Upwind Introduces Inside-Out AI Security Within its Unified CNAPP Platform

New AI-native capabilities secure the emerging and dynamic attack surface created as enterprises build complex AI services, models, agents, and data flows across modern cloud environments

Upwind, the next generation runtime-first cloud security leader, today announced the launch of its integrated AI security suite, expanding the company’s CNAPP to protect the rapidly growing enterprise AI attack surface. The suite introduces AI real-time security, AI posture management, AI agents, and runtime protection, allowing AI security to benefit from the same deep cloud context already powering Upwind’s CNAPP, across data security, API security, identity, and cloud detection and response.

“AI security should not be a stand-alone security component,” said Amiram Shachar, Founder and CEO of Upwind. “It should be part of a larger ecosystem. It just makes perfect sense to go down this route and make sure that AI security benefits from all the data and context that our CNAPP already holds.”

AI’s Rapid Adoption and the Missing Security Context

AI innovation has accelerated across enterprises, but core security challenges remain unresolved. Models, agents, inference endpoints, and AI data flows now span multiple services, frameworks, and infrastructures, yet security teams lack a cohesive way to trace AI behavior, validate AI posture, or understand the real impact of AI-driven decisions. This new dynamic attack surface holds risks that traditional security approaches cannot address without shared context and runtime evidence.

Securing this generation of cloud and AI workloads that are ephemeral by nature, requires a different way of thinking. It requires an approach centered on real-time signals, APIs, data in motion, and Layer 7 visibility. This is Upwind’s inside-out approach to cloud security.

Inside-out means observing real traffic, API calls, data flows, and behavior inside the workload as it runs instead of relying on static configs and snapshots. Inside-out security is based on reality, not assumptions.

Upwind’s runtime-first model grounds AI risk in real activity and real signals, giving security teams an accurate, prioritized picture of what is actually happening at the moment that matters most: runtime.

Upwind’s new AI capabilities give organizations visibility into where AI is running, how models and agents behave at runtime, and what sensitive data they interact with, addressing one of the most pressing visibility gaps facing security teams today. By extending its runtime-first architecture directly into the AI layer, Upwind brings AI posture, inventory, runtime behavior tracing, and vulnerability testing into a single, unified platform.

“AI is now driving critical decisions across modern systems, yet most organizations still can’t see what their models and agents are actually doing,” said Amiram Shachar, Founder and CEO of Upwind. “Upwind changes that. Real security starts with real evidence. We brought runtime clarity to cloud workloads, and now we’re doing the same for AI. This gives teams factual, end-to-end visibility into how their AI behaves in the real world, and that clarity is what will define the next generation of secure AI.”

A Runtime-First Approach to AI Security

Upwind introduces a tightly integrated set of AI security capabilities that strengthen how organizations manage and monitor AI across every layer of the stack:

• AI Security Posture Management (AI-SPM): Secures exposed inference endpoints, enforces model versioning and governance, tightens overly broad IAM roles, and detects leaked or exposed AI API keys across cloud and image sources. By correlating posture issues with real runtime activity, it surfaces the AI configuration risks that matter most.

• AI Detection & Response (AI-DR): Monitor agents, MCP and LLM infrastructure for anomalous behavior and jail-break attempts through layer 3, 4 and 7 analysis of process, network activity, and prompts payloads. This means security teams can detect malicious AI behavior in real time and respond based on live, evidence-driven signals.

• AI Bill of Materials (AI-BOM): Maps models, frameworks, SDKs, agent systems, and cloud AI products across source code, cloud inventories, and runtime evidence to form a comprehensive, real-time inventory of AI components. This gives teams a unified understanding of what AI is running, where it lives, and what it depends on.

• AI Network Visibility: Extends Upwind’s network engine to decode AI-native traffic, including JSON-RPC, HTTP/2 streaming, and websockets, while identifying outbound calls to OpenAI, AWS Bedrock, Azure OpenAI, and Vertex AI. It detects shadow or unauthorized AI usage and highlights sensitive data moving through prompts and inference payloads. This provides real-time clarity into how AI systems communicate and what data leaves the environment.

• MCP Security: Traces the full sequence of AI agent actions, from the initial prompt to downstream function calls, file operations, API interactions, and resulting system changes. Organizations gain authoritative, runtime-grounded evidence of what an agent did, why it acted, and what impact it had.

• AI Security Testing: Extends Upwind’s Attack Surface Management engine to validate AI systems against adversarial techniques such as the OWASP Top 10 for LLMs, prompt injection, jailbreaks, unsafe tool bindings, and hallucination-driven data exposure. This ensures AI applications are continuously tested against real-world attack patterns as they evolve.

Together, these capabilities give enterprises a single, integrated approach to managing cloud and AI risk, reducing operational complexity and enabling secure AI innovation at scale. Explore Upwind’s full platform capabilities at www.upwind.io.

About Upwind

Upwind is the next-generation cloud security platform built to lead the Runtime revolution. Headquartered in San Francisco, California, Upwind brings together a unified vision for cloud and application-layer protection, empowering organizations to run faster, detect threats earlier, and secure their environments with unmatched precision. The company was founded by Amiram Shachar and the founding team behind Spot.io (acquired by NetApp for $450 million) and is backed by leading investors including Greylock, Cyberstarts, Leaders Fund, Craft Ventures, Cerca Partners, and Sheva, a venture fund founded by former NBA player Omri Casspi with investment from current NBA star Stephen Curry through Penny Jar Capital. Upwind has raised $180 million since its founding in 2022 and is trusted by forward-thinking enterprises globally to bring real-time runtime intelligence to modern cloud security. For more information or to schedule a demo, visit www.upwind.io.

View source version on businesswire.com: https://www.businesswire.com/news/home/20251201781624/en/