A Fortune 500 security company powers agentic vulnerability testing with Restate

A team inside a Fortune 500 cybersecurity company uses Restate as the durable orchestration layer behind an agentic security testing product. The product analyzes, then attacks, its customers’ AI-enabled applications. Attacks are wide ranging - from violating content guardrails to triggering destructive actions or gaining unauthorized network or machine access.

From the solutions out there, we felt Restate was the one that would be most familiar to our team of application developers.

-- Distinguished Engineer, Fortune 500 security company

Before Restate: Architecture & Challenges

As the product matured, the attacker’s capabilities increased in breadth and depth. The team started out tracking attack progress with multiple queues and database records, but they were outgrowing that architecture. Given the complexity of future use cases, they knew they wanted durable execution.

Three characteristics of the work pushed durability to the top of the requirements list:

• Very long-running inference calls. The analysis stage uses extremely large context windows containing long conversation histories. With those context sizes, individual model calls can take minutes before the first output token, and losing one to a transient failure is expensive work to redo.
• Heavy parallelization and multi-agent coordination. Both the analysis and the attacking side fan their work out to parallel task and agents, managed by a coordinator.
• Observability and retries. Attacks have complex failure modes - a successful attack might cause future attacks to fail. Reasoning about what happened prior to a failure is critical. The orchestration layer has to be able to retry failures over long periods of time - potentially hours.

Why Restate?

The team evaluated the durable-execution landscape and picked Restate for two reasons that mattered most for their use case:

• Familiar to application developers. The team are application developers, not distributed systems engineers. Restate's programming model felt more intuitive, reducing the onboarding time for the team and improving the developer experience.
• Easy to operate. Restate Server runs as a single binary that the team can host entirely inside their own infrastructure. It was easy to setup, scale, and operate. Sensitive data about customers’ vulnerabilities never leaves their infrastructure.

Together those two properties meant the team could keep the product's tight trust boundary intact and move quickly inside it.

The Results

The team built directly on Restate's SDK rather than adopting an agent framework on top, because the use case is bespoke enough that a higher-level framework wasn't the right fit. Restate now serves as the orchestration spine for both halves of the product — the analysis pipeline and the agentic attacker — running entirely inside the team's own infrastructure.

• Durable Execution: Long-running inference calls and the agent loops around them are made durable on Restate, so partial progress survives failures instead of being thrown away. It’s easy to analyze failures, and steps can be retried for hours.
• Workflows: The fan-out / aggregate pattern used by both the analysis and the agentic attacker maps directly onto Restate's workflow primitives — a coordinator spawns sub-work, results are gathered, and aggregate analysis runs on top.
• Self-hosted deployment: Restate Server runs inside the team's own infrastructure, keeping the product's strict confidentiality boundary intact.