapidly neutralize malicious code across modern software supply chains.