Operant Launches Woodpecker: Open-Source Automated Red Teaming Engine for Kubernetes, APIs, and AI

Democratizes security testing and puts the power of proactive red teaming directly into the hands of developers to rigorously test and secure their environments against emerging threats before they materialize

SAN FRANCISCO, May 21, 2025 (GLOBE NEWSWIRE) -- Operant AI, the world's only Runtime AI Defense Platform, today announced Woodpecker, an open-source, automated red teaming engine, that will make advanced security testing accessible to organizations of all sizes. Woodpecker is designed to help organizations proactively detect and address security vulnerabilities across AI systems, Kubernetes environments, and APIs.

As organizations increasingly adopt complex cloud-native applications and AI technologies, security vulnerabilities have become more sophisticated and challenging to detect. In fact, according to the IBM X-Force Threat Intelligence Index 2025, AI-related vulnerabilities have become a critical concern for security teams, driven by the rapid adoption of Large Language Models (LLMs) and automated agents across enterprise environments. As a result, red teaming, a security practice where ethical hackers simulate real-world cyberattacks to test a system's defenses and uncover vulnerabilities before malicious actors can exploit them, has now become increasingly vital for organizations of all sizes, especially as modern infrastructure grows more complex with the rise of cloud-native applications and AI technologies.

With the launch of Woodpecker, Operant is democratizing advanced security testing, making it accessible to every organization, regardless of their size or expertise. Woodpecker already simulates >50% of OWASP top 10 threats across APIs, Kubernetes, and LLMs, exceeding the threat simulation scope of leading commercial red teaming products. Woodpecker enables security teams, developers, and DevOps professionals to proactively identify vulnerabilities and build more resilient applications, without the cost and complexity of traditional solutions.

“Security vulnerabilities don't discriminate based on an organization's size or resources, we believe red teaming should not be a privilege for a few, it should be a foundational practice for all,” said Vrajesh Bhavsar, CEO and co-founder of Operant AI. "With Woodpecker, we're leveling the playing field by providing enterprise-grade red teaming capabilities in an open-source solution that any organization can deploy. Security testing at this depth should be a universal right, not a privilege reserved for those with the largest security budgets."

Threats such as prompt injection, data poisoning, and model leakage continue to rise, yet only 24% of generative AI projects are currently secured, according to the IBM report. Woodpecker is purpose-built to address these modern threats targeting AI applications, cloud APIs, and Kubernetes environments and is designed to mimic how real attackers operate across multiple layers of infrastructure.

“Secure AI applications like Cohere’s North demand rigorous testing across complex components. Woodpecker simplifies this with open-source red teaming, enabling early vulnerability detection and encouraging secure AI adoption,” said Prutha Parikh, Head of Security at Cohere and board member at the Coalition for Secure AI.

Woodpecker provides automated red teaming capabilities across three critical domains:

1. Kubernetes Security: Identifies misconfigurations, privilege escalations, and vulnerable deployment patterns within container orchestration environments.
2. API Security: Simulate various attack scenarios to uncover vulnerabilities in API endpoints, authentication mechanisms, and data handling processes.
3. AI Security: Tests machine learning models and AI systems for prompt injection, data poisoning, and other emerging AI-specific attack vectors.
   

“As AI agents arrive, limiting red-teaming to testing just AI components is no longer enough,” asserted Dr. Priyanka Tembey, co-founder and CTO of Operant AI. “What is needed is testing across the runtime, API and AI layers as all of the attack paths within these more traditional domains of an organization's application stack have now suddenly opened to third party AI and the supply chain risks they bring. This makes Woodpecker the only open-source comprehensive red teaming solution for the AI agents age.”

Key features of Woodpecker include:

• Red Teaming Across Kubernetes, APIs, and AI Workflows
  • Provides flexible and extensible red teaming frameworks for K8s, APIs, and AI models/agents.
  • Enables multi-layer threat simulation across runtime, APIs, and LLM integrations.
• Automated LLM Red Teaming
  • Covers prompt injection, jailbreaks, model theft, sensitive data leakage and more.
  • Detects vulnerabilities by testing malicious prompts originating from both adversarial and typical users.
  • Tests for output manipulation and AI guardrails.
• Compliance Mapping for Regulatory Frameworks
  • Covers across threat vectors for OWASP top 10 for K8s, API and AI, MITRE ATLAS and NIST.
• Open-Source and Free
  • Delivers the benefit of a powerful red teaming tool without licensing fees, fostering widespread adoption.
• Easy Integration
  • Integrates seamlessly into existing security workflows and CI/CD pipelines allowing continuous testing at the pace of AI development.
    

Operant's Woodpecker is now available as an open-source project on https://github.com/OperantAI/woodpecker. Operant invites security engineers, developers, and the open-source community to explore, contribute, and help advance the future of proactive cybersecurity. As part of the launch, Operant will also host hackathons and developer engagement programs in the U.S. and India. For more information on Woodpecker visit https://www.operant.ai/solutions/woodpecker-red-teaming.

About Operant AI
Operant AI, the world’s only Runtime AI Application Defense Platform, actively protects every layer of live cloud and AI applications from infra to APIs. Unlike most cybersecurity tooling that is limited to single-layer visibility and lacks the ability to actually block attacks, Operant’s 3D Runtime Defense Platform discovers, detects, and defends >80% of the OWASP Top 10 most critical attacks across APIs, Cloud and LLMs. Within minutes of Operant’s single-step deployment, security and AI engineering teams gain a completely new level of active protection for their AI and Cloud applications, workloads, models, APIs, and Agents, bringing frictionless real-time security to dev, sec, and ops so that companies can deploy products and AI faster without security holding them back.

Operant AI is a Series A company funded by Silicon Valley Venture Capital firm Felicis and Washington DC venture capital firm SineWave. It is headquartered in San Francisco, California, and was founded by Vrajesh Bhavsar, Dr. Priyanka Tembey, and Ashley Roof, industry experts from Apple, VMWare and Google (respectively). Operant AI was recently named as a representative vendor in Gartner’s Market Guide for AI Trust, Risk, and Security Management (AI TRiSM).

Media Contact:
Erica Anderson
[email protected]