Upwind + Nyx: Advancing Runtime Security into the Application Layer
Cloud-native infrastructure has become more dynamic and distributed, but application behavior at runtime remains one of the most overlooked aspects of cloud security. Attackers increasingly exploit logic flaws and runtime gaps that static analysis can’t catch. Following our acquisition of Nyx in April 2025, we’ve now fully integrated its technology into the Upwind platform. This integration brings us closer to a unified Cloud and Application Detection and Response (CADR) platform with full-stack visibility and deep protection across both infrastructure and the application layer.
This marks a meaningful shift in the capabilities available to security teams responsible for defending modern production environments.
Runtime-Level Application Insight
While many CNAPP solutions offer strong posture management and workload telemetry, they often fall short when it comes to understanding what applications are doing during runtime. Upwind already is a leader in runtime security and contextualized risk findings that highlight runtime exposure, and with this incorporation of Nyx’s technology into our platform, we are able to provide even deeper function-level visibility within running applications. This distinction enables security teams to determine whether specific vulnerable functions are actually being invoked and could be exploited – shifting the discussion from runtime exposure to runtime exploitability.
By observing function-level execution at runtime, Nyx’s engine connects the dots between application behavior and known vulnerabilities.
This enables two key outcomes:
- Precision vulnerability triage: We cut more than 60% of noise by confirming which vulnerable functions are actually invoked and run in production. This reduces alert fatigue and improves prioritization.
- Application-layer threat detection: Combined with Upwind’s runtime baselines, function-level data allows us to detect anomalous application behavior, including logic abuse, exploit attempts, and lateral movement inside services.
For teams tired of investigating irrelevant CVEs or missing application-layer signals altogether, this unlocks immediate value.
A Platform Approach to Detection and Response
Upwind was built from the beginning with a belief that runtime is the most strategic layer for defense. The addition of Nyx reinforces this direction by introducing function-level application monitoring into the existing runtime-native detection architecture.
By incorporating Nyx’s function-level context alongside infrastructure-level telemetry, Upwind is now able to detect, correlate, and respond to threats that span both layers – giving security teams a more complete picture of risk and the ability to act with greater precision and speed.
“Upwind, now with Nyx, provides real-time signal, context, and action – from the infrastructure to the process level. Mergers and acquisitions in the software industry are never easy. A perfectly executed integration, across both culture and technology, is essential to deliver a seamless user experience and a resilient architecture. That’s exactly what we’ve achieved with Nyx.”
-Amiram Shachar, co-Founder and CEO, Upwind
The First True CADR Platform that’s Built for Runtime
Upwind now fills a critical gap in the CNAPP ecosystem by providing what other platforms lack: real-time, function-level visibility into application behavior during execution. Where others stop at posture management or stop short of real application insight, we’re building the first runtime-native platform with true application-layer detection.
Our thesis is simple: modern threats execute at runtime, and detection needs to operate at that layer, with full-stack visibility from infrastructure to code paths.
Nyx’s technology is now live in Upwind, powering new application-layer detection features, including Application Detection and Response capabilities as part of a broader cloud security platform. Upwind is now the first player to offer application-layer runtime detection as part of a unified CNAPP platform, giving security teams a unified way to protect modern cloud environments.
Supporting Real-Time Security Operations
The addition of Nyx is not just about improving observability. It directly supports the operational goals of security teams who need to triage alerts faster, investigate threats with full context, and reduce risk without slowing down delivery. By anchoring detection in runtime and showing how applications behave in production, Upwind helps teams make faster, more informed decisions.
The integration was accelerated by a shared architectural philosophy. Both Upwind and Nyx were built for performance, scale, and minimal impact on production environments. Their common foundation in eBPF and focus on real-time, in-line telemetry allowed for a seamless technical integration. This reduces risk for customers and accelerates time to value.
Looking Ahead
As attackers continue to evolve their techniques and move laterally through cloud-native environments, security tools must move with them. Static scans and posture checks help, but they can’t detect threats as they unfold. Organizations need visibility into what is happening during execution, and they need it with the fidelity to act before damage occurs.
With Nyx now fully integrated, Upwind provides a platform that delivers this capability across infrastructure and applications. In the coming months, we will continue to expand this vision by enhancing our runtime-native approach to emerging areas, including data security and AI workloads.
For security leaders looking to reduce overhead and gain real-time insight into live environments, this integration delivers a clear advantage with faster triage, better context, and earlier threat detection. It strengthens our position as the platform of choice for organizations that view runtime as the foundation of modern cloud security. Want to see how Upwind surfaces function-level threats and ties runtime behavior to real application risk? Schedule a demo to explore it live.
