Upwind Raises $250M at a $1.5B Valuation for Runtime Security

Upwind Security has secured $250 million in fresh funding at a $1.5 billion valuation, a sizable bet on its “runtime” approach to cloud security that focuses on what’s actually happening inside live workloads. The round was led by Bessemer Venture Partners, with participation from Salesforce Ventures and Picture Capital, and will fuel product expansion, AI-driven detection, and go-to-market push.

The company’s pitch is straightforward: cloud environments change by the minute, and static scans miss the point. By analyzing runtime signals such as network flows, API requests, and process behavior, Upwind prioritizes risks that are actively exploitable rather than merely theoretical.

Why Runtime Context Is the Battleground for Cloud Security

Traditional cloud security tools often work “outside-in,” scanning assets and configurations without the context of how services behave under real traffic. That can produce noisy alert floods and false urgency. Upwind’s “inside-out” model leans on live telemetry to understand which vulnerabilities sit on critical paths, which identities are actually invoking sensitive APIs, and whether an exposure is reachable in production.

This approach is designed for ephemeral infrastructure—containers that spin up and down in seconds, serverless functions, and microservices stitched together by APIs. In these environments, context is everything: a high-severity CVE on a dormant component matters less than a medium vulnerability on a service handling payment traffic. By correlating runtime signals, the platform aims to surface the latter first.

It’s a timely bet. The Verizon Data Breach Investigations Report notes that the majority of breaches involve a human element, from misconfigurations to misuse, which is amplified in cloud-native systems that are constantly changing. IBM’s latest Cost of a Data Breach study pegs the average breach near the $5 million mark, underscoring the value of reducing noisy alerts and accelerating real-time response.

Rapid Growth and Enterprise Uptake Signal Market Momentum

Since raising a $100 million Series A in 2024, Upwind reports 900% year-over-year revenue growth and a doubling of its customer base. The platform has found traction with data-intensive, cloud-forward organizations, counting brands such as Siemens, Peloton, Roku, Wix, Nextdoor, and Nubank among its users.

Geographically, the company has pushed beyond the U.S., U.K., and Israel into Australia, India, Singapore, and Japan—markets where regulated industries, e-commerce, and fintech put heavy demands on runtime visibility. That global footprint aligns with the broader shift toward consolidated cloud-native application protection platforms as teams look to reduce tool sprawl.

Positioning in a Crowded CNAPP Market With Runtime Focus

Cloud security has consolidated around CNAPP—an umbrella spanning posture management (CSPM), workload protection (CWPP), identity, and vulnerability management. Heavyweights such as Wiz, Palo Alto Networks’ Prisma Cloud, Orca Security, and Lacework all compete for the same budgets. The differentiator for Upwind is how deeply its prioritization is tied to live production behavior, rather than inventory or configuration snapshots alone.

Security leaders increasingly want fewer, smarter platforms to reduce operational drag. Industry analysts have flagged ongoing buyer consolidation, with enterprises favoring tools that stitch together build-time signals, runtime telemetry, and automated remediation. Upwind’s traction suggests buyers are rewarding platforms that can explain not just “what’s wrong,” but “what’s exploitable right now.”

Funds Target AI Advancements and Stronger Developer Guardrails

Upwind plans to invest heavily in AI that learns typical workload behavior and flags deviations across networks, processes, and APIs. The goal is to cut dwell time by suppressing benign anomalies while escalating threats that show clear signs of reachability, lateral movement, or data access risk.

The company also intends to shift more security decisions “left,” closer to developers. Expect deeper integrations with CI/CD, infrastructure-as-code, and API gateways so misconfigurations are caught before production. Given that missteps in identity, permissions, and network exposure commonly drive incidents, early guardrails can materially reduce risk and noise for operations teams.

Founders With Cloud DNA From Spot.io Shape Strategy

Upwind’s founders previously built Spot.io, a cloud optimization startup acquired by NetApp for roughly $450 million. That DevOps-first heritage informs the product’s bias toward infrastructure realities—how services are deployed, how APIs are exposed, and how ephemeral compute reshapes attack paths. It’s an engineering-centric angle that resonates with platform teams tasked with both reliability and security.

What Comes Next for Upwind’s Runtime-Centric Cloud Security

With new capital, watch for broader integrations across AWS, Azure, and Google Cloud, tighter hooks into service meshes and observability stacks, and more prescriptive remediation tied to business impact. If Upwind can continue proving that runtime context cuts noise while accelerating response, the company will be well-positioned as enterprises recalibrate cloud defenses around what’s live, reachable, and risky right now.