
Upwind and Legit Security Partner to Deliver True Code-to-Cloud Application Security
As software delivery accelerates with cloud-native architectures and AI-driven development, security must evolve to match the speed and complexity of modern engineering. That’s why Upwind, the runtime-first CNAPP, and Legit Security, a leader in Application Security Posture Management (ASPM), are partnering to provide end-to-end, code-to-cloud protection that combines deep runtime context with secure software development. […]

CSPM vs SSPM
The explosion of Software as a Service (SaaS) apps and cloud usage is related. After all, today, it’s commonplace for enterprise teams to call up an app that lives in a cloud infrastructure and have it perform specialized business tasks. Where else would these apps live? Could SaaS exist without the cloud? So why are […]

Post-Breach Analysis: The Ever-Growing Role of CNAPP
In May 2025, cryptocurrency exchange Coinbase faced a Trojan Horse breach and ransomware attempt that earned them accolades for detecting and addressing the intrusion within hours. It started when an authorized user agreed to run a patch script that contained malware designed to exfiltrate sensitive data to attackers. Though the attack is the kind of […]

What is Container Orchestration?
The majority of Kubernetes containers live for less than 5 minutes. That’s a security challenge, with an attack surface that’s dynamic, ephemeral, and increasingly abstracted behind layers of orchestration. Traditional perimeter tools aren’t built for that, nor are the stale security strategies that created them. So how do teams monitor workloads that don’t persist long […]

Cloud Security Posture Management (CSPM) in AWS
We’ve talked about security posture and Amazon Web Services (AWS) security basics, like securing containers in the unique environment that AWS offers. So in this article, we’ll go deeper into the real-world pain points, trade-offs, and strategic challenges of security posture in AWS. Where does shared responsibility confusion leave gaps between CSPM tools and AWS-native […]

Mitigating GenAI Data Exposure in Light of OpenAI’s New Data Retention Policy
On June 6, 2025, Reuters reported that OpenAI is appealing a U.S. court order requiring the company to preserve all user interactions with ChatGPT and its API, including conversations that users deleted. This legal mandate stems from an ongoing copyright lawsuit filed by The New York Times and has effectively suspended OpenAI’s standard data deletion […]

Upwind Named to Redpoint’s InfraRed 100 for the Second Year in a Row
We’re honored to share that Upwind has been named to Redpoint Ventures’ 2025 InfraRed 100, a list that recognizes the most promising private companies driving innovation in cloud infrastructure. This is our second year in a row receiving this recognition, and we’re incredibly humbled to be included alongside so many trailblazers in the space. The InfraRed 100 highlights […]

Upwind Partners with ZEST to Combine Runtime Protection with Real-World Remediation
Upwind is focused on a simple but powerful idea: security only matters when it can lead to action. Our platform delivers real-time, runtime intelligence – enriching posture findings with deep behavioral context, API and identity awareness, and actual exploitability signals. But even the most advanced detection loses value if remediation is slow, manual, or siloed. […]

Upwind + Jit: Bringing Runtime Context to AI-Powered Vulnerability Triage
Security teams are drowning in alerts. Static scanners surface thousands of issues, but most are irrelevant. The real challenge isn’t finding problems, it’s knowing which ones to fix. The Upwind + Jit integration brings runtime intelligence directly into AI-powered workflows so you can stop guessing and start fixing what matters. By combining Upwind’s real-time context […]

Bridging Runtime Risk and Code Ownership: Upwind + Cycode
As cloud environments grow more complex, runtime threats are increasingly tied to issues that originate far earlier in the software lifecycle. For example, a vulnerable open-source dependency introduced during development or misconfigured build pipelines that resulted in insecure container images. At Upwind, we believe runtime security is the foundation – but security doesn’t stop there. […]