We are excited to announce that Upwind has been recognized by Latio as a leader in both Cloud Security and Cloud Application Detection and Response (CADR) in the newly released 2025 Latio Cloud Security Market Report. In this report, analyst James Berthoty highlights how the cloud security landscape is rapidly evolving beyond traditional CNAPP models, […]

In today’s fast-paced development environments, the speed of software delivery has outpaced traditional security workflows. APIs are often published before they’re reviewed, cloud resources are deployed via automation, and new vulnerabilities emerge in runtime that never existed in dev or staging. It’s estimated that over 50% of data breaches by 2025 will originate from unprotected […]

Upwind now supports a significant new AI-powered capability in the Upwind platform, allowing users to create custom posture rules with LLM-based Rego, streamlining workflows and accelerating reduction of their cloud attack surface. Upwind’s runtime-backed posture engine has always surfaced high-impact misconfigurations that pose true risks to cloud environments, often missed by traditional CSPMs. With this […]

Gartner has released the 2025 CNAPP Market Guide. According to Gartner: “​​while numerous providers exist, only a handful offer a comprehensive platform with the required breadth and depth of functionality, particularly emphasizing seamless integration through the development and operations processes.” We believe that Upwind’s inclusion in this group of vendors is a significant milestone. To […]

Cloud-native infrastructure has become more dynamic and distributed, but application behavior at runtime remains one of the most overlooked aspects of cloud security. Attackers increasingly exploit logic flaws and runtime gaps that static analysis can’t catch. Following our acquisition of Nyx in April 2025, we’ve now fully integrated its technology into the Upwind platform. This […]

Overview: CVE-2025-23266 is a container‑escape vulnerability (CVSS 9.0) affecting the NVIDIA Container Toolkit and GPU Operator. While this vulnerability requires multiple specific conditions, it has the potential to allow a malicious container image to escape its sandbox and execute code as root on the host. NVIDIA has released patched versions of both components. Upgrading to Toolkit v1.17.8  and  GPU Operator 25.3.1 […]

As software delivery accelerates with cloud-native architectures and AI-driven development, security must evolve to match the speed and complexity of modern engineering. That’s why Upwind, the runtime-first CNAPP, and Legit Security, a leader in Application Security Posture Management (ASPM), are partnering to provide end-to-end, code-to-cloud protection that combines deep runtime context with secure software development. […]

The explosion of Software as a Service (SaaS) apps and cloud usage is related. After all, today, it’s commonplace for enterprise teams to call up an app that lives in a cloud infrastructure and have it perform specialized business tasks. Where else would these apps live? Could SaaS exist without the cloud?  So why are […]

In May 2025, cryptocurrency exchange Coinbase faced a Trojan Horse breach and ransomware attempt that earned them accolades for detecting and addressing the intrusion within hours.  It started when an authorized user agreed to run a patch script that contained malware designed to exfiltrate sensitive data to attackers. Though the attack is the kind of […]

The majority of Kubernetes containers live for less than 5 minutes. That’s a security challenge, with an attack surface that’s dynamic, ephemeral, and increasingly abstracted behind layers of orchestration. Traditional perimeter tools aren’t built for that, nor are the stale security strategies that created them.  So how do teams monitor workloads that don’t persist long […]