Upwind's AI Firewall: Securing Generative AI at Sub-Millisecond Speed

SAN FRANCISCO, CA – March 23, 2026 – As enterprises race to integrate generative AI, a new and formidable security challenge has emerged: the weaponization of natural language itself. Addressing this threat head-on, cloud security firm Upwind has unveiled a breakthrough approach, developed in collaboration with Nvidia, capable of detecting malicious AI prompts with approximately 95% precision at speeds previously thought unattainable for real-time traffic.

The research, presented at the recent RSAC Conference, demonstrates a system that maintains sub-millisecond inference times, effectively creating a real-time firewall for Large Language Models (LLMs). This development promises to remove a significant roadblock for businesses eager to deploy AI applications without exposing themselves to a new class of sophisticated attacks like prompt injection and data exfiltration.

The New Attack Surface: Language Itself

The rapid adoption of generative AI is fundamentally reshaping business operations, but it has also introduced a novel attack vector that traditional security measures are ill-equipped to handle. With Gartner predicting that over 80% of enterprises will use generative AI in production environments this year, the very interface of these powerful tools—natural language—has become the new battleground.

Unlike conventional cyber threats that exploit vulnerabilities in code or network protocols, LLM attacks are semantic in nature. Malicious actors can craft seemingly innocuous prompts that trick a model into bypassing its safety protocols, a technique known as a "jailbreak." They can also use "prompt injection" to embed hidden commands that manipulate the AI's output, extract sensitive data from connected databases, or even trick the AI into executing unauthorized actions. These threats are particularly insidious because they exploit the core functionality of the LLM: its ability to interpret and act on human language.

“LLMs don’t just process input, they interpret intent,” said Moshe Hassan, VP of Research & Innovation at Upwind, in the company's announcement. “That changes the security model entirely. Organizations aren’t just trying to block bad code anymore, they have to stop attempts that twist language and manipulate systems. Our research with Nvidia shows you can do that effectively in live production environments, without slowing things down or driving up costs.”

This challenge is amplified as fewer than half of organizations have adopted a risk-based strategy for their AI systems, creating a significant gap between the pace of deployment and the implementation of effective security and governance.

A Layered Defense for Real-Time Protection

To solve the dual challenge of accuracy and speed, Upwind engineered a multi-stage detection architecture that avoids the latency and cost pitfalls of relying on a single, heavyweight AI model for every request. The system intelligently filters and escalates threats through a three-stage process designed for production scale.

First, a lightweight classifier acts as a gatekeeper in Stage 1: LLM Traffic Identification. This initial filter, running in under a millisecond with a reported 99.88% accuracy, rapidly determines whether an incoming request is even destined for an LLM. This crucial step ensures that the more computationally intensive analysis is reserved only for relevant traffic, dramatically reducing overhead and preserving performance for the entire application stack.

Once a request is identified as LLM-bound, it proceeds to Stage 2: Semantic Threat Detection. Here, the system leverages the Nvidia nv-embedcode-7b-v1 model, deployed via NVIDIA NIM microservices, to analyze the prompt's meaning and intent. In Upwind's evaluation, this model proved highly effective at distinguishing between benign user queries and malicious prompts, including complex indirect jailbreaks. This stage achieved an impressive 94.53% detection accuracy while maintaining inference times well under 0.1 milliseconds, proving that high-fidelity AI security can operate at the speed of modern applications.

For the small subset of high-risk or ambiguous cases, the system initiates Stage 3: Selective LLM Validation. These prompts are escalated to a more powerful reasoning model, the NVIDIA Nemotron-3-Nano-30B, which is integrated with NVIDIA NeMo Guardrails. This final layer provides a more reliable verdict, reducing false positives and offering deeper explainability for security teams, all while keeping the primary detection path fast and efficient.

The Power of a Deepening Partnership

This technological achievement is underpinned by a strategic and deepening collaboration between Upwind and Nvidia. The solution goes far beyond simply running software on a GPU; it involves the tight integration of Nvidia's specialized AI models, inference microservices, and security frameworks directly into the core of Upwind's platform.

The use of NVIDIA NIM (Nvidia Inference Microservices) provides a standardized, high-performance way to deploy the various models used in the detection pipeline. This not only accelerates performance but also simplifies management and scaling. The partnership also extends to proactive defense, with Upwind integrating NVIDIA Garak, an open-source framework for adversarial testing. This allows for the continuous validation of LLM defenses by simulating a barrage of attacks like prompt injection and data exfiltration, ensuring the system remains robust against evolving threats.

This synergy creates a powerful security ecosystem. Upwind's platform now not only leverages Nvidia's AI for its own security analytics but also provides dedicated protection for workloads running on Nvidia's advanced hardware, including the DGX platform and the next-generation Blackwell architecture. This enables organizations to deploy AI at scale with confidence, knowing that both the applications and the underlying infrastructure are secured.

From Detection to Actionable Intelligence

In a modern cloud environment, simply flagging a malicious prompt is not enough. The true value lies in placing that threat within the broader operational context. Upwind achieves this by embedding its LLM detection capabilities directly into its runtime-first cloud security platform.

When a malicious prompt is detected, it is not treated as an isolated alert. Instead, it is surfaced as an actionable security event, enriched with critical context from the runtime environment. Security teams can see precisely which service was targeted, the identity and permissions associated with the request, the potential data paths at risk, and the overall exposure of the application. This transforms a simple detection into high-fidelity threat intelligence that can be prioritized and remediated quickly.

This integrated approach is central to the vision of Upwind, a company founded in 2022 by the team behind Spot.io and backed by $430 million in funding. By connecting threats at the application layer to the underlying cloud infrastructure, the platform empowers organizations to move beyond reactive security and proactively manage risk across their entire digital estate. The research proves that organizations no longer have to make a difficult choice between embracing AI innovation and maintaining a strong security posture.