2025 Gartner® Market Guide for Cloud-Native Application Protection Platforms: 5 Takeaways That We Believe Matter

Gartner has released the 2025 CNAPP Market Guide. According to Gartner: “​​while numerous providers exist, only a handful offer a comprehensive platform with the required breadth and depth of functionality, particularly emphasizing seamless integration through the development and operations processes.”

We believe that Upwind’s inclusion in this group of vendors is a significant milestone. To us, it validates our technology, our vision, and the traction we’ve built in the market – showing that our strategy for unifying cloud infrastructure and application security is not only resonating with customers but earning recognition at the highest levels of the industry. We are helping to set the standard for what a CNAPP can and should be. Here are five key findings from the guide and how they align with where Upwind is leading.

What is a CNAPP?

We view Gartner’s definition of a CNAPP as a useful lens for understanding why this category sits at the core of our strategy. In our opinion, it describes not only the individual capabilities required, but also the mindset of protecting cloud-native systems from the very start of development through live production.

“Cloud-native application protection platforms (CNAPPs) are a unified and tightly integrated set of security and compliance capabilities, designed to protect cloud-native infrastructure and applications. CNAPPs incorporate an integrated set of proactive and reactive security capabilities, including artifact scanning, security guardrails, configuration and compliance management, risk detection and prioritization, and behavioral analytics, providing visibility, governance and control from code creation to production runtime.”

In practice, CNAPPs provide code-to-runtime security, combining pre-deployment checks with real-time runtime protections and visibility. This end-to-end coverage is exactly what Upwind delivers, and it’s what makes this category so strategically important for our customers.

Key Takeaways from the CNAPP Market Guide

1. Continued Tool Consolidation & Increased CNAPP Adoption

According to Gartner, “by 2029, 40% of enterprises that successfully implement zero trust within cloud service provider environments will rely on the advanced visibility and control capabilities offered by CNAPP solutions.” Half of all enterprise applications will run in containers, requiring unified controls for infrastructure and applications. These trends position CNAPPs as essential for securing containerized workloads. Upwind already delivers this level of protection, helping customers safeguard containerized workloads without slowing their deployments.

Interest in CNAPPs is driven by:

• Risk prioritization across the stack: Unified risk visibility across IaaS, PaaS, and the application lifecycle, replacing siloed tools.
• Tool consolidation: Reducing complexity, cost, and the blind spots created by manually correlating data from multiple sources.

2. Zero-Risk Applications are Impossible

While some teams still chase the idea of a flawless security posture, Gartner makes it clear that the goal should be something more realistic and effective. Their definition below reframes the conversation toward prioritizing and addressing the risks that matter most.

“Security teams must understand and acknowledge that a perfect, risk-free application is not possible. Perfection is the enemy of good enough. Instead, security teams should focus on an approach that identifies the highest severity, highest confidence risks and risk-prioritizes remediation efforts to the responsible developer.”

Gartner urges that “instead, security teams should focus on an approach that identifies the highest severity, highest confidence risks and risk-prioritizes remediation efforts to the responsible developer.” CNAPPs enable this by providing:

• Lifecycle visibility with root-cause context
• Runtime sensors and agentless scanning
• Infrastructure and application topology mapping

Acknowledging risk as inevitable allows teams to focus on remediating what matters most. Upwind’s prioritization engine and runtime intelligence make that focus immediate and actionable.

3. CNAPP Buyer Personas are Expanding

Funding still comes largely from CISOs, but influence now includes cloud security operations, platform engineering, development, and application security. Drivers include tool consolidation and seamless DevOps integration.

Gartner identifies adjacent capabilities including:

• Application security testing (AST)
• Application security posture management (ASPM)
• API discovery and posture management
• Distributed WAF
• Cloud detection and response (CDR)
• Data security posture management (DSPM)

Upwind unifies these capabilities in a single platform, reducing complexity for security teams and improving collaboration across stakeholders.

4. Unified Cloud Infrastructure and Application Protection

The strongest CNAPP platforms merge cloud infrastructure and application protection into one unified approach. This convergence addresses a long-standing gap between infrastructure-focused tools and application-level defenses. Bringing these layers together allows security teams to apply consistent policies and reduce the friction of managing multiple point solutions. It also strengthens their ability to detect and respond to threats across the full stack.

Converging infrastructure and application protection in a single CNAPP offers:

• Centralized risk identification and remediation
• Reduced operational complexity
• A unified data model and analytics for better correlation and prioritization

Upwind’s unified data model and context-rich analytics have already helped customers cut investigation times and accelerate remediation. For example, a global technology company operating across AWS, Azure, and GCP used Upwind to unify visibility and policy enforcement across all environments, reducing investigation times by 60% and improving deployment velocity for new workloads.

5. The Rise of GenAI Security in CNAPP

Securing AI workloads is quickly becoming a frontline challenge for modern enterprises, and it’s changing expectations for what a CNAPP must deliver. Generative AI is reshaping how CNAPPs operate. Gartner notes that “CNAPP solutions are increasingly incorporating generative AI (GenAI), common language interpreters, machine learning (ML) and large language models (LLMs) to reduce management overhead, offer policy recommendations, and enhance pattern analysis for threat detection and response.”  This makes them integral to risk detection, analysis, and response, rather than optional extras. The shift goes beyond efficiency gains. It creates new opportunities to understand complex attack patterns, automate remediation guidance, and give security teams richer, context-driven insights.

Upwind takes this further by applying our runtime-powered context to GenAI security, ensuring AI workloads are protected throughout their lifecycle. From model and framework posture management to detecting AI-specific threats in production, our approach integrates enhanced threat detection with proactive protection for GenAI workloads.

Before detailing these, it’s worth noting how these innovations translate into practical strengths for security teams. Building on these advances, GenAI-enabled CNAPPs bring capabilities such as:

• Real-time analysis of AI model behaviors and dependencies
• Automated policy recommendations tailored to AI workloads
• Natural language summaries and investigation support for faster response
• AI-specific threat intelligence integrated into broader cloud risk prioritization

One organization that put these capabilities into practice with Upwind is a multinational media company developing AI-driven content workflows. With our CNAPP, they secured a broad range of models and frameworks across AWS and Azure. Within weeks, they improved AI model deployment speed by 40% while maintaining strict compliance controls across jurisdictions. Together, these innovations make Upwind the clear choice for organizations that want to secure both their current workloads and the emerging AI-powered systems that will define the next decade.

Conclusion

We believe that Gartner’s recognition of Upwind in the 2025 CNAPP Market Guide is a clear signal that our work is helping define the future of cloud security. In our opinion, it reflects the strength of our approach and the results we are delivering for customers. We provide deep code-to-runtime protection, advanced data security, and AI workload defense in a single integrated platform. These capabilities empower customers to secure rapidly evolving environments while maintaining speed and agility.

As enterprises shift toward unified, context-driven cloud security, Upwind is leading the way. We’re enabling organizations to simplify their security stack, close critical gaps, and accelerate with confidence. Schedule a demo to see how Upwind can help protect what matters most in your cloud.

Gartner, Market Guide for Cloud-Native Application Protection Platforms, 5 August 2025

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.