Upwind Security
Last updated: May 7, 2026
Runtime-centric cloud security platform combining real-time threat detection, vulnerability prioritization, and workload protection through eBPF-based inside-out visibility.
Visit WebsiteCompany Overview
Upwind Security is an Israeli cybersecurity company founded in 2022 providing cloud-native application protection through runtime visibility and threat detection. The platform implements an "inside-out" security model that operates at the network, application, and data-flow layers within running cloud environments. Rather than relying solely on static configuration scanning and vulnerability databases, Upwind monitors actual workload behavior using eBPF kernel instrumentation, API telemetry, and cloud-native logs to deliver context-aware risk prioritization, real-time threat detection, and anomaly identification in Kubernetes and cloud-native infrastructure.
The company addresses a critical architectural gap in cloud security. Traditional Cloud Native Application Protection Platform (CNAPP) solutions emphasize configuration discovery and posture management from external APIs, but miss threats, misconfigurations, and exploitability context visible only at runtime. Upwind's approach prioritizes fixing actual threats based on real traffic patterns and actual workload connections rather than theoretical attack surface. This reduces alert noise by approximately 95% according to company claims, lowering mean-time-to-remediation and improving security team efficiency in large containerized and Kubernetes environments. The platform integrates with AWS, Azure, and GCP cloud APIs, Kubernetes cluster instrumentation, network sensors, and security information and event management (SIEM) platforms used by enterprise security operations centers (SOCs).
Upwind has achieved remarkable early traction for a 2022 company foundation. The founding team includes security leaders and researchers from Wiz (which itself became a decacorn), Israeli cybersecurity talent, and international security researchers. The company has secured Series B funding and customers including Agoda, Nextdoor, TheRealReal, and other large cloud-native enterprises. Recent analyst recognition includes Gartner recognition in the CNAPP Market Guide, Frost & Sullivan Company of the Year 2025, GigaOm Leader status in container security, and QKS Group SPARK Matrix leadership position. Practitioners at a cloud security showdown voted Upwind #1 among competing CNAPP platforms, and the company holds a 4.9/5 rating on Gartner Peer Insights in the CNAPP category.
The market timing favors Upwind's approach. Cloud workload velocity, agentic AI systems, and the proliferation of ephemeral containers make static scanning increasingly ineffective. Defense and intelligence organizations increasingly operate classified and operational systems on commercial cloud platforms (AWS, Azure, GCP, OCI) under government contracts, driving demand for runtime security solutions that integrate with production Kubernetes and serverless infrastructure while supporting compliance requirements like FedRAMP and specific DoD cloud security certifications. The company's ability to operate with minimal performance overhead (a critical requirement for production systems) and provide unified visibility across heterogeneous cloud environments aligns with trends in modern infrastructure security.
Competitive dynamics are intensifying. Pure-play competitors include Wiz (which has a broader posture and scanning focus), Orca Security (acquired by Darktrace in 2024), Lacework, and Prisma Cloud (part of Palo Alto Networks). However, Upwind's distinct runtime-first and eBPF-centric strategy differentiates it from configuration-first competitors and creates defensible technical moats in threat detection accuracy and workload visibility. The eBPF approach is intrinsically difficult to replicate, requiring deep kernel and container orchestration expertise.
Dual-Use Assessment
Runtime cloud security has direct dual-use applications spanning commercial enterprise and defense/intelligence missions. The core eBPF-based threat detection, workload visibility, and anomaly identification capabilities directly address requirements of DoD, intelligence agencies, and allied government organizations operating classified or sensitive workloads on commercial cloud platforms. U.S. and allied militaries use AWS GovCloud, Azure Government, and commercial cloud services for command-and-control systems, intelligence analysis, logistics, and operational planning. Runtime protection against zero-days, lateral movement, container escapes, and supply-chain attacks is operationally critical for classified systems migrating to cloud. DARPA and DoD cloud modernization initiatives (Cloud One, JEDI successor programs) specifically emphasize runtime detection capabilities. The technology transfers directly to protecting defense AI systems, classified data repositories, and operational networks in cloud environments. While Upwind's current customer base is primarily commercial enterprises, the technical architecture and threat model are purpose-built for government cloud security requirements.
Strategic Fit Assessment
Priority signal means this entry may be worth researching within the Claw & Talon thesis. It does not mean investable, suitable, endorsed, available, or likely to produce returns.
Upwind represents a genuine technical breakthrough in cloud security addressing architectural limitations of current CNAPP platforms. Series B funding, rapid enterprise adoption, and recent analyst recognition (Gartner, Frost & Sullivan, GigaOm, QKS Group, Latio) confirm strong market timing and competitive positioning. The founding team's prior Wiz experience and Israeli cybersecurity backgrounds provide operational credibility and network advantages. eBPF-based runtime detection creates defensible technical moats against pure-scanning competitors. Significant dual-use applications for defense cloud modernization (DoD, intelligence agencies using commercial cloud) create strategic acquisition value beyond commercial cloud security market. Early customer references (Agoda, Nextdoor, TheRealReal) demonstrate enterprise credibility. Primary commercial risk is competitive response from larger CNAPP vendors (Palo Alto Networks, CrowdStrike, Microsoft) and emerging eBPF-native competitors, but Upwind's founding team depth and early market position provide advantages for either independent growth or strategic acquisition.
Strategic Value to U.S.-Israel Alliance
Upwind provides runtime detection and threat response capabilities critical for defense cloud adoption. DoD and intelligence agencies deploying AI systems, command-and-control infrastructure, and classified data repositories on commercial cloud platforms require runtime visibility and threat detection that Upwind's eBPF-native architecture uniquely provides. Lateral movement detection, zero-day identification, container escape prevention, and API-layer attack detection are operational requirements for classified systems on AWS GovCloud, Azure Government, and related platforms. Acquisition of Upwind by a defense contractor, intelligence agency technology partner (in-Q-tel model), or U.S. cloud infrastructure provider would provide defensible market differentiation and security control over government cloud workloads. From an independent growth perspective, Upwind can capture significant market share in the $3+ billion CNAPP market by selling to Fortune 500 enterprises and international government organizations with cloud security requirements, positioning as a runtime-first alternative to configuration-first CNAPP incumbents.
Key Technologies
- eBPF-based kernel instrumentation
- Runtime workload behavior profiling
- Kubernetes and container orchestration integration
- Cloud API telemetry and flow analysis
- Machine learning anomaly detection
- API security and data exfiltration detection
Use Cases & Applications
- Kubernetes and container workload threat detection
- Runtime vulnerability prioritization and exploitation context
- Zero-day and advanced persistent threat detection in cloud environments
- Lateral movement and post-breach detection
- API abuse and data exfiltration detection
- Supply-chain attack detection through dependency and container scanning
- Defense and intelligence cloud workload protection
- Compliance and audit trail generation for SOX, HIPAA, classified systems
Sources and verification
This profile is based on public-source research, Claw & Talon curation, and editorial judgment. Inclusion does not imply endorsement, partnership, investment, or a recommendation to transact. Readers should still confirm current status, customers, funding, and product claims before relying on this profile.
Public sources
The links below are visible public references used for source discipline around company identity, status, funding, customer, acquisition, public-company, or other material claims where available.
- Official website Primary public reference for company identity, positioning, and current web presence.
- Profile update timestamp Last updated in the Claw & Talon database on May 7, 2026.
Investor Lens
What this entry is
Private startup
Why it may matter
Upwind Security may matter as a Cybersecurity entry with not currently an investable standalone company for Israeli technology research.
How an independent investor should read this
Not currently an investable standalone company. Read this profile as a starting point for independent verification, not as a recommendation or suitability assessment.
Evidence to verify
- Verify current status
- Verify traction
- Verify cap table/funding
- Verify technical claims
- Verify regulatory/export-control issues
- Verify customer concentration
Main investor questions
- Is the company currently active, independently financeable, and raising or not raising on terms you can verify?
- What customer, revenue, product, and technical evidence supports the company story?
- What valuation, cap table, rights, and follow-on assumptions would govern any private exposure?
- Does the dual-use claim map to actual commercial and government/defense/resilience buyer evidence?
- What evidence would change the thesis or show that the profile is stale?
What not to infer
- Inclusion does not imply endorsement.
- Inclusion does not imply allocation availability or current fundraising.
- Scores do not indicate investment suitability or expected returns.
- Strategic importance does not automatically imply venture return potential.
Diligence questions
- What evidence verifies Upwind Security's current customer traction, deployment status, and revenue concentration?
- Which technical claims are independently demonstrable today, and which remain roadmap or pilot-stage assertions?
- Where does the product create real defense, intelligence, critical-infrastructure, or emergency-response value beyond ordinary commercial adoption?
- How does the platform integrate into existing SOC, cloud, identity, or compliance workflows without adding operational burden?
- What would disconfirm the priority signal: weak customer references, thin technical differentiation, poor capital efficiency, or limited allied-market access?
Related sector
See the Cybersecurity sector page for market context, related subcategories, and other Israeli companies in this part of the database.
Related companies
Need a diligence readout?
Use the profile and related checklists as a starting point. If the decision needs more context, request a company screen, founder-call prep, diligence memo, or sector readout.