Resilient Cyber

Resilient Cyber

Playback speed
×
Share post
Share post at current time
0:00
/
0:00
Transcript

Resilient Cyber w/ Henrik & Amod - 2025 State of Dependency Management

Chris Hughes's avatar
Chris Hughes
Nov 15, 2025

In this episode of Resilient Cyber, I sit down with Endor Labs Head of Security Research (Henrik Plate) and VP, Product and Design (Amod Gupta) to discuss their recent publication, the 2025 State of Dependency Management.

I previously did a deep dive into the report and key findings titled “Software Dependency Dilemmas in the AI Era”.

Thanks for reading the Resilient Cyber Newsletter! Subscribe for FREE and join 40,000+ readers to receive weekly updates with the latest news across AppSec, Leadership, AI, Supply Chain, and more for Cybersecurity.

We unpacked the AppSec landscape in 2025, including the continued rise and adoption of AI coding assistants, AI-generated code, and the Model Context Protocol (MCP). This includes the benefits and opportunities, as well as the risks and potential pitfalls of AI’s intersection with Application Security (AppSec).

We dove into all aspects of AppSec, AI, and MCP, including key takeaways from Endor Labs’ 2025 State of Dependency Management Report. Some of the key topics included:

  • The report opens discussing the overall impact and transformation that AI and LLMs are having on development, but also the security implications, such as AI-generated code being vulnerable 25-75% of the time. This is well-known in research and academia, but you all note that AI coding tools tend to struggle with authentication and authorization. I found this concerning, given the credential compromise, and risks such as broken access control are persistent attack vectors. What do you think this means for the future of AppSec?

  • Findings in the report related to exponential increases in issues related to privilege escalation paths and architectural design flaws in AI code. These aren’t as easily identified with traditional scanners due to a lack of CVEs and identifiers, and what teams can do to protect against these risks.

  • The proactive and reactive mitigations that teams can use to AI code

  • Key findings from their report related to the pervasiveness of MCP, including how it is a double-edged sword that can natively integrate security into agentic coding workflows but also expose them to additional risks as well.

  • The challenges around package hallucinations, how to mitigate them through tool use, and risks to be familiar with.

  • The capabilities Endor Labs is developing to enable organizations to leverage AI coding securely at scale.

Discussion about this video

User's avatar
© 2025 Chris Hughes
PrivacyTermsCollection notice
Start your SubstackGet the app
Substack is the home for great culture