Cloud security startup
Upwind seemingly has been on a sprint this year as it looks to differentiate itself in a highly competitive space that includes a range of big-name players, like
Cisco,
SentinelOne,
Check Point, and
Zscaler.
Helped by
$100 million in Series A funding in December 2024 – which increased to $180 million the total amount raised by the Israeli-founded company – Upwind has rapidly built out its runtime-powered Cloud-Native Application Protection Platform (CNAPP), including a
major upgrade in April, its Serverless Framework – a runtime-first compliance framework – in September, and last month its
Exposure Validation Engine, which tests live cloud environments in real time.
Upwind in April
bought Nyx Security to bolster its application runtime security capabilities, a deal that spawned its
In-Use Functions, which identifies and monitors which software functions are being executed in a live production environment, and its
Cloud Application Detection and Response (CADR) platform, which gives security teams and MSSPs a unified, real-time view of what’s happening in production, not just what might happen.
In July, Upwind brought
Rinki Sethi – and her wealth of experience from prior stints as vice president and CISO for such companies as Bill, Twitter, and Rubrik, and other executive positions with IBM, Palo Alto Networks, and Intuit – on board as
chief security and strategy officer.
This month, Upwind unveiled its Open Source Security Model, which the company says allows security and compliance teams, as well as DevOp,s to modify, recast, accept, and snooze security risks directly within the platform.
'A Defining Year'
“2025 has been a defining year for us,” Upwind co-founder and CEO
Amiram Shachar told MSSP Alert. “We’ve scaled the platform significantly, from the Exposure Validation Engine to CADR and now the Open Source Security Model, all driven by what we’re hearing from enterprise customers. ... All of this reflects a single vision: security should be based on what is happening in real time in runtime, not static assumptions.”
It also reportedly bought some interest from
Datadog, with
reports over the summer that the cloud-based SaaS platform provider was in talks to buy Upwind for $1 billion. It comes at a time when the cybersecurity industry continues to consolidate and cloud security becomes an increasingly important issue, as illustrated by
Google’s planned
$32 billion acquisition of
Wiz, a deal that the U.S. Department of Justice
cleared this month after ending its antitrust investigation.
Shachar declined to talk about the Datadog reports, saying he doesn’t comment on rumors or speculation.
Building for a 'Much Bigger Outcome'
“We’re here to build for a much bigger outcome, and we're excited to innovate in this category and lead the future of cloud security,” said the CEO, who added that Upwind’s customer list includes Bill, Agoda, Peloton, and Fiverr, and that it grew 4,000% year-over-year and now has more than 250 employees around the world. “We’re literally just getting started. As a fast-growing, high-profile company in a competitive space, rumors and noise are inevitable. The momentum speaks for itself.”
The Open Source Security Model is now part of that growth, helping to close a gap between cloud environments that, fueled by AI, automation, and distributed ownership, are evolving faster than centralized security teams can keep pace with. The problem is that most security programs are still built on static controls and slow workflows, Shachar said.
Closing a Gap
“The Open Source Security Model is our response to that gap,” he said. “It brings extreme ownership, transparency, and flexibility into how organizations manage cloud risk. ... Instead of noisy, theoretical findings, everything is backed by runtime evidence and clear, contextual reasoning. The goal is simple: give every team the clarity and autonomy they need to make fast, accountable decisions without losing governance.”
AI plays a key role, correlating signals, reducing noise, and helping teams focus on what’s really exploitable while providing human-readable summaries and context around risk, Shachar added.
“Most tools consolidate data but stop there,” he said. “Our model is built around real runtime evidence and full context. It doesn’t just centralize information; it provides the ‘why,’ the impact, and the recommended path forward. Additionally, it gives teams the freedom and flexibility to modify risk and control it more granularly throughout their organization.”
Delivering for the Channel
The startup also launched the Upwind Partner Program, which provides stronger enablement, more predictable incentives, and deeper technical alignment. There is also training, certification paths, and integrated product support, as well as stronger co-selling that includes tighter collaboration with Upwind’s field teams and full co-selling support with cloud giants
Amazon Web Services (AWS) and
Microsoft Azure.
“The channel is becoming increasingly important for us as we scale,” Shachar said. “Over the past six months, we’ve expanded our global partner ecosystem significantly, with more than 70 new partners across ISVs, MSPs, resellers, and cloud providers. We work closely with hyperscalers like Microsoft Azure and AWS to help customers accelerate secure cloud adoption with a unified runtime-first approach.”
He added that the “partner-first mindset is a core part of how we go to market. ... It extends our reach globally, strengthens customer outcomes, and ensures that partners have everything they need to deliver best-in-class cloud security. We’re investing heavily here because strong partnerships will shape how this market evolves, and we want to lead that shift.”