From the outside, Upwind Security looks like it’s had a smooth journey so far. Just four years in, the cloud security startup is now worth $1.5 billion, and boasts the likes of Siemens, Peloton, Roku, Wix, Nextdoor and Nubank among its clientele. But if you ask the company’s co-founder and CEO Amiram Shachar, the journey to get here was anything but certain.
“Three years ago, we would spend hours asking ourselves if we were heading in the right direction, and 80% of the time, it felt like we weren’t,” a candid Shachar told TechCrunch in an interview following the startup’s recent $250 million Series B.
“At the beginning, we constantly questioned whether the market needed our solution, whether it would be too hard to integrate into larger systems, or if customers would adopt it,” he recalled. “Developing a new approach was difficult; people are used to installing certain agents on machines, but they don’t like doing it.”
Upwind likes to call that approach “runtime” security: Prioritizing alerts and remediation efforts around threats and vulnerabilities in active services in real time. As Shachar puts it, it’s an “inside-out” take on cloud security, where internal signals like network requests and API traffic function as context to help security teams separate urgent risks from those that can wait.
Developing that approach wasn’t easy, however, as Shachar and his co-founders didn’t have a traditional background in security: they first built and sold a cloud compute brokerage called Spot.io, to NetApp for around $450 million in 2020.
“After joining NetApp post the Spot acquisition, I experienced first-hand how difficult cloud security really is,” Shachar said. “The security team would scan our environment and report issues, but they lacked critical context. Coming from a DevOps background, we (Shachar and his team) understood the infrastructure deeply, while security teams often didn’t know how APIs were exposed or which packages were running. As a result, they flagged many issues that weren’t real risks.”
But Shachar and his team felt they had better insight into cloud environments because they were running them. “The dominant approach was agentless, an ‘outside-in’ model where you scan environments externally,” he explained. “It’s easy to deploy, but it creates a lot of noise because you can only see what’s visible from the outside.”
Techcrunch event
Boston, MA
|
June 23, 2026
The team realized that the context provided by internal signals would be more useful to security teams, as they’d get to see what was happening in the network, in real time. But selling their new take on cloud security proved challenging, as security teams often lack permission to deploy software internally and default to more traditional tools.
So Upwind sales took time. “It wasn’t clear at first, and there was a lot of uncertainty; customers were hesitant,” Shachar said.
“But we saw something others didn’t,” he explained. “Inside-out isn’t an advanced option; it’s the only way to solve the next generation of problems. With ephemeral infrastructure like containers, serverless workloads, AI agents talking to each other, and data constantly moving through APIs, you simply can’t map this from the outside. It has to be inside.”
Still, the company had to contend with an overcrowded security market. Security teams were already overwhelmed by the number of tools, and customers didn’t want multiple products just to manage cloud security. “From the beginning, it was clear that Upwind would need to build a broad, integrated platform,” Shachar said. “Otherwise, customers wouldn’t engage or allow us to deploy our technology.”
The company’s logic eventually spoke to its target customers: large, data-intensive organizations with sizable cloud footprints. Since its $100 million Series A in 2024, Upwind has grown rapidly, posting 900% year-over-year revenue growth and doubling its customer base. The company has also expanded from its core markets in the U.S., U.K. and Israel to emerging markets including Australia, India, Singapore, and Japan.
The $250 million Series B was led by Bessemer Venture Partners, with participation from Salesforce Ventures and Picture Capital. The fresh cash will be used for product development and go-to-market motions, and the startup plans to invest in its AI security capabilities within its core cloud security platform and “extend its approach closer to developers to help prevent misconfigurations before they reach production.”
