Upstream Security

Upstream Security is an Israeli cybersecurity company founded in 2017 and headquartered in Herzliya that provides purpose-built extended detection and response (XDR) solutions for the connected mobility and IoT ecosystems. The company operates at the critical intersection of automotive manufacturing, cloud security, and artificial intelligence, addressing the unprecedented cyber risks introduced by the proliferation of software-defined, connected vehicles. As vehicles become increasingly complex data processors with embedded connectivity, OTA (over-the-air) update capabilities, and cloud integration, traditional automotive security models have become inadequate. Upstream's platform fills this gap by ingesting and normalizing telematics, diagnostics, API transactions, and vehicle data streams from tens of millions of connected vehicles in production, processing approximately 25 billion terabytes of data monthly while maintaining near real-time detection and response capabilities.

The company's core technology rests on three architectural pillars: an agentless cloud platform that requires zero in-vehicle footprint, advanced machine learning models trained on proprietary automotive threat patterns, and generative AI-powered investigation and remediation workflows. Unlike traditional endpoint security or network security solutions adapted for vehicles, Upstream's platform creates real-time digital twins of each connected vehicle—near-complete state representations that enable both known-signature detection and anomaly-based identification of emerging threats. This approach is critical because automotive cyber attacks often manifest as subtle behavioral deviations in CAN bus communication, sensor readings, or cloud API interactions rather than as malware or network exploits. The platform's modules include Mobility Cybersecurity Detection & Response (XDR), Proactive Quality Detection for early failure prediction, API Security, Misuse Detection for fraud and unauthorized service access, and Managed Vehicle Security Operations Center (vSOC) services that provide 24/7 threat investigation and incident response.

Upstream's market traction and customer base validate both technical depth and commercial viability. The company protects over 40 million vehicles and IoT devices globally and processes 40 billion API transactions monthly, indicating substantial production deployment rather than pilot-stage deployment. Major automotive OEMs including Volvo, BMW, Renault, Hyundai, Ford, and commercial vehicle manufacturers have integrated Upstream's platform; strategic partnerships with cloud providers (Amazon Web Services, Google Cloud, Microsoft Azure), infrastructure partners (Cisco, Fujitsu, Accenture, Deloitte), and managed service operators demonstrate comprehensive ecosystem adoption. The company has secured institutional backing from automotive and technology leaders including Series B investments from Volvo Group, Hyundai, and Renault, and Series C participation from Cisco Investments. This funding trajectory and customer roster place Upstream in the top tier of automotive cybersecurity vendors by production deployment and customer confidence.

The company's strategic competitive advantages center on architectural choices optimized for automotive scale and regulatory requirements. The agentless approach—ingesting data from existing OEM telematics and cloud APIs without modifying vehicle software—dramatically reduces deployment friction and avoids the multi-year automotive certification cycles that in-vehicle solutions require. This architectural choice has enabled Upstream to achieve production scale while competitors like Argus (owned by Continental), Karamba Security (acquired by BlackBerry), and C2A Security compete on in-vehicle or chipset-level protection. Upstream's platform is explicitly designed for WP.29 R155 and R156 compliance (the ISO/SAE cybersecurity and software update standards now mandatory for new vehicles in EU and other jurisdictions), positioning it as critical infrastructure for OEM regulatory compliance rather than optional security enhancement. The company's threat intelligence capabilities, drawing from automotive-specific data across the supply chain, represent a durable competitive advantage in identifying zero-day risks and emerging threat actor tactics targeting vehicles.

The dual-use potential for defense and national security applications is substantial but requires careful calibration. Connected vehicle cybersecurity technology has direct applicability to military vehicle fleets—commercial vehicles increasingly share architectures with military variants, autonomous and connected military platforms require equivalent security postures to civilian connected vehicles, and many military supply chains depend on commercial vehicle components. However, claims about "military vehicle protection" should be grounded in specific vulnerabilities rather than aspirational scenarios. The genuine strategic relevance lies in three concrete dimensions: (1) Upstream's detection and response capabilities are agnostic to vehicle type and directly applicable to military platforms using commercial components or architectures; (2) OEM compliance with security standards like R155 creates a security baseline that defense procurement can reference and mandate; (3) the company's threat intelligence on adversarial tactics against connected vehicles translates directly to defense applications. The dual-use score of 80 is justified because the core technology is inherently dual-use (civilian and defense vehicles share threat models and architectures), the commercial deployment has created real defensive value, and the technology is not restricted or weaponized.