People.ai Accelerates Real-Time Cloud Security and Certification Compliance with Upwind
Upwind is not just a security tool — it’s a platform that makes our engineering, security, and audit teams faster and more effective”
About
As a fast-growing, cloud-first organization operating at the forefront of generative AI adoption, People.ai was managing an increasingly complex cloud security landscape. With sensitive customer data, evolving compliance frameworks, and a rapid development culture, the security team needed more than traditional static scanning. To overcome these challenges, People.ai selected Upwind to replace their existing CNAPP tooling and provide unified runtime visibility, smart prioritization, and built-in compliance support. The shift enabled the team to transition from static snapshots to a real-time understanding of their cloud infrastructure.
Challenges
- Lack of runtime insight: Tools like Wiz provided visibility into what was deployed, but not what was active, connected, or at risk in real time.
- Alert fatigue and lack of prioritization: Without exploitability or runtime context, the team struggled to separate signal from noise.
- Manual audit workflows: Microsoft 360 required intensive evidence gathering.
- Sensor deployment friction: Prior tooling required complex, image-based sensor integration that couldn’t scale in dynamic environments.
- Slow product iteration: Needed feedback loops and feature improvements often stalled with previous vendors.
Solutions
- Sensor-based runtime monitoring across AWS workloads, surfacing real-time communication flows and actively exposed risks.
- Context-aware risk prioritization, filtering vulnerabilities based on real-world exploitability and asset exposure.
- Visual topology mapping that highlighted lateral movement paths and workload relationships within the environment.
- Prebuilt compliance frameworks supporting SOC 2, ISO certifications, Microsoft 365, and CIS Benchmarks.
- Fast and scalable deployment, with >85% sensor coverage achieved using Terraform and Helm in one day.
- Potential AI risk: Developers regularly worked with new AI tools, increasing the need for a real-time solution to eliminate AI blind-spots.
- Agile product iteration, with enhancements such as tagging visibility and ephemeral workload handling shipped in days.
- Proactive threat intelligence, with real-time alerts on newly disclosed vulnerabilities observed in People.ai’s live environment.
Why People.ai Chose Upwind
People.ai made the strategic decision to migrate away from Wiz in favor of Upwind’s real-time, runtime-first approach to cloud security. While their previous platform focused on static asset inventory and agentless discovery, it lacked the ability to observe what was actually running, communicating, or being exploited in the live environment.
Upwind’s runtime telemetry filled that gap. By capturing process-level data and cloud-native network flows, Upwind enabled People.ai to gain a precise understanding of how assets interacted and where actual risk existed. This allowed security and engineering teams to resolve the most critical issues first, rather than wasting time investigating noise.
The ability to visualize these relationships via Upwind’s automatically generated topology graph further accelerated cross-functional collaboration. Security engineers could trace an attack path, platform teams could validate workload segmentation, and auditors could confirm control boundaries while using a shared interface.
Ease of Deployment and Increasing Value
With Upwind, we reduced noise, prioritized better, and uncovered risks we couldn’t see before. That’s the value of runtime visibility.”
One of the most impactful benefits of the transition to Upwind was the speed of deployment. While Wiz’s Defend module required sensors to be manually added to golden images, a time-consuming process that limited scale. In comparison, Upwind’s Kubernetes-native deployment approach meant sensors could be rolled out quickly and consistently.
Using Terraform and Helm, People.ai achieved over 85% runtime coverage across cloud environments within the first 24 hours. The remaining coverage was completed with support from Upwind’s customer success team, who resolved edge case integration issues in hours. The overall result was a smooth rollout with minimal operational overhead.
Simplified Compliance Practices
Upwind also enabled People.ai to simplify and accelerate their compliance workflows. The company maintains several high-impact certifications, including SOC 2 Type 2, ISO certifications, and Microsoft 365. Prior to using Upwind, evidence collection for audits was largely manual, requiring screenshots, manual exports, and one-off reports.
With Upwind, much of this effort was automated. The platform continuously monitors for non-compliant configurations such as unencrypted data stores, out-of-date packages, or missing logging controls, and provides audit-friendly reporting that aligns with key certification frameworks. This not only reduced the burden on the security team but improved the company’s ability to maintain continuous compliance throughout the year.
Real Risk Reduction and Operational Impact
Upwind delivered measurable improvements in both risk posture and day-to-day efficiency. The team experienced an estimated 20–30% reduction in false positives due to Upwind’s ability to verify exploitability in runtime. They also discovered new risks, including active communication paths and exposure points that static scans had missed entirely.
Upwind’s ability to detect and surface ephemeral misconfigurations before they disappear gives us a real operational advantage.”
With real-time detection, the team could identify short-lived misconfigurations in ephemeral workloads before they disappeared, something static tools did not offer. This visibility enables the security team to intervene earlier, reduce dwell time, and collaborate with engineering on persistent fixes in CI/CD pipelines.
Operationally, Upwind’s smart prioritization enabled faster mean time to remediation (MTTR) by helping engineers focus only on risks that posed real business impact. Topology views and tagging improvements further streamlined incident triage and enabled more effective vulnerability ownership mapping across distributed teams.
A Platform Built for the Future
Beyond day-one improvements, People.ai sees Upwind as a long-term partner in evolving their cloud security program. As AI adoption continues across the stack, the team plans to leverage Upwind’s AI asset tracking and prepare for compliance with upcoming AI-specific standards, such as ISO.
The product evolves quickly. We’ve seen requested improvements turn into live features in days, not quarters.”
The collaborative product feedback loop with Upwind’s engineering team also ensures the platform evolves alongside People.ai’s needs. Requested improvements such as ephemeral workload tagging, improved alert tuning, and pipeline hygiene recommendations have already been incorporated or are planned for upcoming releases.
Recommended by Security and Engineering
People.ai’s transition to Upwind resulted in faster detection, reduced investigation time, simpler audits, and stronger collaboration across teams. The platform delivered deep runtime insight, agile support, and a lower total cost of ownership than previous tooling.
With a foundation built on real-time telemetry, smart prioritization, and built-in compliance, Upwind is helping People.ai scale its security program with the pace of its platform.
Uplift Your Cloud
Security Today
Schedule a meeting with a cloud security experts today to secure your cloud, reduce friction between your teams and proactively protect your cloud infrastructure and applications.
