Oracle Red Bull Racing Team Revs Up Automation to Boost Security

IDENTITY & ACCESS MANAGEMENT SECURITY CYBERSECURITY OPERATIONS CASE STUDIES News, news analysis, and commentary on the latest trends in cybersecurity technology. Oracle Red Bull Racing Team Revs Up Automation to Boost Security While drivers race to shave off seconds on the track, the team's IT and engineering staff are speeding up how they deliver security. Arielle Waldman,Features Writer,Dark Reading April 30, 2026 5 Min Read SOURCE: 1PASSWORD Another frantic call at 3 a.m.: The Oracle Red Bull Racing Formula One team discovered an issue in the wind tunnel testing its cars. It's up to Ian Brunton, head of software engineering for aerodynamics, to troubleshoot the problem. Even when he has shaken off his early-morning haze, the investigation could easily take an hour. But when it comes to racing, every second counts.  Many security-related considerations go into managing an F1 team. The tools, methods, and infrastructure that engineers use to design the cars require heavy investments, and the team needs to secure information from leaking to competitors. And as they're moving fast on and off the racetrack, teams also need to ensure they don't wind up with breaches, malware, or other various threats. System credentials and identities must be protected.  "Cyber is critical in F1," says Matt Cadieux, chief information officer at Red Bull Racing. "It's an engineering competition as well as a driver's competition. There's a lot of investment, and we need to protect our secrets and business continuity where we face the same threats that other companies do." Related:Microsoft Proposes Better Identity, Guardrails for AI Agents Maintaining speed and efficiency securely while managing 2,000 people and thousands of servers and clusters — some on-premises and some in the cloud — present challenges. A broad set of applications and well over 100 service accounts compounds the complexity. Over the past year, Oracle Red Bull Racing implemented 1Password tools for automation, credential access, governed access, and software-as-a-service (SaaS) management with two goals in mind: to enhance speed and security. Despite some learning curves, Cadieux and Brunton agree that the added automation accelerated processes that spilled over to car improvements as well.  Satisfying 100 Perfectionists F1 is all about speed, but it's not restricted to amping up the car; it's the speed of business activities, too. Users need to be productive and spend their brain power on how to make a faster car, instead of dealing with inefficient tools or downtime, Cadieux tells Dark Reading.  "Rather than people being frustrated, saying IT is rubbish, which people occasionally do, we're trying to minimize that and pull all their brain power and energy into thinking about the car and underlying infrastructure issues," he says.  While it's easy to cut corners and deploy a system without authentication, it will "bite you" every single time, Brunton warns. Strong authentication allows users to design a car versus having to report a problem.  Related:Delinea's StrongDM Acquisition Highlights the Changing Role of PAM "It affects people in my team, too," he says. "It becomes a cycle of problems."  People in the company grow impatient and will be very vocal if they see something that is less than optimal, unreliable, or too manual, Cadieux says.   "It's good to work at a place with a few hundred perfectionists or demanding users where tolerance for mediocrity is not very high," he says.  The 1Password partnership kicked off in February 2025 in a phased rollout that came with some small implementation challenges. While the system is officially in use, the team is still evolving prototypes and engaging in continuous improvements, Cadieux explains.  Understanding the API was the biggest hurdle from the engineering-aerodynamics side and required experimentation. They learned reconciliation — changing secrets within the system — and how long that takes to go through and update, Brunton says.   The service desk, infrastructure, and high-performance computing side also uses 1Password as a central repository. The biggest learning curve was that 1Password had to gain a business understanding before they learned to configure and use the tools so it could work for an F1 company. Cadieux worked with the consultant team that provided support and structure.  Related:SpecterOps Launches BloodHound Scentry to Accelerate the Practice of Identity Attack Path Management Fewer Wake-up Calls New automation and centralized credential access allows the teams to work faster, and the new tools helped modernize the early design stage for cars, Brunton says.  Cadieux and his team try to allow people to have some freedom in cloud-based services, but not free rein that could potentially introduce more risks. That's where the SaaS manager came in handy to monitor and understand user behavior regarding passwords and access controls, providing a visibility that they didn't previously have, Cadieux says.  Improving password hygiene is one area where the team saw benefits, enforcing positive behavior. Password managers help users efficiently avoid shortcuts that would compromise security, such as storing passwords in plaintext, that could allow attackers to steal credentials.  "It sounds simple, but it's actually really important when you have a few thousand people and when you're doing a lot of diverse things," Cadieux says.  Credential access is the main area where Brunton and his team interact with 1Password. Implementing a central place to store credentials is crucial because they have more than 100 entries in just one vault for one sub team. Again, it's all about speed, and one central place means they can access details quickly.  "We can control who sees which vault, which is quite useful," Brunton says, adding that they work on the principle of least privilege, so no user is granted too much access.  The team also strives to save as much time as they can when it comes to the wind tunnels, which are highly regulated; they are allotted 384 hours annually to run tests. The time constraint introduces a lot of pressure because they must use that budget carefully, and any system downtime becomes a massive problem very quickly, explains Brunton. Investigations mean scanning 20 services, 15 or 16 that are spread over two or three sites, as well as different Kubernetes clusters.  Wind tunnel recovery time reduced from one hour to two minutes under the new partnership. Having credentials in one place to log into different systems or connect to APIs quickly is a big benefit when trying to investigate a problem that is not clearly identified, Brunton says. "We were able to automate a reset of the system," he says.  A single-click reset button tears down and reestablishes the entire workflow, he explains. They can recover quicker, which means Brunton receives far fewer calls at 3 a.m.   Don't miss the latest Dark Reading Confidential podcast, NSA Chief During Snowden Affair Shares Regrets, Reflections 13 Years Later, for a candid conversation with Chris Inglis, head civilian in charge of the NSA during the Edward Snowden affair. Inglis reflects what the NSA should have done better, what he wants CISOs to know about protecting against their own insider threats, and what his reaction would be if Snowden received a pardon. Listen now! Read more about: CISO Corner About the Author Arielle Waldman Features Writer, Dark Reading Arielle spent the last decade working as a reporter, transitioning from human interest stories to covering all things cybersecurity related in 2020. Now, as a features writer for Dark Reading, she delves into the security problems enterprises face daily, hoping to provide context and actionable steps. She looks for stories that go past the initial news to understand where the industry is going. She previously lived in Florida where she wrote for the Tampa Bay Times before returning to Boston where her cybersecurity career took off at SearchSecurity. When she's not writing about cybersecurity, she pursues personal projects that include a mystery novel and poetry collection.     Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports How Enterprises Are Developing Secure Applications How Enterprises Are Harnessing Emerging Technologies in Cybersecurity Ditch the Data Center: Understanding Flexible Cloud Infrastructure Security Management 2025 State of Malware Sysdig 2025 Cloud-Native Security and Usage Report Access More Research Webinars How Well Can You See What's in Your Cloud? Implementing CTEM: Beyond Vulnerability Management Defending Against AI-Powered Attacks: The Evolution of Adversarial Machine Learning Zero Trust Architecture for Cloud environments: Implementation Roadmap Tips for Managing Cloud Security in a Hybrid Environment? More Webinars You May Also Like IDENTITY & ACCESS MANAGEMENT SECURITY Delinea's StrongDM Deal Sign of How PAM Has Changed by Jeffrey Schwartz MAR 12, 2026 IDENTITY & ACCESS MANAGEMENT SECURITY Orgs Move to SSO, Passkeys to Solve Bad Password Habits by Nate Nelson, Contributing Writer NOV 13, 2025 IDENTITY & ACCESS MANAGEMENT SECURITY 1Password Addresses Critical AI Browser Agent Security Gap by Arielle Waldman OCT 10, 2025 IDENTITY & ACCESS MANAGEMENT SECURITY NIST Digital Identity Guidelines Evolve With Threat Landscape by Arielle Waldman AUG 14, 2025 Latest Articles in DR Technology VULNERABILITIES & THREATS Bad Memories Still Haunt AI Agents APR 23, 2026 ENDPOINT SECURITY Two-Factor Authentication Breaks Free From the Desktop APR 16, 2026 ENDPOINT SECURITY Microsoft's Original Windows Secure Boot Certificate Is Expiring APR 16, 2026 APPLICATION SECURITY OWASP GenAI Security Project Gets Update, New Tools Matrix APR 6, 2026 Read More DR Technology Want more Dark Reading stories in your Google search results? BLACK HAT ASIA | MARINA BAY SANDS, SINGAPORE Experience cutting-edge cybersecurity insights in this four-day event. Use code DARKREADING for a Free Business Pass or $200 off a Briefings Pass. GET YOUR PASS