From the outside, Upwind Security appears to have had a smooth ride so far. Just four years later, the cloud security startup is now worth $1.5 billion and boasts clients including Siemens, Peloton, Roku, Wix, Nextdoor and Nubank. But if you ask the company’s co-founder and CEO Amiram Shachar, the journey to get here has been anything but smooth.
“Three years ago, we were spending hours asking ourselves if we were going in the right direction, and 80% of the time, it felt like we weren’t,” an outspoken Shachar told TechCrunch in an interview after the startup’s recent $250 million Series B.
“In the beginning, we constantly questioned whether the market needed our solution, whether it would be too difficult to integrate into larger systems, or whether customers would adopt it,” he recalls. “Developing a new approach was difficult; people are used to installing certain agents on machines, but they don’t like doing it.”
Upwind likes to call this approach “runtime” security: Prioritizing alerts and remediation efforts around threats and vulnerabilities in live services in real time. As Shachar puts it, it’s an “inside-out” approach to cloud security, where internal signals like network requests and API traffic act as a framework to help security teams separate urgent risks from those that can wait.
But developing this approach wasn’t easy, as Shachar and his co-founders didn’t have a traditional background in security: They first built and sold a cloud brokerage called Spot.io on NetApp for about $450 million in 2020.
“After joining NetApp after the Spot acquisition, I saw firsthand how difficult cloud security really is,” said Shachar. “The security team would scan our environment and report issues, but they didn’t have critical context. Coming from a DevOps background, we [Shachar and his team] deeply understood the infrastructure, while security teams often didn’t know how APIs were exposed or what packages were running. As a result, they highlighted many issues that were not real risks.”
But Shachar and his team felt they had better insight into cloud environments because they were running them. “The dominant approach has been agentless, an ‘outside-in’ model where you scan environments externally,” he explained. “It’s easy to deploy, but it creates a lot of noise because you can only see what’s visible from the outside.”
Techcrunch event
Boston, MA
|
June 23, 2026
The team realized that the context provided by the internal signals would be more useful to security teams as they could see what was happening on the network, in real time. But selling their new take on cloud security proved challenging, as security teams often lack permission to develop software in-house and default to more traditional tools.
So Upwind’s sales took time. “It wasn’t clear at first and there was a lot of uncertainty; customers were hesitant,” Shachar said.
“But we saw something that others didn’t,” he explained. “Inside-out is not an advanced option, it’s the only way to solve next-gen problems. With ephemeral infrastructure like containers, serverless workloads, AI agents talking to each other, and data constantly moving through APIs, you just can’t map it from the outside. It has to be inside.”
However, the company had to deal with an overcrowded security market. Security teams were already overwhelmed by the number of tools, and customers didn’t want multiple products just for cloud security management. “From the beginning, it was clear that Upwind would have to build a broad, integrated platform,” said Shachar. “Otherwise, customers wouldn’t engage or allow us to develop our technology.”
The company’s logic ultimately spoke to its target customers: large data-intensive organizations with fairly large cloud footprints. Since a $100 million Series A in 2024, Upwind has grown rapidly, growing 900% year-over-year in revenue and doubling its customer base. The company has also expanded from its core markets of the US, UK and Israel to emerging markets such as Australia, India, Singapore and Japan.
The $250 million Series B was led by Bessemer Venture Partners, with participation from Salesforce Ventures and Picture Capital. The fresh cash will be used for product development and go-to-market moves, and the startup plans to invest in its AI security capabilities within its core cloud security platform and “expand its reach closer to developers to help prevent misconfigurations before they reach production.”
