⚙️ Kubernetes-Native Orchestration

DefAgent Workflows

DefAgent leverages Kubernetes-native orchestration to automate and scale complex cyber deception workflows. Designed for dynamic threat environments, it enables real-time response, adaptive decoy deployment, and cross-domain coordination without human intervention.

DefAgent Workflows is a secure, open-source, container-native orchestration engine built for mission-grade, parallel workflow execution on Kubernetes. Developed as a Kubernetes Custom Resource Definition (CRD), it empowers operators to define and deploy complex, containerized Directed Acyclic Graphs (DAGs) to drive autonomous cyber workflows at speed and scale.

Designed with national security in mind, DefAgent Workflows enables automated orchestration of tasks across cyber defense, intelligence, and hybrid operations. It serves as the backbone for autonomous cyber deception, enabling repeatable deployment of decoy infrastructure, adversary engagement routines, and telemetry capture across distributed environments.

Mission-driven use cases

Mission-Driven Use Cases.

Autonomous Cyber Deception Loops

Deploy honeypots, fake credentials, and synthetic data pipelines triggered by threats.

Insider Threat Workflow Automation

Detect anomalies, inject synthetic identities, and redirect decoy assets autonomously.

Red Team / Blue Team Operations

Real-time deployment of engagement environments and analytics pipelines.

Joint C2 / Intel Processing Pipelines

DAG-based orchestration of multi-source telemetry and operational logic.

Key features

Key Features.

  • Kubernetes-Native Orchestration with CRD support
  • Parallel DAG Execution for modular, containerized tasks
  • Secure, Ephemeral Environments ideal for zero-trust operations
  • Toolchain Interoperability with MISP, YARA, STIX/TAXII, and more
  • Open Source and Security-Hardened for operational deployment
  • Flexibility meets autonomous cyber operations.

    DefAgent Workflows brings the flexibility of Kubernetes together with the power of autonomous cyber operations—enabling your teams to orchestrate, deceive, and dominate the modern threat environment.

    Technical details

    Technical Details.

    Preferred Infrastructure

    • AWS GovCloud (US): FedRAMP High, DoD IL5/6 compliant environment

    Supported Infrastructure

    • Microsoft Azure Government Cloud
    • On-Premises (Air-Gapped / SCIF-Compliant)
    • Edge Infrastructure (JADC2, SIGINT, SOF deployments)

    Infrastructure at a glance

    Primary platformAWS GovCloud
    FedRAMP statusHigh
    DoD Impact LevelIL5 / IL6
    Deployment modesCloud · On-Prem · Edge
    Air-gap supportSCIF-Compliant
    Security & compliance

    Security & Compliance.

    Control Area Status / Notes
    CVE Report✅ Available Regularly maintained and published
    SBOM (Software Bill of Materials)✅ Available SPDX or CycloneDX format
    FIPS-Compliant Image⚠️ In Progress Future release based on demand
    3rd-Party Certification⚠️ Under review NIST 800-53, DoD RMF alignment
    DISA STIG Hardening⚠️ Not STIGed Baseline compatibility for hardening
    Privileges RequiredMinimal RBAC enforced, least privilege model

    Orchestrate, deceive, and dominate the threat environment.

    Talk to our team about deploying DefAgent Workflows on AWS GovCloud, on-prem, or at the edge.