In the cutthroat arena of cloud security, Upwind isn’t just participating; they’re actively rewriting the rules. Their latest move? Unleashing an Open Source Security Model onto their Cloud-Native Application Protection Platform (CNAPP), a bold step aimed at giving security teams granular control and transparency over their cloud environments.
This isn’t some incremental update. It’s a strategic play to address the widening gap between rapidly evolving cloud infrastructures and the static security paradigms struggling to keep pace. With this open-source approach, Upwind hopes to empower organizations to manage cloud risk with unprecedented flexibility.
2025 has been nothing short of a whirlwind for Upwind. Buoyed by a staggering $180 million in total funding, including a $100 million Series A, the company has been on a tear, rapidly expanding its CNAPP capabilities. From the Exposure Validation Engine to CADR (Cloud Application Detection and Response), the platform has seen significant upgrades, all driven by a runtime-first philosophy.
“2025 has been a defining year for us,” Upwind co-founder and CEO Amiram Shachar told MSSP Alert. “We’ve scaled the platform significantly, from the Exposure Validation Engine to CADR and now the Open Source Security Model, all driven by what we’re hearing from enterprise customers… All of this reflects a single vision: security should be based on what is happening in real time in runtime, not static assumptions.”
The Nyx Acquisition and its Aftermath
A key element in Upwind’s arsenal is the integration of Nyx Security, acquired earlier this year. This acquisition fueled the development of “In-Use Functions,” offering real-time insights into software function execution, and the aforementioned CADR platform, providing security teams with a unified view of production environments.
Furthermore, the strategic hiring of Rinki Sethi, a seasoned security executive with experience at Twitter, Bill, and Rubrik, as Chief Security and Strategy Officer, underscores Upwind’s commitment to building a world-class security team.
Upwind’s Open Source Security Model directly targets the limitations of traditional security programs, often plagued by static controls and sluggish workflows. By offering an open-source framework, the company aims to inject extreme ownership, transparency, and adaptability into cloud risk management.
According to Shachar, “The Open Source Security Model is our response to that gap. It brings extreme ownership, transparency, and flexibility into how organizations manage cloud risk… Instead of noisy, theoretical findings, everything is backed by contextual reasoning. The goal is simple: give every team the clarity and autonomy they need to make fast, accountable decisions without losing governance.”
AI-Powered Clarity
AI is central to Upwind’s approach, playing a crucial role in correlating signals, filtering out noise, and pinpointing genuinely exploitable risks. The platform provides human-readable summaries and context, empowering teams to focus on what truly matters.
“Most tools consolidate data but stop there,” Shachar explained. “Our model is built around real runtime evidence and full context. It doesn’t just centralize information; it provides the ‘why,’ the impact, and the recommended path forward. Additionally, it gives teams the freedom and flexibility to modify risk and control it more granularly throughout their organization.”
Recognizing the importance of the channel, Upwind has also launched the Upwind Partner Program. This initiative offers enhanced enablement, predictable incentives, and deeper technical alignment to partners, including training, certification paths, and integrated product support. Co-selling support with cloud giants like Amazon Web Services (AWS) and Microsoft Azure is also a key component.
“The channel is becoming increasingly important for us as we scale,” Shachar said. “Over the past six months, we’ve expanded our global partner ecosystem significantly, with more than 70 new partners across ISVs, MSPs, resellers, and cloud providers. We work closely with hyperscalers like Microsoft Azure and AWS to help customers accelerate secure cloud adoption with a unified runtime-first approach.”
The move towards open source in cloud security, spearheaded by companies like Upwind, signals a profound shift in how organizations approach risk management in increasingly complex environments. By empowering security teams with greater control and transparency, Upwind is betting on a future where cloud security is not just about compliance, but about proactive, informed decision-making at every level of the organization.
