AI Security Launch Overview-1600x960-b

Upwind AI Security: Securing your AI stack from the inside-out

A smiling man wearing glasses and a pink t-shirt, sitting in a lounge in front of exposed brick. dan profile Medium

By Amiram Shachar & Danilo Michelucci

May 20, 2026

AI is changing how we build, work, and operate. It is moving from experimentation into production applications, customer experiences, developer workflows, and cloud operations. As AI moves closer to the core of the business, it is gaining access to the systems that matter most: sensitive data, internal tools, cloud services, and non-human identities.

AI changed the security equation.

Modern AI applications are not single, static systems. They are dynamic environments made up of models, agents, tools, MCP servers, prompts, data flows, APIs, workloads, and infrastructure. An AI agent may call an external model provider, retrieve context from a vector database, invoke an internal tool, access sensitive data, and trigger a cloud action, all as part of one workflow.

Securing Every Layer

Upwind’s AI Security strategy is built to secure every layer of the AI stack, from the cloud infrastructure that powers AI applications to the agents, tools, and MCP servers that take action on their behalf. Upwind connects signals across cloud providers, self-hosted environments, and AI providers to build a complete picture of how your entire AI stack operates.
By moving layer by layer — infrastructure and access, models, guardrails, applications and data, agents, tools, and MCP, Upwind helps teams understand not just where AI exists, but how it behaves, what it can access, and where real risk emerges.

Secure-Every-Layer-of-Cloud-and-AI-Applications-3
Upwind provides end-to-end AI security coverage across cloud providers, self-hosted environments, and AI providers, connecting fetchers, cloud scanners, Upwind Sensors, and AI-Sensors to protect infrastructure, models, guardrails, applications, data, agents, tools, and MCP.

Every Layer Matters

With Upwind, teams can gain visibility across from Infrastructure and access to agents, tools and MCPs, evaluate AI security posture, monitor AI attack surface, understand risks, and detect AI-related threats in real time.

  • Infrastructure and access: cloud services, identities, permissions, and exposure.
  • Models: managed, SaaS, and self-hosted AI models.
  • Guardrails: policies, controls, and protections governing AI behavior.
  • Applications and data: the workloads, prompts, data flows, and services powering AI systems.
  • Agents, tools, and MCP: the action layer where AI systems connect to tools and make changes.
  • Runtime fabric: the live telemetry that shows how everything behaves in production.

AI Applications are Different

AI applications are dynamic by design. They can change behavior based on user input, context, connected tools, model responses, and permissions. An agent may perform a safe action in one scenario and a risky action in another. A prompt may look normal in isolation, but when combined with tool access, sensitive data, and cloud permissions, it can become part of a real attack path.

This creates three major challenges for security teams.

image-25-scaled

AI creates a new security challenge across visibility, risk, and runtime. Teams need to be able to answer the following questions:

Inventory: Your Code to Cloud AI Landscape

Dafault-scaled

Before a team can evaluate risk, enforce policy, or respond to threats, they need to answer basic questions:

  • Where is AI running?
  • Which applications are using models?
  • Which agents, tools, and MCP servers are connected?
  • What data can those systems access?
  • Which non-human identities are powering them?
  • Who owns each AI application?
Resource-overview-scaled

A useful AI inventory is not just a list of model names. It needs to map the full AI application stack, including models, agents, tools, MCP servers, applications, data flows, guardrails, infrastructure, identities, cloud services, and external AI providers.

Dafault-2-scaled

This is especially important because AI adoption often happens quickly and across many teams. Developers may connect to OpenAI, Anthropic, Bedrock, Vertex AI, SaaS AI services, self-hosted models, internal tools, or remote MCP servers without a centralized approval process. Without continuous inventory, security teams end up with blind spots across cloud providers, self-hosted environments, and AI providers.

Dafault-4-scaled

Upwind helps teams build a clearer AI inventory by bringing together multiple layers of visibility, including cloud context, workload telemetry, AI service discovery, application behavior, and runtime signals. This helps security teams move from “we think AI is being used somewhere” to “we know which AI systems exist, how they are connected, and what they can access.”

Dafault-3-scaled

Posture: Understand Risks Across The Entire AI Stack

Once AI systems are discovered, the next question is whether they are secure.

image-26-scaled

An AI application can look safe when viewed one layer at a time. A model endpoint may be expected. A service account may be valid. A tool may be approved. A network request may be normal. But when these signals are connected, they can reveal a risky combination.

Security teams need to evaluate questions like:

  • Is this AI application externally exposed?
  • Does it have access to sensitive data?
  • Are guardrails enabled and configured correctly?
  • Can the agent execute tools or modify infrastructure?
  • Are MCP servers trusted and properly controlled?
  • Which non-human identities can call models or take action?
  • Are model-serving workloads running vulnerable packages?
  • Are AI frameworks, SDKs, or application tools introducing additional risk?

Upwind helps teams connect AI posture to cloud context so they can understand how risk emerges across the full application.

image-27-scaled

Runtime: See What Unfolds in Real Time

AI applications behave differently than traditional applications because they are non-deterministic, they are driven by prompts, context, model responses, tool calls, and permissions. Runtime is the ultimate layer that shows what is the actual activity. 

Runtime for AI means multiple things, understanding model activity (prompts), tracking process execution (which indicates how agents use tools and MCP destinations) and cloud activity logs (which indicates how identities use AI applications) 

aisecurity

This is especially important for agentic AI. An agent may communicate with a model provider, receive a prompt, invoke a tool, access a file, call an API, connect to an MCP server, and trigger a cloud action.

For AI applications, runtime visibility can help identify:

  • Unexpected calls to external AI providers
  • New or suspicious MCP server connections
  • Abnormal tool usage by an agent
  • Sensitive data flowing into or out of LLMs
  • Unusual process execution inside model-serving workloads
  • Suspicious network destinations
  • Non-human identities taking unexpected cloud actions
  • Runtime behavior that deviates from the application’s normal pattern

Building AI Security Baselines With Runtime Telemetry

Upwind uses runtime behavior to build security baselines. For AI applications, this is especially important because risk is not defined only by what is deployed, it is defined by how models, agents, tools, MCP servers, data flows, identities, and cloud services actually interact in production.

A baseline represents the typical behavior of a workload or resource, helping teams understand what “normal” looks like across the AI stack and quickly detect deviations that may indicate misuse, compromise, or unsafe AI behavior.

Upwind builds these baselines using runtime telemetry collected from workloads, cloud environments, and AI-related activity.

telegram-cloud-document-1-4927465457276946523-1

Upwind continuously learns normal workload behavior across processes, network communications, and file system activity, creating an AI-aware baseline of how each application typically operates. This includes which agent or model-serving processes usually run, which tools or MCP servers are used, which model providers are contacted, which internal APIs, vector databases, or cloud services are accessed, and which non-human identities are involved.

telegram-cloud-document-1-4927465457276946521

Security baselines also make AI investigations much more actionable. When reviewing an alert, teams can compare the activity against the established baseline for that specific workload or resource:

  • Was this model provider normally contacted?
  • Is this MCP server expected?
  • Has this agent used this tool before?
  • Is this process part of the normal AI application flow?
  • Has this workload accessed this file path before?
  • Is this data flow expected for this application?
  • Is this non-human identity usually connected to this AI workflow?
  • Did this workload normally trigger this type of cloud action?

That context helps teams move faster, reduce noise, and focus on the AI behaviors that actually represent risk.


AI Security from the Inside Out

AI has stimulated everything we know about securing the cloud. The speed is different, the reality is different, and a new approach is needed.Deeply understanding inventory from code to cloud, correlating it with runtime activity signals, accurately analyzing posture, and detecting threats in real time is now essential for every security team. And this is just the beginning of the journey of securing AI, the speed has changed, forever.

Upwind AI Security: Securing your AI stack from the inside-out

Further Reading

Red agent blog image
Product

Validate Real Cloud Risk with Red, the AI Validation Agent

A woman with long, dark hair stands outdoors, wearing a white shirt and subtle jewelry. She is smiling at the camera. The background is blurred, with green foliage and bright lighting. Moshe Hassan Upwind

By Bar Klinghofer & Moshe Hassan

May 15, 2026

After teams identify the risks that matter, the next challenge is proving which ones are actually exploitable. Severity scores, exposure labels, and long lists of findings can point teams in the right direction, but they do not always show whether an attacker has a viable path to impact. In cloud environments, that path often depends […]

Blue agent blog image
Product

Accelerate Cloud Security Investigations with Blue, the AI Investigation Agent

A woman with long, dark hair stands outdoors, wearing a white shirt and subtle jewelry. She is smiling at the camera. The background is blurred, with green foliage and bright lighting. Moshe Hassan Upwind

By Bar Klinghofer & Moshe Hassan

May 14, 2026

The AI threat landscape is moving faster on both sides. Attackers are using AI to scale campaigns, accelerate exploit development, and move faster from discovery to execution. Defenders need AI that helps them keep pace without adding noise or pulling teams away from the work that matters most. Prioritization helps teams focus on the risks […]

Upwind Agentic Pack
Product

Move Faster From Cloud Risk to Remediation With Upwind Agentic Pack

A woman with long, dark hair stands outdoors, wearing a white shirt and subtle jewelry. She is smiling at the camera. The background is blurred, with green foliage and bright lighting.

By Bar Klinghofer

May 13, 2026

Cloud security works best when teams can move from context to action in one place. Upwind already brings together runtime-powered security context across cloud infrastructure, applications, identities, workloads, APIs, and AI systems. Now, the Upwind Agentic Pack helps teams use that context faster across investigation, validation, and remediation workflows. Grounded in Upwind’s runtime-first platform, the […]