From the outside, Upwind Security looks like it’s been a smooth ride so far. In just four years, the cloud security startup is now worth $1.5 billion, and has the likes of Siemens, Peloton, Roku, Wix, Nextdoor and Nubank among its customers. But if you ask the company’s co-founder and CEO Amiram Shachar, the journey to get here has been uneventful.
“Three years ago, we would spend hours asking ourselves if we were going in the right direction, and 80% of the time, it seemed like we weren’t,” the candid Shachar told TechCrunch in an interview after the $250 million Series B startup.
“In the beginning, we constantly asked whether the market needed our solution, whether it was too difficult to integrate into a larger system, or if customers would use it,” he recalls. “Developing a new approach is difficult; people are used to installing certain agents on their machines, but they don’t like doing it.
Upwind likes to call this approach “runtime” security: Prioritize alerts and remediation efforts on threats and vulnerabilities in active services in real time. As Shachar puts it, this is the “inside-out” of cloud security, where internal signals like network requests and API traffic function as context to help security teams separate important risks from those that can wait.
Developing this approach was not easy, because Shachar and the founders did not have a traditional security background: they first created and sold a so-called cloud computing broker. Spot.io, to NetApp in 2020 it is $450 million.
“After joining NetApp to deliver the Spot acquisition, I experienced firsthand how difficult cloud security can be,” said Shachar. “Security teams will scan our environment and report issues, but they don’t have critical context. From a DevOps background, we (Shachar and his team) know the infrastructure deeply, while security teams often don’t know how APIs look or what packages run. As a result, they flag many problems that are not real risks.
But Shachar and his team feel they have a better insight into the cloud environment as they walk. “The dominant approach is an agentless, ‘outside-in’ model where you scan the external environment,” he explained. “It’s easy to install, but it makes a lot of noise because you can only see what’s visible from the outside.”
Techcrunch event
Boston, MA
|
June 23, 2026
The team realized that the context provided by internal signals would be more useful for the security team, because they would be able to see what is happening on the network, in real time. But selling what’s new in cloud security is proving challenging, as security teams often don’t have permission to deploy software internally and port it to more traditional tools.
So Upwind sales take time. “It was not clear at first, and there was a lot of uncertainty; customers were hesitant,” Shachar said.
“But we see things that others don’t,” he said. “Inside-out is not an advanced option; it’s the only way to solve next-generation problems. With ephemeral infrastructure like containers, serverless workloads, AI agents talking to each other, and data constantly moving through APIs, you can’t map this from the outside. You have to be inside.”
However, the company has to contend with a huge security market. Security teams are overwhelmed by the number of tools, and customers don’t want multiple products just to manage cloud security. “From the beginning, it was clear that Upwind needed to build a broad and integrated platform,” Shachar said. “Otherwise, customers will not engage or allow us to use our technology.”
The company’s logic ultimately speaks to its target customers: large, data-intensive organizations with sizable cloud footprints. Since then $100 million Series A in 2024Upwind has grown rapidly, posting 900% year-over-year revenue growth and doubling its customer base. The company has also expanded from its core markets in the US, UK and Israel to emerging markets including Australia, India, Singapore, and Japan.
The $250 million Series B was led by Bessemer Venture Partners, with participation from Salesforce Ventures and Picture Capital. Fresh cash will be used for product development and go-to-market movements, and the startup plans to invest in AI security capabilities in its core cloud security platform and “extend a closer approach to developers to prevent configuration errors before reaching production.”