NextFin News - In a significant move that underscores the intensifying demand for advanced cloud defense, Upwind Security announced on January 29, 2026, that it has raised $250 million in a Series B funding round. The investment values the four-year-old startup at $1.5 billion, a rapid ascent from its $900 million valuation just over a year ago. The round was led by Bessemer Venture Partners, with participation from Salesforce Ventures and Picture Capital. Based in the United States and Israel, Upwind plans to utilize the capital to accelerate product development, particularly in AI security and developer-centric tools, while expanding its global footprint across Asia and Europe.
According to TechCrunch, the company has achieved a staggering 900% year-over-year revenue growth, attracting a blue-chip client roster that includes Siemens, Peloton, Roku, and Nubank. The core of Upwind’s value proposition lies in its "runtime" security model—an "inside-out" approach that monitors active cloud services in real time. Unlike traditional "outside-in" agentless scanning, which identifies vulnerabilities by looking at the perimeter, Upwind’s platform analyzes internal signals such as network requests, API traffic, and process behavior to provide the context necessary to distinguish genuine threats from harmless anomalies.
The success of Upwind reflects a broader architectural shift in how enterprises perceive digital risk. For years, the industry relied on Cloud Security Posture Management (CSPM) and external scanning tools. However, as U.S. President Trump’s administration continues to emphasize the protection of critical digital infrastructure and the domestic AI supply chain, the limitations of static scanning have become apparent. In modern, ephemeral environments—where containers and serverless functions may only exist for seconds—a static scan is often obsolete by the time it is completed. Shachar, the CEO of Upwind, noted that traditional security teams often lack the context of how APIs are exposed or which packages are actually running, leading to a flood of false positives that overwhelm DevOps teams.
This "context gap" is where Upwind has found its market fit. By correlating runtime data with build-time configurations, the platform allows security teams to prioritize vulnerabilities that are actually reachable and exploitable in production. This is particularly critical as AI agents and automated microservices begin to dominate cloud traffic. According to industry data, the average cost of a data breach has climbed toward $5 million in 2026, making the reduction of "dwell time"—the period an attacker remains undetected—a top priority for Chief Information Security Officers (CISOs).
The competitive landscape of the Cloud-Native Application Protection Platform (CNAPP) market is currently dominated by giants like Palo Alto Networks and high-valuation unicorns like Wiz. However, Upwind’s focus on runtime intelligence provides a specialized edge. While many competitors have attempted to add runtime features through acquisitions, Upwind was built with a DevOps-first DNA. Shachar and his co-founders previously built Spot.io, which was sold to NetApp for $450 million in 2020. This background in infrastructure optimization has allowed the team to build a security tool that integrates more seamlessly into the production environment than traditional security-first products.
Looking ahead, the infusion of $250 million will likely trigger a new arms race in the "shift-left" and "shield-right" movements. Upwind’s strategy to extend its reach closer to developers aims to catch misconfigurations before they reach production, while its runtime engine provides a safety net for live workloads. As AI-driven attacks become more sophisticated, the ability to monitor API-to-API communication in real time will transition from a luxury to a baseline requirement. The market is moving away from fragmented point solutions toward integrated platforms that can explain not just what is broken, but what is currently under attack. For Upwind, the challenge will be maintaining its growth trajectory while competing against consolidated platforms that offer broader, albeit sometimes shallower, security suites.
Explore more exclusive insights at nextfin.ai.
