From the outside, Upwind Security appears to have had a smooth journey. The cloud security startup is just four years old, yet it has already reached a valuation of $1.5 billion and counts major companies like Siemens, Peloton, Roku, Wix, Nextdoor, and Nubank among its clients. However, according to co-founder and CEO Amiram Shachar, the path to this point was filled with uncertainty.
Shachar recalls that three years ago, the team spent hours questioning their direction, feeling unsure about their course 80 percent of the time. In the beginning, they constantly debated whether the market truly needed their solution, if integration into larger systems would be too difficult, or if customers would actually adopt it. Developing a new approach was a challenge, especially since people were accustomed to installing specific agents on machines, a process they often disliked.
Upwind’s approach is what it calls “runtime” security. This method prioritizes alerts and remediation efforts around threats and vulnerabilities found in active services in real time. Shachar describes it as an “inside-out” take on cloud security, where internal signals like network requests and API traffic provide the context to help security teams distinguish urgent risks from those that can be deferred.
Developing this approach was not easy, particularly because Shachar and his co-founders did not come from a traditional security background. They previously built and sold a cloud compute brokerage called Spot.io to NetApp for approximately $450 million in 2020. After joining NetApp following that acquisition, Shachar experienced firsthand the complexities of cloud security. He observed that security teams would scan environments and report issues but lacked critical context. Coming from a DevOps background, Shachar and his team had a deep understanding of the infrastructure, whereas security teams often did not know how APIs were exposed or which packages were running. This gap led to many flagged issues that were not actual risks.
The team believed they had better insight into cloud environments because they were the ones running them. Shachar explained that the dominant approach at the time was agentless, an “outside-in” model where environments are scanned externally. While easy to deploy, this method generates significant noise because it can only see what is visible from the outside.
The Upwind team realized that the context provided by internal signals would be far more useful to security teams, offering a real-time view of network activity. Yet selling this new perspective on cloud security proved challenging. Security teams often lack the permission to deploy software internally and tend to default to more traditional tools.
As a result, Upwind’s sales process took time. Shachar admits it was not clear at first, and there was considerable uncertainty with hesitant customers. But the team believed they saw something others missed. Shachar explained that an inside-out approach is not merely an advanced option; it is the only way to solve the next generation of problems. With ephemeral infrastructure like containers, serverless workloads, AI agents communicating, and data constantly moving through APIs, mapping this environment from the outside is impossible. It must be done from the inside.
The company also had to navigate an overcrowded security market. Security teams were already overwhelmed by the number of tools available, and customers did not want multiple products just to manage cloud security. Shachar stated that from the beginning, it was clear Upwind would need to build a broad, integrated platform; otherwise, customers would not engage or allow the deployment of their technology.
This logic eventually resonated with their target customers: large, data-intensive organizations with substantial cloud footprints. Since its $100 million Series A in 2024, Upwind has grown rapidly, posting 900 percent year-over-year revenue growth and doubling its customer base. The company has also expanded from its core markets in the U.S., U.K., and Israel into emerging markets including Australia, India, Singapore, and Japan.
The recent $250 million Series B round was led by Bessemer Venture Partners, with participation from Salesforce Ventures and Picture Capital. The new capital will be used for product development and go-to-market initiatives. The startup plans to invest in enhancing its AI security capabilities within its core cloud security platform and to extend its approach closer to developers, helping to prevent misconfigurations before they reach production.