When AI Ships the Code, Who Owns the Risk with Varun Badhwar and Henrik Plate

AI isn’t quietly changing software development… it’s rewriting the rules while most security programs are still playing defense. When agents write code at machine speed, the real risk isn’t velocity, it’s invisible security debt compounding faster than teams can see it.

In this episode, Ron Eddings sits down with Varun Badhwar, Co-Founder & CEO of Endor Labs, and Henrik Plate, Principal Security Researcher of Endor Labs, to break down how AI-assisted development is reshaping the software supply chain in real time. From MCP servers exploding across GitHub to agents trained on insecure code patterns, they analyze why traditional AppSec controls fail in an agent-driven world and what must replace them.

This conversation pulls directly from Endor Labs’ 2025 State of Dependency Management Report, revealing why most AI-generated code is functionally correct yet fundamentally unsafe, how malicious packages are already exploiting agent workflows, and why security has to exist inside the IDE, not after the pull request.

Impactful Moments 00:00 – Introduction 02:00 – Star Wars meets cybersecurity culture 03:00 – Why this report matters now 04:00 – MCP adoption explodes overnight 10:00 – Can you trust MCP servers 12:00 – Malicious packages weaponize agents 14:00 – Code works, security fails 22:00 – Hooks expose agent behavior 28:30 – 2026 means longer lunches 33:00 – How Endor Labs fixes this

Links Connect with our Varun on LinkedIn: https://www.linkedin.com/in/vbadhwar/

Connect with our Henrik on LinkedIn: https://www.linkedin.com/in/henrikplate/

Check out Endor Labs State of Dependency Management 2025: https://www.endorlabs.com/lp/state-of-dependency-management-2025

Check out our upcoming events: https://www.hackervalley.com/livestreams

Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio

Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com

Continue the conversation by joining our Discord: https://hackervalley.com/discord

Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

Det här avsnittet är hämtat från ett öppet RSS-flöde och publiceras inte av Podme. Det kan innehålla reklam.

Avsnitt(424)

Who Owns Your AI Security Policy? with Chris Cochran

Right now, someone in your organization is probably feeding sensitive data into an AI system that nobody approved. So when something goes wrong, who's responsible? And more critically, do you even hav...

18 Maj 35min

Turning 30,000 Findings Into 50 That Matter with Dan Pagel and Brad Hibbert

Mythos just found 30,000 new vulnerabilities, and now every security team is asking the same question: what actually matters? In this episode, Ron Eddings sits down with Dan Pagel, CEO at Brinqa, and ...

1 Maj 34min

Killing the Playbook with Agentic AI with Allan Alford and Tom Findling

SOAR promised to close the loop in the SOC and fell flat. Agentic AI is finally delivering what a decade of playbooks couldn’t. In this episode, Ron sits down with Allan Alford, SVP at NTT Global Dat...

24 Apr 39min

The Epidemic of Sameness Is Killing Your Brand with Don Jeter

In 2025, Torq brought a monster truck to RSAC. And Don Jeter, Torq's CMO, will be the first to tell you: nobody's buying an AI SOC platform because of a grave digger in the booth. In this episode, Ron...

17 Apr 34min

Minutes to Meltdown: Cyber Recovery When It Counts with Chris Bevil

Most organizations are prepping for disaster recovery when they should be building for cyber recovery, and those are not the same thing. Recorded live at RSAC Conference 2026, Ron sat down with Chris...

7 Apr 28min

Building AI Governance Before the Incidents Hit with Guru Sethupathy

AI adoption is outpacing governance at every level, and the cost of waiting is getting higher by the day. Guru Sethupathy, General Manager of AI Governance at Optro and former Founder of FairNow, brea...

1 Apr 24min

What Happens When Attackers Collaborate More Than Defenders? Ron Eddings Reporting Live from RSAC Conference

What happens when attackers collaborate better than defenders? Recorded live from RSAC 2026, this solo episode with Ron breaks down the biggest themes shaping cybersecurity right now, from organized ...

31 Mars 13min

RSAC 2026: Show Up or Fall Behind

What does it mean when your smart doorbell becomes an entry point for surveillance? What happens when a single hacker can jailbreak every major AI model within hours of its release? And why are the sa...

20 Mars 21min