Secure-by-Design Innovation For The Win!

Last week, we were proud to sponsor the AWS MCP Hackathon, alongside Anthropic, Auth0, Senso, and DuploCloud, and we couldn’t have been more blown away by the results. It was a whirlwind of innovation, showcasing that securing AI agents doesn't have to be complex, time-consuming, or an afterthought. In just 24 hours, these innovators proved that with the right tools and approach, we can build security directly into the foundation of AI systems, making the most sophisticated AI agents secure-by-design so that they can do valuable things that would otherwise be untenable or irresponsible without the right security controls in place.

Here's a glimpse into the remarkable solutions crafted during this event:

‍

🏆 Care Copilot: Overall Event Champion

The team that took the overall top prize solved a problem that every patient has experienced: remembering medication interactions and side effects after leaving the doctor's office. CareCopilot is a conversational assistant powered by a knowledge graph built on top of the FDA’s open-source FAERS database. It lets anyone ask real-world, context-sensitive health questions via voice—and get answers visualized through an intuitive, 3D interactive graph.  This makes complex medical information accessible to anyone, eliminating the need to wait on hold with medical offices or schedule clinic visits for simple questions about drug interactions.

Beyond its incredible utility, security was just as important. CareCopilot leveraged Operant’s AI Gatekeeper's in-line auto-redaction functionality to scrub sensitive data before it ever reached an LLM. This is a game-changer for healthcare AI, as it ensures that privacy is built into the very foundation of the application. That meant CareCopilot was secure by design—private, safe, and aligned with healthcare data best practices from the start.

The judges recognized the immense value in this approach, awarding CareCopilot the overall event top prize. It's a testament to the fact that security doesn't have to be an afterthought; it can be an enabler of truly impactful and trustworthy AI solutions.

"Security doesn't have to be an afterthought; it can be an enabler of truly impactful and trustworthy AI solutions."

‍

🥇 Compliance Thunder – Operant’s First Place Winner

Compliance Thunder automates real-time compliance enforcement by embedding policy rules directly into the pipeline. Powered by Operant’s AI Gatekeeper’s active runtime defense capabilities, the system could detect and block policy violations as they happened, offering zero-friction governance at runtime.

‍

🥈 Sniffy & Jailbreak: Second Place (Tied)

Perhaps the most innovative approach came from Sniffy & Jailbreak, who turned traditional red teaming on its head by creating a comprehensive purple teaming solution. They leveraged Operant's open-source red teaming project: Operant Woodpecker, a flexible and extensible automated AI red teaming solution that simulates real attacks across AI Agents, to generate advanced attack scenarios while simultaneously using AI Gatekeeper to defend their products in real-time. This demonstrated AI Gatekeeper's ability to not only detect but actively defend against sophisticated adversarial AI attacks, including those targeting MCP.

‍

💬 VoiceRoot: Protecting Real-time Conversations

VoiceRoot impressed with a voice-based assistant that leveraged Operant’s AI Gatekeeper to stop sensitive data leakage by protecting user conversations in real-time. This highlights AI Gatekeeper's uniquely versatile ability to secure live, interactive AI systems in the moment, ensuring user privacy and data integrity in dynamic environments, with the potential to secure live chatbot interactions across a range of new use cases, potentially revolutionizing the default privacy of any AI customer service agent in the wild.

‍

🛠️ The Operant Stack Behind the Innovation

‍

What made all this possible? A powerful combination of tools purpose-built for securing agentic AI, Operant's comprehensive 3D security platform, bringing Discovery, Detection, and Defense to the entire Cloud and AI application stack by combining AI Gatekeeper's runtime protection with Woodpecker's advanced red teaming capabilities.

‍Discover, Detect, Defend with AI Gatekeeper:

The hackathon showcased the power of Operant's AI Gatekeeper in addressing critical AI security challenges.

‍Discover AI: AI Gatekeeper provides comprehensive discovery capabilities across AI applications, MCPs, APIs, services, agents, and more. Teams could instantly understand their AI attack surface without spending hours on discovery and mapping.

‍Detect AI: The platform maps runtime threat and risk detections to industry standards like the OWASP LLM and Agentic AI Top 10, plus MITRE Atlas. This gave teams visibility into both runtime and API access layers of agent tools built with MCP, along with expanded coverage for identity and access controls with support for AI NHIs.

‍Defend AI: Most importantly, AI Gatekeeper defends against the full spectrum of AI-specific threats: prompt injection, data privacy violations, rogue agents, and the emerging threat of tool poisoning in MCP pipelines. As seen with Compliance Thunder and Care Copilot, AI Gatekeeper's ability to enforce policies in real-time and automatically redact sensitive data is a game-changer for data privacy and compliance. This prevents data leakage and ensures privacy is baked into the AI pipeline.

‍

Advanced Red Teaming for AI Systems with Woodpecker

Complementing AI Gatekeeper's defensive capabilities, Operant's open-source product Woodpecker provides flexible and extensible red teaming frameworks specifically designed for modern AI environments. Woodpecker helps teams proactively test the security of their AI pipelines by simulating.

• Prompt injection and jailbreak attacks
  
  
• Model theft scenarios
  
  
• Tool poisoning in MCP chains
  
  
• Sensitive data leakage tests

• Output manipulation attacks

• AI guardrail testing

‍

The platform provides compliance coverage across threat vectors for industry standards, including OWASP Top 10 for Kubernetes, APIs, and AI, MITRE ATLAS, and NIST frameworks. It’s a security research engine, compliance validator, and chaos monkey for GenAI—all in one.

‍

Deployment Made Simple: Security Without Complexity

‍

One of the most remarkable aspects of the hackathon was how quickly teams were able to deploy comprehensive security measures with Operant’s AI Gatekeeper and Woodpecker. Operant emphasizes a single-step deployment that allows security and AI engineering teams to gain a new level of active protection for their AI and cloud applications within minutes.

This frictionless, real-time security empowers developers to innovate at a fast pace, knowing that robust security is built into the foundation, rather than being an afterthought. The solutions seamlessly integrate into existing workflows, allowing teams to focus on building groundbreaking AI applications with secure-by-design principles.

‍

‍The Bottom Line: Innovation at the Speed of Security

"The MCP hackathon proved that with solutions like Operant's AI Gatekeeper and Woodpecker, the future of AI innovation looks not just bright, but also inherently secure."

What these four teams accomplished in a day demonstrates that the future of AI security is not just about adding protection to existing systems - it's about reimagining how AI systems are built from the ground up. The future of AI is secure by design, automated by default, and protected at runtime.

Don’t trust tools by default.  Discover, Detect & Defend them at runtime. We invite you to try Operant’s AI Gatekeeper to see for yourself how easy comprehensive security can be for your entire AI application environment, and let’s make red teaming a default, not a privilege.

Sign up for a 7-day free trial to experience the power and simplicity of AI Gatekeeper's 3D AI Security for yourself.

Join the Woodpecker Flight. https://github.com/OperantAI/woodpecker