Endpoints-Sensor

Announcing Upwind AI Sensor for Endpoints

A smiling man wearing glasses and a pink t-shirt, sitting in a lounge in front of exposed brick.

By Amiram Shachar

Jun 25, 2026

Today, we are excited to announce the Upwind AI Sensor for Endpoints!

In the world we’ve known until now, the threat model was familiar. A developer accidentally commits a secret to a repository. A DevOps engineer exposes sensitive data to the internet. Someone deploys a workload carrying a critical vulnerability. To deal with these risks, the industry built layer after layer of detection and protection – every pillar we’ve come to expect from a modern CNAPP: Shift Left, SCA, CSPM, runtime security.

The AI era is a different problem entirely. It is no longer just about finding the one developer, the one person or the one process that made a mistake. Today, organizations operate with dozens, if not hundreds, of AI agents with permissions and capabilities identical to those of human users. These agents have the intent and autonomy to write code, generate configuration files, trigger deployments, and manage cloud resources in real time. And that is something that needs to be governed.

Endpoint-Diagram-Sprawl-3-scaled

In this new world, the kinds of permissions and actions we have historically associated only with the cloud – creating resources, deploying workloads or modifying configurations are no longer happening in the cloud. They are happening at your users’ endpoints, driven by AI agents, MCPs, and autonomous tooling running on developer machines.

The security model we built for the cloud is not just expanding in scale. It is shifting to the edge. Agents and MCPs now hold tokens and full autonomy to build, configure, and execute. All from the endpoint.

That is why we built the Upwind AI Sensor for Endpoints.

Endpoint-1-1-scaled

Connecting the Dots Across Endpoints & Cloud

The Upwind AI Sensor for Endpoints runs on MacOS and Windows operating systems, provides a content-level understanding of all AI activity happening on the device, what’s being sent and received, prompt, provider, identity, sensitivity, and risk classification, in real time across every AI interaction in the environment.

AI-Endpoint-b-scaled

The Upwind AI Sensor collects important metadata such as AI-Bill-of-Materials (AI BOM), a continuously updated inventory of every AI provider, model, and tool installed and used.

What the AI Sensor Can Do for You

Discover Agents, MCPs, Skills, and Prompt Activity: Track AI activity across your endpoints, including agents, MCPs, skills, models, and prompt interactions. Understand which identities are accessing AI services, which models they use, and the prompts being submitted to gain complete visibility into AI usage.

Identify Unauthorized AI Adoption: Monitor AI services, applications, and tools in use across the organization. Compare observed usage against approved technologies to uncover shadow AI and reduce governance, security, and compliance risks.

Govern Browser-Based AI Interactions: Understand how employees interact with AI services through the browser. Monitor AI workflows, identify risky usage patterns, and help prevent sensitive data from being shared with unauthorized AI services.

Endpoint-Diagram-Linear-2-scaled

Detect AI-Specific Threats and Misuse: Identify risky AI interactions, malicious MCP Server, infected skills policy violations, suspicious prompt activity, and anomalous behavior that may indicate abuse, manipulation, or data exposure. Take action to alert, investigate, or block threats before sensitive information leaves the organization.

As AI agents, MCPs, and AI-powered tools become part of daily workflows, they also become part of the endpoint attack surface. The Upwind AI Sensor extends endpoint visibility and security to these AI interactions and connects them to runtime context, helping security teams investigate incidents faster, understand exposure, and stop threats before they spread.

From Endpoint to Cloud, Securing the AI Era 

Endpoint & Cloud on the same security map.

Developer laptops have become one of the most popular attack surfaces. Intelligence and context from the endpoint give you a comprehensive inventory of providers, models, and tools derived from observed usage across cloud and endpoints. 

As AI adoption expands across the enterprise, teams need visibility into how AI interacts with sensitive data, business applications, and cloud resources. By correlating endpoint and cloud context, organizations can connect AI activity to application security, cloud posture, and runtime risk.

AI-Endpoint-Plus-scaled

See the full picture: AI Detection & Response 

Endpoints have always been a gold mine for attackers. Today, Endpoints no longer hold just tokens and secrets. They’re running production agents, connected to MCPs, Infecting Skills, extracting information and performing actions across SaaS and cloud platforms. 

When bringing together cloud context and findings from the endpoints, Upwind can easily identify full attack chains, understand where to stop breaches at the endpoint, and how to minimize the attack blast radius in the cloud.

End-to-End-scaled

Deploying at Scale

The Upwind AI Sensor for Endpoints is designed to roll out the same way you deploy any endpoint agent through the tools your organization already uses. For teams managing fleets with an MDM solution like Jamf, Intune, Kandji, JumpCloud, or Mosyle, deployment is a standard package push that distributes the sensor as a signed installer through your MDM, applies it to the relevant device groups, and it’s running without any manual steps on individual machines.

For organizations without an MDM in place, the sensor ships as a lightweight installer that can be distributed through any internal channel, such as a shared drive, a Slack message to the engineering team, or a one-liner in your onboarding script. Download, install, and authenticate to your Upwind tenant, and the endpoint is covered.

In both cases, the sensor is up and providing visibility within minutes. No kernel extensions, no complex configuration, no reboot required.

In the Works

We are focused on shipping the first version of Upwind AI Sensor to the world, and already working on the next major releases.

  • The Upwind AI Sensor will have inline enforcement, blocking or redacting interactions based on policies before they complete.
  • The Sensor will have Browser-level visibility and interception for consumer AI tools
  • Behavioral baselines per agent, detecting deviation from normal interaction patterns

The AI Sensor extends endpoint visibility to the AI interactions shaping today’s enterprise. As organizations adopt AI agents, MCPs, skills, and AI-powered tools, security teams need more than endpoint telemetry. They need context across the entire environment.

Learn more about Upwind AI Security and how organizations are securing AI across endpoints, cloud infrastructure, identities, APIs, and data.

Announcing Upwind AI Sensor for Endpoints

Further Reading

Choppy AI
Product

Choppy AI Agent, A Security Team’s Best Friend

A woman with long, dark hair stands outdoors, wearing a white shirt and subtle jewelry. She is smiling at the camera. The background is blurred, with green foliage and bright lighting. Morgan_Pearson_Headshot_neutral

By Bar Klinghofer & Morgan Pearson

Jun 24, 2026

Cloud security teams do not have a visibility problem anymore. They have a context problem. Modern cloud environments generate endless findings across vulnerabilities, identities, APIs, data, configurations, threats, workloads, and exposure. The challenge is not just knowing what exists. It…

Attack Surface Management-Blog Hero
Product

Introducing Upwind Attack Surface Management: Find the Exposures That Matter Before Attackers Do

Ido Buchnik Morgan_Pearson_Headshot_neutral Moshe Hassan Upwind

By Ido Buchnik, Morgan Pearson & Moshe Hassan

Jun 22, 2026

We’re excited to announce Upwind Attack Surface Management (ASM), a new way for security teams to discover unknown attack surfaces, understand risk exposure, and prioritize the issues that matter most. Security teams have spent years improving visibility across their environments….

Threat Investigations Product Announcement - Blog Hero
Product

Investigate Faster, Detect Smarter: The Next Wave of Upwind AI Threat Detection

A man with short brown hair and a beard smiles at the camera. He is wearing a dark t-shirt and standing against a neutral, light-colored background. Moshe Hassan Upwind

By Daniel Shaoul & Moshe Hassan

Jun 18, 2026

The moment an attacker initiates access to your network, evidence starts to appear, and in that moment, detections start to fire. That’s the moment you just start the hard part of investigating and discovering the true attack chain. Our goal…