How Panther Labs escaped vendor lock-in and built a platform-agnostic architecture with Windmill
When Airplane.dev shut down, Panther Labs had 30 days to migrate their entire internal operations platform. They chose Windmill for its open-source foundation and platform-agnostic architecture, achieving true portability while maintaining production reliability for mission-critical cybersecurity operations.
About
Panther Labs is a modern cybersecurity SIEM (Security Information and Event Management) platform that helps security teams detect threats at scale. Their platform team manages all internal operations, from customer provisioning and AWS account management to infrastructure deployment and alerting systems. As a cybersecurity company handling sensitive data, they require self-hosted solutions on their own AWS infrastructure with full operational control.
The Problem
When Airplane.dev was acquired and announced it would shut down, Panther Labs had just 30 days to migrate their entire internal operations platform or face operational paralysis. All their core processes would stop working: customer provisioning, AWS account management, deployment pipelines, and alerting.
"We were fully embedded into this platform. Everything was fine. We weren't looking to migrate. They got aqua-killed... we had to migrate to a new platform in 30 days."
— BJ Maldonado, Platform Manager
But this wasn't just about finding a replacement. Having been burned by vendor lock-in once, Panther was determined not to repeat the mistake. They needed a solution that would give them:
- Platform independence - Keep business logic separate from the execution platform
- Developer control - Everything-as-code with proper Git workflows
- Production reliability - For mission-critical internal operations
- True portability - Ability to migrate without rewriting everything
"We got bit once before... determined not to get bit again by the sun setting of a startup platform."
— BJ Maldonado
The Solution
A senior engineer discovered Windmill through a Hacker News article about Airplane migrations. Panther chose it for four critical capabilities:
Open source foundation
Windmill's open source architecture (Apache 2.0 licensed on GitHub) meant Panther could never be locked in again. Even in the worst case, they could fork the codebase and maintain it themselves—something impossible with proprietary platforms like Airplane. The transparency of the codebase also gave them confidence in security and reliability for their cybersecurity operations.
Platform-agnostic architecture
Instead of embedding business logic in the workflow platform, Panther built a separate Python library containing all their core logic. Windmill workflows simply orchestrate by calling functions from this library—acting as an execution layer, not a code repository.
# Business logic lives in a separate library
from panther_platform import customer_onboarding
def main(customer_email: str, aws_account_id: str):
# Windmill just orchestrates
result = customer_onboarding.provision_account(
email=customer_email,
account_id=aws_account_id
)
return result
"We put the bulk of the business logic inside of a third-party library and the platform executors pull down this library. It gives us flexibility to just move our stuff around."
— BJ Maldonado
If they ever need to migrate from Windmill, their business logic stays intact—they only rewrite the thin orchestration layer, not their entire platform.
Developer-first features
Windmill's native support for importing any Python package from PyPI and private repositories made their architecture possible immediately. No limitations, no workarounds—full Python language features with proper dependency management and versioning. Everything-as-code with Git sync gave them proper version control and CI/CD workflows.
At the same time, Windmill's auto-generated UIs and App Builder meant non-technical team members could still use the platform through graphical interfaces, without requiring the platform team to build custom frontends.
Self-hosted deployment
As a cybersecurity company, Panther needed to self-host on their own AWS infrastructure. Windmill's Enterprise Edition deployed cleanly into their existing environment with SSO integration. With direct support from Windmill, they completed the migration within the 30-day deadline.
The Result
Today, 90% of Panther Labs' internal platform runs on Windmill, handling mission-critical operations across their organization:
- Customer lifecycle management: Provisioning, onboarding, configuration, and offboarding workflows
- Infrastructure operations: Deployment pipelines, infrastructure management, and automated scaling
- Monitoring and alerting: 90% of all Slack alerts generated through Windmill workflows
- Self-service operations: Graphical apps for non-technical team members to manage complex configurations
"Windmill ranks among the most stable components of our infrastructure."
— BJ Maldonado, Platform Manager
Windmill has proven rock-solid for Panther's operations. Most importantly, Panther is no longer at risk from vendor decisions. Their business logic is portable, tested, and version-controlled. They've achieved true platform independence while maintaining the developer experience and reliability they need for mission-critical operations.
"This gives us flexibility to just move our stuff around, determined not to get bit again."
— BJ Maldonado
Conclusion
Panther Labs transformed a crisis into an opportunity by building a platform-agnostic architecture on Windmill. By keeping their business logic in a separate Python library and using Windmill as an orchestration layer, they've protected themselves from future vendor lock-in while gaining the production reliability and developer-first capabilities they need to run their internal operations. Today, with 90% of their platform running on Windmill, they've proven that the right architecture choices—combined with the right tooling—can turn a forced migration into a strategic advantage.