Rethinking AppSec UX:
Endor Labs Agentic Chat

Transforming Endor Labs’ user experience from dashboards and filters to intelligent, conversational workflows

TLDR

In 2025, I led the design transformation of Endor Labs’ security workflow from dashboard-driven navigation to an agentic, action-oriented conversational system.

Rather than layering chat on top of existing UI, we re-architected how AppSec engineers discover, triage, and remediate vulnerabilities: shifting from manual filtering to AI-driven execution.

My Role

As the Principal Product Designer for this initiative, my contributions included:

  • Defined the Agentic UX interaction model

  • Partnered with CTO and AI engineering to design action orchestration flows

  • Led qualitative research with enterprise AppSec teams

  • Designed trust calibration and confirmation patterns for AI execution

  • Shaped 0→1 product direction for conversational security workflows

The Problem: Triage is Navigation-Heavy

Enterprise security platforms are powerful but complex. AppSec engineers often spend valuable time navigating dashboards, configuring filters, and translating vulnerability data into actions. Traditional triage flow looked like this:

Through research, we identified a fundamental friction:

  • High cognitive load

  • Frequent context switching

  • Manual repetition

The Research: Understanding How Users Triage

We conducted qualitative studies with AppSec engineers and security leaders to understand:

  • How they prioritize findings

  • When they trust automation

  • What slows them down during triage

  • What actions they repeat frequently

  • Conversational interfaces vs. traditional UI navigation

Key Insights

  • Delegation Threshold

    Users were willing to delegate repeatable actions (dismissals, policy enforcement), but required contextual transparency before execution.

    → Design implication: AI must show reasoning before acting.

  • Not Just Summary

    Users rejected summary-only AI. Without switching contexts, they wanted to:

    • Create PRs
    • Generate Jira tickets
    • Apply patches
    • Compare scans

    → Design implication: Chat becomes an execution surface.

  • Adaptive Memory Builds Trust

    Users expected the system to learn:

    • Risk tolerance
    • Policy preferences
    • Past decisions

    → Design implication: Persistent contextual memory.

The Solution:
Simplified Triage Workflow

Agentic Chat supports triage through reduced steps:

Traditional Triage needs 8-10 navigational steps.

Agentic Triage reduced to 3-6 contextual steps

~40% reduction in triage time

  • Surface What Matters

    Users begin triage by understanding scope and change. Instead of configuring filters manually, the chat:

    • Retrieves relevant scan context
    • Highlights deltas
    • Surfaces severity and dependency depth

  • Assess Risk & Impact

    After identifying findings, the chat supports decision-making by:

    • Explaining impact inline
    • Surfacing related vulnerabilities
    • Showing policy conflicts
    • Providing reasoning for recommendations

  • Take Action Without Leaving Context

    Triage completes with action all directly from the conversation. Agentic Chat enables:

    • Creating Jira tickets
    • Opening pull requests
    • Applying patches
    • Dismissing findings with justification

Design Decisions

  • Context-Aware Conversation

    Chat dynamically adapts based on where the user is: Projects, Findings, or Scan History, and offers tailored prompts and responses.

  • Endor Vulnerability Database Integration

    Users can instantly access deep context on vulnerabilities: impacts, related issues, and recommended fixes, without leaving the chat.

  • Compare Scans Instantly

    Chat highlights differences between scans, helping teams track remediation progress and identify new risks faster.

Design Trade Offs

  • Sidebar vs. Full-Screen Takeover

    We chose a contextual sidebar instead of replacing the primary interface in order to:

    • Preserved existing workflows for cautious users
    • Enabled gradual adoption
    • Reduced disruption in enterprise environments

  • Context-Aware Prompts vs. Global Assistant

    Rather than a generic assistant, prompts adapt to project, finding, or scan context. This reduced ambiguity and improved relevance.

Impact

Agentic Chat transformed triage from navigation-heavy analysis to action-oriented execution. Early impact included:

  • ↓ ~40% reduction in average triage time

  • ↓ 30–50% fewer navigation steps per session

  • 65%+ pilot adoption with repeat triage usage

  • 50%+ increase in direct remediation actions from chat

Long-Term Vision

Agentic Chat established the foundation for:

  • Multi-agent remediation workflows

  • Cross-repo vulnerability campaigns

  • Adaptive learning based on user patterns

This initiative moved Endor Labs toward an action-oriented security platform.

Reflection

Three lessons shaped the direction of this work:

  • Automation is accepted when reasoning is visible.

  • Engineers value control over speed in high-impact workflows.

  • Reducing navigation can matter more than increasing features.

Over time, the goal became less about conversational UI and more about decision support. This project laid the foundation for a more execution-oriented security platform.

Next

Platform & Systems: A 3-Year Product Vision