Welcoming Salesforce Ventures to the Upwind Family
What started as a visibility problem has become something much more dynamic and urgent: understanding what is actually happening inside modern cloud environments, in real time. As infrastructure becomes more distributed, ephemeral, and increasingly shaped by AI, security teams need more than snapshots. They need context. They need precision. And they need answers that move at the speed of their applications.
That’s why we’re excited to share that Salesforce Ventures is joining Upwind’s $250 million Series B.
This is more than a milestone for our business. It’s a strong signal that the market is entering a new phase — one where runtime context is becoming foundational to cloud security, and where the ability to separate theoretical risk from real-world exposure matters more than ever.
The Evolution
The history of modern cloud security has been defined by three distinct eras.
- The Visibility Era (2018–2020): As enterprises lifted and shifted workloads to the cloud, the primary challenge was simply seeing what was out there. This era gave rise to the first generation of Cloud Security Posture Management (CSPM) tools — scanners that inventoried assets and checked for basic misconfigurations.
- The Shift-Left and Agentless Era (2021–2023): As cloud adoption matured, friction became the enemy. DevOps teams rejected heavy agents that slowed down deployments. The market swung toward agentless scanning — taking snapshots of disk volumes via APIs to find vulnerabilities without installing software. While this solved the friction problem, it created a new one: noise. These tools flagged every theoretical vulnerability, leading to massive alert fatigue.
- The Runtime and AI Era (2024–Present): In the current third phase, near real-time visibility is no longer sufficient. Modern cloud-native environments are ephemeral, complex, and increasingly driven by AI. In this era, security must move from outside-in observation to inside-out understanding.
Against this backdrop, strategic value is consolidating in the Cloud-Native Application Protection Platform (CNAPP) category — and we believe that the future belongs to platforms that can bring real runtime intelligence into every security decision.
The Opportunity
At Upwind, we’re redefining the CNAPP market with a runtime-first approach.
Instead of relying solely on static API scans, Upwind leverages its runtime fabric technology to gain deep, unmatched visibility into running workloads without the heavy performance penalty of legacy agents.
This inside-out architecture allows us to do something static scanners cannot: determine reachability. Drastically Prioritize cloud security risks. Build bridges between security and devops and save enormous amount of precious time.
By correlating build-time data with real-time runtime context, Upwind can mathematically prove which vulnerabilities are actually exploitable in a production environment. If a vulnerable library is present on a disk but never loaded into memory, Upwind knows it is not an immediate threat. That context allows our platform to filter out approximately 95% of alert noise, empowering security teams to focus on the risks that actually matter.
Beyond vulnerability prioritization, Upwind unifies critical security pillars — CSPM, Cloud Workload Protection, Cloud Detection and Response, API Security, and Identity — into a single, coherent platform. It provides a real-time map of network topology and data flows, enabling organizations to secure everything from containers and serverless functions to the rapidly expanding attack surface of AI models and pipelines.
What’s Ahead
This new chapter is about more than capital. It’s about momentum, direction, alignment, and continuing to build for what matters to customers in an ever changing cloud infrastructure world.
