A Conversation With Andrew Stiefel

Check out Endor Labs here: https://ul.live/endor_labs_yt In this interview, Andrew from Endor Labs explains how their platform uses reachability analysis to bridge the historical gap between security and engineering teams by proving which vulnerabilities actually matter. What we talk about: Bridging the Security-Engineering Gap: How providing hard evidence of risk through reachability analysis stops the guessing game and builds trust between developers and security teams. Full-Stack Visibility: How Endor Labs maps vulnerabilities across the entire application stack, from first-party code down to open-source dependencies and container layers. Frictionless Developer Workflows: The importance of integrating security directly into IDEs and pull requests to reduce massive ticket backlogs and keep engineering teams moving fast. Securing AI Coding Agents: Tackling the fact that much of AI-generated code is insecure, and how "context engineering" using tools like the Model Context Protocol (MCP) and agent skills can enforce secure coding by default. The Future of AppSec: Using AI for advanced security code reviews to catch business logic flaws, and moving toward a future where security is seamlessly built into the engineering process from the ground up. 00:00 - Introduction 01:54 - How vulnerability data is delivered directly into developer workflows 05:02 - The underlying technology combining AI and static analysis 07:02 - Real-world workflow examples using the Log4j vulnerability 09:53 - Securing legacy containers and managing golden images 17:42 - Applying context and guardrails to autonomous AI coding agents 26:00 - The future of automated security and the evolution of test-driven development 29:27 - Upcoming events and where to find more information about Endor Labs Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at: https://danielmiessler.com/upgrade Follow on X: https://x.com/danielmiessler Follow on LinkedIn: https://www.linkedin.com/in/danielmiessler/