VendorsEndor Labs
Endor Labs
Cybersecurity reports and statistics published by Endor Labs
8 categories2 reports
Research Reports
Reports and publications from Endor Labs
Recent Statistics & Reports
81% of organizations name OSS malware a top security priority.
5/27/2026•
Open SourceSecurity PrioritiesOrganizational Risk
Only 21% of organizations enforce protections like cooldown periods.
5/27/2026•
Security ControlsOpen SourceCooldown Period
88% of IT professionals across DevOps, Security, and Software Engineering roles say the first few days after a package release are the riskiest.
5/27/2026•
Risk WindowPackage ReleasesOpen Source
Fewer than half of organizations plan to increase budgets for 2026.
5/27/2026•
BudgetingSecurity InvestmentOpen Source
Only 14% of previously compromised npm packages use modern security controls like Trusted Publishing.
5/27/2026•
npmTrusted PublishingPackage Security
In 2025, more than 90% of open source vulnerability (OSV) malware advisories were reported, a 14x increase over the past two years.
5/27/2026•
Malware Advisories
In 2025, 92% of npm account takeovers occur.
5/27/2026•
Open SourceSupply ChainAccount Takeover
The proportion of safe dependency recommendations increased from 20% to 57% when AI agents were equipped with security tools in 2025.
11/9/2025•
AI coding agentAI DevelopmentSoftware Vulnerabilities
Only 20% of dependency versions recommended by AI coding assistants were found to be safe to use in 2025.
11/9/2025•
AI coding agentAI DevelopmentSoftware Vulnerabilities
44-49% of dependencies imported by AI coding agents contained known security vulnerabilities in 2025.
11/9/2025•
AI coding agentAI DevelopmentDependency Management
About 75% of the more than 10,000 Model Context Protocol (MCP) servers were built by individuals without enterprise-grade protections in 2025.
11/9/2025•
MCP EcosystemSoftware DevelopmentSecurity Risks
82% of the more than 10,000 Model Context Protocol (MCP) servers interact with sensitive APIs, creating additional vulnerabilities in 2025.
11/9/2025•
MCP EcosystemSoftware DevelopmentSecurity Risks
40% of the more than 10,000 Model Context Protocol (MCP) servers created in under a year had no license in 2025.
11/9/2025•
MCP EcosystemSoftware DevelopmentSecurity Risks