SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States
International Women’s Day
391 opinions Read now

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Transparent container with cubes and magnifying glass security scan
#
Virtualisation
#
Cloud Security
#
Application Security

Endor Labs buys Autonomous Plane for container security

Thu, 12th Feb 2026
Author image
By Catherine Knowles, News Editor

Endor Labs has acquired cloud-native application security firm Autonomous Plane, expanding its platform into container image analysis and broader reachability assessment across application stacks.

Autonomous Plane was founded by Kyle Quest, creator of DockerSlim. Quest will join Endor Labs as part of the deal.

Endor Labs describes the acquisition as a step toward "full-stack reachability," linking findings from software composition analysis with container image vulnerabilities. The approach combines source code analysis with static and dynamic techniques applied to containers.

From code to container

Reachability analysis aims to distinguish between vulnerable components present in a software supply chain and those that can be reached during execution. Endor Labs has focused on function-level reachability in software composition analysis, checking whether vulnerable open-source functions are invoked by an application.

With Autonomous Plane's technology, Endor Labs plans to extend the same concept to container images. Its method pairs static dependency analysis with runtime profiling to show which packages and operating system components in an image are reachable in running applications.

Container image security tools commonly scan images as inventories, reporting known vulnerabilities based on the presence of packages and libraries-whether or not the application uses them. Security teams then decide what to address first. This can generate large volumes of alerts, especially for teams using large base images that include broad sets of general-purpose libraries.

Endor Labs argues that reachability analysis changes prioritisation by adding evidence from how software actually runs, reducing false positives produced by traditional scanners.

"Container scanning has been stuck in inventory mode, telling teams what's installed rather than what matters," said Varun Badhwar, CEO and co-founder of Endor Labs.

"Security tools have to evolve beyond scanning components in isolation. With this acquisition and the launch of full-stack reachability, we're delivering evidence-based visibility across the entire stack so teams can focus on real risk, reduce operational noise, and make compliance achievable," Badhwar said.

AI-generated software

The acquisition comes as security teams face growing complexity in software supply chains. Endor Labs ties the move to increased use of AI coding tools that generate code and influence dependency choices and build outputs, including container images produced in automated pipelines.

Modern applications often combine application code, open-source libraries, language runtimes, and operating system components within containers. This structure challenges security tools that evaluate artefacts in isolation at a single point in time. Endor Labs says "full-stack reachability" maps relationships across these layers.

Quest has worked on container tooling through DockerSlim, a utility associated with reducing container image size. Endor Labs says the acquisition adds expertise in runtime profiling and container analysis to its existing programme analysis work.

Compliance pressure

Regulated industries face strict remediation timelines and audit expectations for known vulnerabilities. Requirements can include fixing high-severity findings within set periods, even when a vulnerability appears in code that does not run in production.

Container bloat can amplify the problem. Base images may include hundreds of packages that applications never load, yet inventory-style scanners flag vulnerabilities across the entire image. Teams then spend time investigating findings that may not be relevant, while other issues compete for attention.

Quest said the new approach uses signals from the application layer rather than treating the container as a flat list of components.

"Traditional container scanners report every CVE in an image, forcing teams to sift through hundreds of findings manually," Quest said. "Full-stack reachability uses information from the application layer to understand which container image packages are loaded, identifying which packages and vulnerabilities are reachable in running applications. For regulated industries, this evidence-based approach ensures teams can focus on real risk without getting lost in noise."

Product availability

Endor Labs says full-stack reachability for container images is available immediately to customers as part of its application security platform. Financial terms were not disclosed.

The expanded product evaluates software composition analysis findings alongside container image vulnerabilities, instead of treating them as separate workflows.

Related stories
Bitdefender unmasks global Meta investment scam ads
Radware's Alteon Protect brings cloud-scale ADC security
SailPoint adds AI agent tools to identity security
Claroty named Gartner Leader again for CPS protection
Why the next endpoint and SASE disruption will not come from a security vendor

Top stories

Nvidia survey shows AI driving revenue, cuts & spend
Datadog launches MCP Server to link AI with telemetry
AvePoint launches AgentPulse to govern cloud AI agents
Microsoft unveils 365 E7 suite & Agent 365 for AI control
iProov unveils biometric suite to combat deepfake fraud