Upwind Deploys AI Workforce to Revolutionize Cloud Security

SAN FRANCISCO, CA – May 13, 2026 – Upwind, a cloud security firm backed by $430 million in funding, today launched its AI Agentic Pack, introducing what it calls an "agentic security workforce" designed to autonomously investigate, validate, and remediate threats in complex cloud environments. The move signals a significant shift in cybersecurity strategy, moving beyond AI-assisted tools toward a future where specialized AI agents perform the work of digital security analysts.

Founded in 2022 by the successful team behind Spot.io, Upwind is betting that the key to taming modern cloud chaos lies in this new approach. The AI Agentic Pack, built into the company's Cloud & AI Security Platform, aims to address a critical gap in the industry: not a lack of visibility, but the inability for overwhelmed security teams to interpret and act on the deluge of alerts they face daily.

From Alert Fatigue to Agentic Action

For years, security teams have been buried under an avalanche of alerts from a multitude of monitoring tools. The environments they protect—sprawling across multiple clouds, containerized applications, and now, burgeoning AI systems—are more dynamic and complex than ever. This creates a constant state of "alert fatigue," where distinguishing a genuine, exploitable threat from theoretical noise becomes a monumental task.

Gartner predicts that AI applications will drive half of all cybersecurity incident response efforts by 2028, highlighting an industry-wide pivot. “AI is transforming how security teams operate. We are shifting from prioritization to agency and AI-driven security workforces,” said Moshe Hassan, VP Product & Research at Upwind, in the company's announcement.

Upwind's platform is designed to tackle this problem by focusing on what it calls "runtime context." Instead of just analyzing static code or configurations, the system analyzes what is actively running and exposed in a live production environment. This allows security teams to cut through the noise and focus on risks that present a clear and present danger. The goal is to move beyond simple detection and provide a clear path to action, reducing the critical time between identifying a threat and neutralizing it.

Runtime Context: The Ground Truth for Cloud Defense

The core innovation underpinning Upwind’s new offering is its "runtime-first" philosophy. Runtime context involves analyzing the live behavior of cloud services, application interactions, identity activity, and the actual execution of code. This provides a real-time, evidence-based picture of an organization's security posture, fundamentally different from static analysis that only flags potential vulnerabilities in code that may not be active or reachable.

By connecting security findings to this live activity, the platform helps answer the most critical questions for a security analyst: Is this vulnerability actually exploitable in our environment? Is this suspicious activity connected to a critical business application? What is the potential blast radius?

The impact of this approach is already being felt by early adopters. While specific ROI figures for the new AI Agentic Pack are forthcoming, testimonials for Upwind's underlying platform highlight its effectiveness. One customer, the global in-game advertising platform Anzu, reported reducing its vulnerability alerts by over 95% within the first hour of using the platform, allowing its team to focus on the small fraction of risks that were truly meaningful. This shift from chasing thousands of low-priority alerts to remediating a handful of high-impact ones represents a significant return on investment in terms of both time and security posture.

“What stands out with Upwind is its ability to ground AI-driven investigation and response in runtime reality,” noted Aman Sirohi, SVP & CISO at Cyberhaven, in a statement. “The AI Agentic Pack helps our team focus on what is actually exposed, what matters most to the business, and prioritize action with far greater confidence and efficiency.”

Meet the New AI Security Workforce

The AI Agentic Pack is not a single monolithic AI but a team of four specialized agents, each designed for a specific stage of the security lifecycle. This division of labor mimics a human security operations center, with each agent bringing unique skills to the table.

• Choppy – The Context Mapper: This agent acts as the intelligence gatherer. It maps the intricate web of services, dependencies, and relationships across an organization's entire cloud, code, and runtime environment. Its primary role is to provide the foundational context needed to understand how systems are interconnected before an incident even occurs.
• Blue – The Incident Responder: When an alert is triggered, Blue springs into action. It analyzes suspicious activity and runtime signals to reconstruct the chain of events, surface what changed, and support rapid response efforts to contain and mitigate the incident. It functions as a digital first responder, gathering evidence and providing immediate recommendations.
• Red – The Offensive Specialist: Emulating an ethical hacker, the Red agent proactively probes for weaknesses. It identifies potential entry points, maps attack paths, and validates which risks are genuinely exploitable. This autonomous offensive capability helps organizations "prove what's exposed" without needing to staff a full-time red team for every task.
• Green – The Remediation Expert: Once a risk is validated, the Green agent takes over. It translates the findings into actionable remediation steps. This includes conducting root cause analysis, generating code for patches (in the form of pull requests), and providing clear implementation guidance, effectively closing the loop from detection to resolution.

Navigating a Crowded and Competitive Market

Upwind enters the fray with significant momentum, but it faces a highly competitive landscape. The Cloud-Native Application Protection Platform (CNAPP) market is crowded with well-funded giants and agile startups, including Wiz, Orca Security, Lacework, and offerings from established players like Palo Alto Networks and CrowdStrike. These competitors also leverage AI and provide extensive visibility across cloud estates.

However, Upwind's $430 million in funding and a valuation reported at $1.5 billion demonstrate strong investor confidence in its differentiated strategy. The company is betting that its deep focus on runtime intelligence and the move toward a fully agentic workforce will set it apart. While competitors offer broad visibility, Upwind argues that its platform provides deeper, more actionable insights by grounding all analysis in the reality of what's happening in real time. This positions the company not just as another visibility tool, but as an active participant in an organization's defense.

The Promise and Perils of Autonomous Security

The concept of an autonomous AI security workforce holds immense promise for closing the ever-widening gap between attackers and defenders. By automating investigation and response, these systems can operate at machine speed, drastically reducing the time an organization is exposed to a threat. The potential to reduce false positives, free up human analysts for strategic work, and enable a more proactive security posture is a powerful value proposition.

However, the path to fully autonomous security is not without its challenges. Over-reliance on automation carries the risk of misfires, where a system might block legitimate traffic or suspend a valid user account, causing business disruption. The "black box" nature of some AI models can make it difficult to understand their decision-making process, a problem known as opacity. Furthermore, AI systems are only as good as the data they are trained on, and algorithmic bias can lead to blind spots that attackers could exploit.

Industry bodies are working to address these concerns. Frameworks like the NIST AI Risk Management Framework (AI RMF) provide guidance for developing and deploying AI systems that are trustworthy, transparent, and accountable. For solutions like Upwind's AI Agentic Pack to succeed, they must not only be effective but also provide mechanisms for human oversight, explainability, and continuous adaptation to ensure they remain a reliable and secure asset rather than a new source of risk. As these agentic systems become more integrated into critical security workflows, balancing their autonomous power with deliberate human control will be the defining challenge for the next era of cybersecurity.