Upwind Targets Asia's Cloud Risk with Major Security Expansion

SAN FRANCISCO, CA – March 02, 2026 – As enterprises across the Asia-Pacific and Japan (APJ) region grapple with a new era of real-time cloud and AI-driven security risks, runtime security leader Upwind today announced a significant expansion of its operations, with a particular focus on India. The company has more than tripled its APJ workforce in the last three months and doubled its global customer base year-over-year, signaling intense demand for its advanced cloud security platform.

This strategic push includes the deployment of new in-region SaaS instances in India, Australia, Singapore, and Japan to meet strict data residency and regulatory requirements. Building on its existing offices in Mumbai, Bangalore, and Pune, the expansion reflects a direct response to the escalating threats facing one of the world's fastest-growing digital economies. Founded in 2022 by the team behind Spot.io, the San Francisco-based firm has raised $430 million to pioneer what it calls a 'runtime-first' approach to securing complex cloud environments.

A Region at a Digital Crossroads

The rapid acceleration of cloud adoption and digital transformation across APJ has created unprecedented opportunities, but it has also opened a Pandora's box of security vulnerabilities. The statistics paint a grim picture: in India, a staggering 85% of organizations reported a cloud security incident in the past year, with the average cost of a breach soaring past ₹220 million. The situation is similarly dire elsewhere in the region. Singapore has seen 70% of its organizations report at least one breach, with costs averaging SGD $16 million. In Australia, over 75% of businesses have faced malicious cloud activity, contributing to an estimated AUD $86 billion economic impact from cyber incidents and related outages.

This surge in attacks is compounded by the growing complexity of hybrid and multi-cloud architectures and an increasingly stringent regulatory landscape. Frameworks like India's Digital Personal Data Protection Act (DPDA), Singapore's Personal Data Protection Act (PDPA), and guidelines from the Monetary Authority of Singapore (MAS) are forcing organizations to rethink their security posture. The risk is no longer a theoretical line item in a report; it is an immediate operational threat with direct consequences for business resilience, revenue, and customer trust.

“Across APJ, cloud and AI are accelerating faster than most security models were built for,” said Amiram Shachar, Co-founder and CEO of Upwind, in a statement. “Environments are dynamic and distributed by default, attackers operate in real time, and teams are overwhelmed by alerts without clear context on what actually matters.”

The 'Runtime-First' Paradigm Shift

To combat these modern threats, Upwind champions a 'runtime-first' security model. This approach moves beyond traditional security strategies that focus primarily on pre-deployment scanning ('shift-left') or static configuration checks. Instead, it provides deep, continuous visibility into what is actively running, reachable, and exploitable within a live cloud environment. By leveraging technologies like Extended Berkeley Packet Filter (eBPF), the platform can deploy lightweight sensors that provide real-time intelligence without the performance overhead of older agent-based solutions.

This inside-out view helps security teams cut through the noise of excessive, low-priority alerts—a common ailment that leads to 'alert fatigue' and slows down response times. By correlating runtime data with build-time information, the platform prioritizes vulnerabilities that pose a genuine, active threat to the business. This shift is critical as AI and machine learning workloads, which are inherently dynamic, become more prevalent.

“As someone who has seen APJ’s cloud evolution from both the boardroom and the front lines of security leadership, the shift is undeniable: cloud risk is no longer theoretical. It is operational, immediate, and directly tied to business resilience,” noted Rinki Sethi, Chief Security & Strategy Officer at Upwind. Sethi emphasized that security leaders are now accountable for regulatory confidence and operational continuity, requiring decisions “grounded in what is actually happening in production environments.”

This value proposition is resonating with regional leaders. “As our cloud and Kubernetes footprint expanded, we needed a single, real-time console to manage our overall security posture,” said Vishal Arora, Head of DevOps, Cloud & Platform Engineering at Times Internet. “Upwind provided unified visibility, deep workload intelligence, and actionable risk prioritization across environments. This significantly reduced alert fatigue, improved response times, and enabled us to innovate securely.”

Similarly, for a fintech platform like CRED, precision is paramount. “Upwind helped us filter out noise and focus on the issues that could directly impact security, service integrity, availability, customer trust, or regulatory posture,” explained Himanshu Kumar Das, CISO at CRED.

An Ecosystem Built on Strategic Alliances

Upwind’s expansion is not just about technology and talent; it is fundamentally rooted in a partner-first strategy. The company has added over 100 new partners in the last year, including managed service providers (MSPs) and resellers, to build a robust local support network. Critically, it has forged deep integrations with the world's leading hyperscalers.

As a select Cloud-Native Application Protection Platform (CNAPP) partner integrated into the Extended Plan for AWS Security Hub, Upwind enables customers to procure and operate its platform directly through a simplified, single-vendor AWS experience. This strategic partnership embeds runtime intelligence within AWS's native security framework, allowing teams to prioritize active risks more effectively. The company also maintains a strong partnership with Microsoft Azure, where its platform is transactable and MACC-compliant on the Azure Marketplace, and has strengthened its collaboration with NVIDIA to secure the complex, GPU-powered environments essential for modern AI workloads.

By combining these powerful alliances with the deployment of local SaaS instances, Upwind is directly addressing the core needs of enterprise customers in APJ: top-tier security, seamless integration, regional expertise, and compliance with data sovereignty laws. This comprehensive approach enables organizations to embed runtime intelligence into their existing workflows, reducing friction between security and engineering teams and empowering them to focus on the active, real-time risks that matter most to their business.

As cloud and AI continue to redefine industries across Asia-Pacific, the ability to innovate securely has become a primary determinant of success. Upwind's investment in the region provides organizations with the critical tools and local support needed to navigate this complex landscape, turning security from a barrier into an enabler of sustainable growth and resilience.