Windward Labs

Security Research, Tooling & Assessments

Stay upwind of your adversaries.

Windward Labs is a security research, tooling, and assessments lab. We're building the tools, automation, and processes the modern penetration tester needs - proven on real engagements across web, API, cloud, and internal networks.

Start an engagementSee what we build

Research & Open Source

We're building agentic worklows and tooling for assessments, and open sourcing them.

Automation has always been a key part of effective security testing. Now, there's a unique opportunity to drastically improve that automation with LLMs, agents, and harnesses that make great operators even better.

01

Secure by Design

Assessments naturally involve sensitive data. Our tools are designed to keep sensitive information local to the assessment environment.

02

Expert in the Loop

LLMs make mistakes. For potentially dangerous tasks, we'll always ensure there is a human in the loop to review and approve the action.

03

Open source

Security tooling needs to be flexible and transparent. Open sourcing our work provides both.

04

Practical over Theoretical

Our tools are driven by needs from real engagements, not built in isolation in a lab environment.

Our initial toolkit is in progress. For early access or to collaborate, get in touch.

Engagements

Comprehensive security assessments

While our experience spans across a range of cybersecurity disciplines - technical assessments, security engineering, purple teaming, and training - we're starting off focusing on technical security assessments.

Offensive Security Testing

Penetration testing across web, API, cloud, and internal networks.

  • Web application penetration testing
  • API penetration testing
  • Cloud security assessments (AWS, GCP, Azure)
  • Internal network penetration testing

Application Security

Threat modeling, source code review, and secure architecture guidance.

  • Application security assessments
  • Secure design & threat modeling
  • Source code review

Interested in other engagements like tabletops or bespoke training? We may still be able to help! Reach out.

Get in touch

Let’s talk about your threat model

Tell us what you’re protecting and where you’re worried. We’ll reply within one business day with scoping questions and next steps.

Helpful to include if you can:

  • Systems or assets in scope
  • Timeline and any compliance drivers
  • Whether this is a one-time or ongoing need

Prefer email? engagements@windwardlabs.io

This opens your email client with the details filled in. We only use what you send to respond to your inquiry.