Challenge
UiPath was operating at a significant scale across multiple cloud environments, making it difficult to secure thousands of deployments without slowing development teams.
Developers were spending too much time managing open-source container vulnerabilities in base images, which was work that distracted from building differentiated features and did not clearly map to enterprise security requirements.
Traditional, list-based security tools produced long vulnerability inventories but failed to show how issues connected across the environment, leaving critical attack paths hard to spot.
Solution
The team adopted Wiz and Echo to reduce vulnerability noise and drive greater focus.
With Wiz, UiPath gained unified, graph-based visibility across its cloud environments, shifting from isolated findings to a clear understanding of risk and real attack paths.
With Echo, UiPath was able to standardize on hardened, automatically patched container images, eliminating the burden on development teams while still meeting enterprise security standards.
Wiz’s vulnerability management capabilities provided a continuous feedback loop, validating Echo’s security improvements across the container portfolio and giving the team clear, measurable proof of reduced risk.
Thousands of multi-cloud
deployments secured
Validated CVE reduction from Echo
measured across the entire container portfolio through Wiz
Significant time savings
for development teams on vulnerability management
Accelerating Human Achievement Through Secure Automation
UiPath’s mission to accelerate human achievement through automation shapes how the company approaches security. The goal is simple: enable teams to move fast without making security a blocker.
For Dan Rediske, Senior Engineering Manager, that means giving developers the ability to make secure decisions at scale across thousands of deployments and multiple cloud environments.
“Our security strategy revolves around empowering our teams to make secure decisions at scale, removing friction from their development processes and enabling our teams to move quickly and efficiently towards secure solutions,” Rediske explained.
At UiPath, security is most effective when it is embedded directly into the development workflow, not layered on afterward.
From Lists to Graphs: Rethinking Cloud Security
In 2021, UiPath reevaluated how it approached cloud security and recognized a disconnect between how security tools surface issues and how real attacks unfold.
Attackers think in graphs and defenders think in lists. The graph visibility that Wiz brings to our cloud security is really interesting and compelling to us.
Dan Rediske, Senior Engineering Manager, UiPath
Wiz gave UiPath a connected view of risk across vulnerabilities, identities, networks, and data, making it easier to understand real attack paths in a complex, multi-cloud environment.
“Securing applications at scale in a multi-cloud environment and enabling teams to move quickly without friction across different contexts with thousands of deployments can be a really interesting challenge,” Rediske said.
This visibility allowed the security team to provide context-aware guidance to each development team. Wiz helped UiPath distinguish between theoretical issues and real risk, so teams could focus on what mattered most, without slowing down innovation.
Closing the Gap: Leveraging Echo for Vulnerability Reduction
Open source containers are foundational to UiPath’s platform, but maintaining and patching base images was draining teams and pulling developers away from building new capabilities. The security team wanted a way to reduce this operational load while still meeting a high bar for security outcomes.
UiPath adopted Echo to standardize on vulnerability-free container base images that are automatically patched and hardened. This allowed developers to start from a more secure baseline without changing how they work.
Echo really worked with us to help evaluate the solution and approach the problem in a way that we were really comfortable with. They met our high bar for low vulnerability outcomes in open-source solutions.
Dan Rediske, Senior Engineering Manager, UiPath
Echo delivered value immediately. With UiPath already using Wiz for container vulnerability management, the team was able to validate Echo’s impact from day one. Wiz continuously scans Echo images alongside the rest of the environment, giving UiPath clear, objective proof that base image container risk eliminated at scale.
Creating a Validated Security Feedback Loop
The true power of UiPath's approach emerged from how Wiz and Echo work together. Wiz serves as UiPath's vulnerability management platform for containers, providing comprehensive visibility across all images. This created something remarkable: a validated feedback loop that empirically proves Echo's value.
"We use Wiz for our vulnerability management of containers, and Echo is one of our providers," Rediske explained. "We have been able to see the effects of our Echo containers as we adopt them."
This visibility proved crucial for demonstrating value and building confidence across development teams. Because Wiz provided a unified view of vulnerabilities across all containers, UiPath's security team could objectively compare outcomes. Echo's images consistently lowered vulnerability counts, validating the investment and encouraging broader adoption.
Using Wiz and Echo together really helps us validate the value we get out of Echo. Wiz allows us to measure the CVEs across our platform, including those that aren't from Echo, and the Echo images measure up
Dan Rediske, Senior Engineering Manager, UiPath
This measurable validation helped overcome a common challenge in security tool adoption: proving ROI. Development teams could see concrete evidence that Echo images cut their vulnerability management burden. Security teams could demonstrate that hardened images didn't compromise their visibility or control. And leadership could track adoption and outcomes across thousands of deployments.
The integration also proved organizationally seamless. "The partnership with Wiz and Echo has been great," Rediske noted. "We've been working closely with Wiz for years and Echo has fit right into our heavily ingrained processes."
Results: Time Back for Innovation
The transformation UiPath achieved through the Wiz-Echo partnership manifests most clearly in how development teams spend their time. By completely eliminating the need to chase vulnerabilities in base container images, Echo freed teams to focus on what makes UiPath's products unique and valuable.
"Echo images absolutely save us time," Rediske confirmed. "Our teams are able to focus on the features and the work that is unique to them and not necessarily as part of the open source images."
This time savings compounds across thousands of deployments and hundreds of development teams, representing a significant shift in how engineering resources are allocated. When security becomes friction-free, it also becomes more consistent. Teams don't need to make trade-offs between moving quickly and securing their applications. The secure path is also the easy path.
For Rediske and the security engineering team, the partnership delivered something equally valuable: confidence. With Wiz providing comprehensive visibility and Echo delivering secure-by-design container images, they could scale security across UiPath's growing infrastructure without scaling headcount. The combination of graph-based visibility and pre-hardened images created a force multiplier.
Perhaps most importantly, the solution aligned with UiPath's fundamental mission. Just as UiPath helps its customers automate away undifferentiated work so humans can focus on what matters, the Wiz-Echo partnership automated away security toil so UiPath's developers could focus on innovation.
"Echo's pre-patched images have been great for our container vulnerability management processes," Rediske concluded.
The path forward is clear: continue expanding adoption of hardened container images across UiPath's thousands of deployments, leveraging Wiz's visibility to measure and validate outcomes, and maintaining the security-without-friction philosophy that enables velocity at scale.
