Upwind Security is a company that provides a runtime-powered cloud security platform (CNAPP) that uses eBPF technology to provide real-time visibility and identify, prioritize, and remediate critical risks and threats in active cloud environments. Pulse 2.0 interviewed Upwind Security Chief Security Officer Rinki Sethi to learn more.
Rinki Sethi’s Background
Rinki Sethi
Could you tell me more about your background? Sethi said:
“I’ve worked in cybersecurity for over twenty years, starting as an engineer focused on building security infrastructure and incident response systems. The hands-on experience gave me a strong technical foundation and customer-first lens that still shapes how I approach security today.”
“Over my career, I’ve led security organizations at companies including Rubrik, Twitter, and BILL, working on everything from threat intelligence and data protection to securing cloud-native products and managing regulatory compliance. As CISO at Twitter, I was responsible for global security strategy and incident response during a particularly eventful period for the company.”
“Beyond my day-to-day roles, I am active across the cybersecurity community in many ways. I co-founded Lockstep Ventures to invest in cybersecurity innovation, serve on the boards of companies like Vaultree and ForgeRock, and advise many other startups and innovators that are moving the field forward.”
“I also hold a bachelor’s degree in Computer Science Engineering from UC Davis and a master’s degree in Information Security from Capella University.”
“That mix of operational and strategic experience is what led me to Upwind. I started out as a customer and later joined the team as CSO because I believe so deeply in what the company is building and how they’re leading the industry forward.”
“My role at Upwind goes beyond traditional security oversight. As Chief Security & Strategy Officer at Upwind, I lead our global information security and strategy functions. Because security is core to our product, it must be part of every decision we make, not an afterthought.”
“Coming from the practitioner side, I understand what security teams are up against. I’ve been on the receiving end of noisy alerts, fragmented tools, and limited context. That’s why a major part of my work is ensuring we build tools that actually work in today’s fast, complex environments where cloud infrastructure constantly evolves, AI workloads become standard, and identity and data sprawl create real challenges.”
“I’m also deeply involved in shaping our broader company strategy, including marketing, go-to-market initiatives, and customer engagement. Having been an early customer of Upwind myself, I bring both the practitioner’s perspective and a strategic view to help accelerate the industry’s shift toward real-time, runtime-first cloud security.”
“My goal at Upwind is to give practitioners the tools I wish I had when I was in their shoes, the tools they need to respond faster and stop threats in real time.”
Favorite Memory
What has been your favorite memory working for the company so far? Sethi reflected:
“One of my favorite memories is actually how this all began. I got a message out of the blue from Omri Casspi, and I genuinely thought it was a phishing attempt. I had no idea he’d gone from the NBA to tech investing.”
“When we finally connected, he told me about a company called Upwind Security and introduced me to the founder, Amiram Shachar. I was intrigued, took the call, and I’m so glad I did.”
“The vision was bold, the technology was ahead of its time, and the team was world-class. I’m so proud to be part of the Upwind journey and to be building alongside people I now call family.”
Core Products
What are the company’s core products and features? Sethi explained:
“Upwind is a next-generation cloud security platform built to lead the runtime revolution, purpose-built for the speed and complexity of modern cloud infrastructure, where everything is dynamic and constantly evolving.”
“Unlike traditional tools that rely on static scans or logs, essentially working from the outside-in, Upwind operates from the inside-out, observing what’s actually happening in real time across workloads, containers, APIs, and network activity. This gives security teams the most accurate, context-rich data available so they can make the smart, fast decisions.”
“This runtime foundation powers our unified Cloud-Native Application Protection Platform (CNAPP), which combines Cloud Security Posture Management (CSPM), Cloud Workload Protection (CWPP), Cloud Detection and Response (CDR), vulnerability management, API and container security, and identity protection into a single solution. We continuously map activity as it happens across configurations, identities, workloads, and data flows to provide a centralized resource for security teams.”
“The shift from analyzing static configurations to understanding actual usage gives security teams immediate visibility into connectivity, topology, and real application behavior. As a result, customers can cut through 98% of the noise and focus on the issues that truly matter.”
“By showing what is happening in the cloud environment in real time and prioritizing risk based on actual behavior, not what happened hours before, Upwind helps customers shift from reactive to proactive security. This allows teams to respond faster, reduce alert fatigue, and prevent threats before they escalate, leaving organizations confident and secure.”
Challenges Faced
Have you faced any challenges recently? Sethi acknowledged:
“One of the biggest challenges I face as a CSO is making sure we keep up with the rapid pace and complexity of modern cloud-native environments. Traditional security tools often can’t keep up with dynamic deployments, short-lived containers, and the growing adoption of new technologies like GenAI. At Upwind, we’re overcoming this by focusing on runtime-first security, which gives teams real-time visibility and context so they can detect and stop threats as they happen rather than relying on delayed log analysis.”
Evolution Of The Company’s Technology
How has the company’s technology evolved since launching? Sethi noted:
“Even when I was a customer, it was clear the company was ahead of the curve. Upwind changed how people think about cloud security by shifting the focus from static configurations to real usage. From day one, we built around the idea that runtime context gives you the most accurate, actionable view of risk.”
“We launched with a differentiated approach: combining CSPM and runtime visibility into one platform. That means pulling signals across identity, network, storage, configurations, and topology into a single dashboard with high-fidelity data and contextualized findings. Since then, we’ve expanded into a unified CNAPP, adding container security, API security, vulnerability management, AI/ML workload protection, and application security, among other functionalities. Just earlier this year, we acquired Nyx and integrated their technology into ours, to deepen our capabilities at the app layer.”
“Cloud security teams are shifting away from siloed tools toward unified, risk-focused platforms. Upwind is built for that. We give teams real-time visibility across workloads, identities, and infrastructure, so they can manage risk, not just alerts. As the cloud evolves, so does our platform. The next stage is continuing to expand into AI and data security to meet the needs of tomorrow’s environments.”
Upwind has already embedded AI deeply across its CNAPP to secure both traditional cloud workloads and the rapidly emerging AI attack surface. Rather than treating AI as an add-on or assistant layer, Upwind applies AI directly to how risk is discovered, prioritized, and investigated using real runtime evidence.
Over the last two months, Upwind introduced Inside-Out AI Security within its unified CNAPP platform, extending runtime visibility and protection to AI models, agents, MCPs, inference endpoints, and AI data flows. Because these AI-native capabilities are built directly into Upwind’s platform, they benefit from the same deep cloud context already powering its data security, API security, identity, and cloud detection and response. This gives organizations real-time insight into how AI systems actually behave in production — what data they touch, how agents act, and where risk is truly exploitable — rather than relying on static assumptions or periodic scans. This includes AI Detection & Response, AI Posture Management (AI-SPM), AI Bill of Materials (AI-BOM), and runtime tracing of agent and MCP activity across cloud environments.
Upwind also launched Choppy AI, a transparent, natural-language AI layer built directly into its platform. Choppy AI allows security teams to explore assets, investigate threats, and create policies using natural language, while exposing all underlying logic as editable queries and rules. Unlike black-box AI tools, every output is visible, auditable, and enforceable — combining the speed of GenAI with the control required for real security operations.
Together, these innovations use AI to fundamentally change how security teams understand and act on risk in modern cloud and AI-driven environments. Upwind’s AI-driven, runtime-aware approach has helped customers dramatically reduce alert noise while accelerating investigation and response across both cloud and AI workloads.
“Today, Upwind is one of the fastest-growing independent cloud security companies in the market, emerging as a challenger to legacy approaches amid rapid industry consolidation.”
Significant Milestones
What have been some of the company’s most significant milestones? Sethi cited:
“The past year has been a major inflection point for Upwind. Upwind’s momentum reflects more than rapid growth. It signals a broader shift in how enterprises are approaching cloud security as environments become more complex and teams demand stronger context for faster decisions. Since its $100 million funding round just a year ago, Upwind has rapidly expanded its platform and accelerated growth, achieving 900% year-over-year revenue growth and 200% logo growth.
During this period, Upwind scaled its global footprint significantly, expanding its workforce from 150 to more than 300 employees, and deepened its presence across core markets including the U.S., U.K. and Israel – with momentum building in Australia, India, Singapore and Japan. Today, Upwind secures millions of workloads for global enterprises, including Waste Management, Siemens, Carvana, Roku, ClickUp, Wix, Nubank, Agoda, Peloton, Fiverr and BILL, helping security teams cut through noise and focus on what matters most. Customers report a 98% reduction in security alerts and 60% fewer irrelevant CVEs, enabling teams to prioritize real risk using runtime context rather than static signals.
To support global enterprise-scale adoption, Upwind has also expanded its ecosystem and partnerships. Over the past year, the company added 100+ new partners across ISVs, MSPs and resellers, launched a strategic partnership with NVIDIA and deepened collaborations with hyperscalers, including Microsoft Azure and AWS.
Upwind has been recognized by analysts and third parties across the cloud security market. The company was named CNADR Company of the Year by Frost & Sullivan, and recognized as a Leader and Outperformer in Container Security by a leading tech practitioner analyst firm. Upwind was also recognized in the Gartner 2025 Market Guide for CNAPP and included in three Gartner Hype Cycles, and is rated 4.9 out of 5 on Gartner Peer Insights in the CNAPP category. The company was named to Fortune’s Cyber 60, recognized as a CRN 2025 Stellar Startup in Security, and named a Leader and Emerging Innovator in the QKS Group SPARK Matrix™ for CNAPP 2025, with a top-right quadrant placement in ISMG’s 2025 CNAPP Market Guide. In addition, Upwind was named a two-time Leader in Cloud Application Detection and Response (CADR) and Cloud Security in Latio’s 2025 Cloud Security Market Report.
And just last week, Upwind raised $250 million in Series B funding, bringing its total funding to $430 million. The round was led by top investors including Bessemer Venture Partners, with participation from Salesforce Ventures and Picture Capital. Existing investors include Greylock, Cyberstarts, Leaders Fund, Craft Ventures, TCV, Alta Park, Cerca Partners, Swish Ventures and Penny Jar Capital.
Customer Success Stories
Can you share any specific customer success stories? Sethi highlighted:
“When people ask for customer stories, I always start with my own.”
“I was one of Upwind’s first customers when I was CISO at Bill.com. That’s why I joined. Nobody does runtime security better. Runtime was just emerging as a concept three years ago when I met the Upwind team. The market is just starting to understand the importance of runtime. Many CISOs have invested in CSPM and are now understanding the importance of filling gaps that still exist in runtime security in their environments.”
“The truth is that you can’t do security right unless you’re at runtime.”
“And it’s not just about selling Upwind, it’s about pushing the industry forward as we enter an agentic future. Agents will take action in real time and runtime context will be more important than ever for that future state.”
“To power that, you need deep runtime visibility and data. And that’s exactly where we’re strong.”
Funding/Revenue
Are you able to discuss funding and/or revenue metrics? Sethi revealed:
“Upwind just closed a Series B funding round of $250 million, led by Bessemer Venture Partners, with participation from Salesforce Ventures and Picture Capital. Existing investors include Greylock, Cyberstarts, Leaders Fund, Craft Ventures, TCV, Alta Park, Cerca Partners, Omri Casspi, and Penny Jar Capital. This brought our total funding to $430 million. The Series B marks the beginning of what Upwind calls “The Next Wave,” its next phase of growth focused on scaling runtime-first cloud security to enable a new era of AI and real-time cloud applications for enterprises globally.”
Total Addressable Market
What total addressable market (TAM) size is the company pursuing? Sethi assessed:
“Upwind operates in one of the largest and fastest-growing segments in cybersecurity: cloud security. Industry leaders and our investors recognize the CNAPP market as a multi-billion dollar opportunity that is still in the early innings.”
According to Frost & Sullivan, the global CNAPP market is projected to reach $18.79 billion by 2029, growing at about 28% per year. Gartner also predicts that by 2029, 40% of enterprises that successfully implement zero trust in cloud service provider environments will rely on CNAPP solutions for advanced visibility and control. As cloud and AI adoption accelerate, cloud-native architectures have outgrown approaches based on posture snapshots and static signals, which drive heavy alert volume without clearly showing what is truly exploitable.
Upwind was founded on a different belief: cloud security must be built on runtime evidence, the only way to secure the new world of cloud applications, helping teams reduce noise, prioritize real risk and move faster without slowing the business.
“As organizations continue to move beyond legacy agentless approaches and static CSPM tools, demand is rapidly shifting toward real-time protection and deep runtime context.”
Differentiation From The Competition
What differentiates the company from its competition? Sethi affirmed:
“Most security vendors approach from the outside-in. We flip the script with an inside-out approach to cloud security. Traditional tools rely on static scans and external configurations, but we monitor how applications actually behave in production. That includes runtime activity, APIs, network topology, and data flows, giving security teams real-world context instead of theoretical risk. It’s the difference between assessing what a system is allowed to do and what it’s actually doing.”
“At the core of our platform is a runtime fabric, a continuous telemetry layer that captures application behavior, API connections, data usage, and network activity. This foundation powers smarter security controls across the stack.”
“We also dramatically reduce noise to help teams prioritize real risk. Our customers report up to 98% drop in false positives compared to other tools. Upwind’s alerts are trusted because they’re grounded in real activity, not hypothetical risks.”
“Unlike other companies, we also foundationally integrate runtime context into every layer of the security program, from vulnerability management to misconfiguration detection and shift-left efforts. It makes every control smarter and more relevant to how systems are actually used.”
“Finally, our flexible deployment model supports both agent and agentless approaches, as opposed to other vendors who only focus on agentless coverage. That gives teams deeper runtime and application insight compromising on coverage or ease of use.”
Future Company Goals
What are some of the company’s future goals? Sethi emphasized:
“We’re building the most trusted and comprehensive cloud security platform on the market. Upwind is positioned in one of the fastest-growing areas of cybersecurity: securing cloud workloads as they become more dynamic, distributed, and powered by AI. As AI becomes a core part of cloud-native workloads, the stakes get higher, and we’re already ahead of that curve. Our platform is built for speed, context, and precision at runtime. We’re continuing to expand further into areas like data security and AI security, and investing heavily in product innovation, integrations, and strategic partnerships.”
“Upwind is building towards being the number one cloud security solution on the market that enterprises choose when they need the highest level of protection and confidence.”
Additional Thoughts
Any other topics you would like to discuss? Sethi concluded:
“I’m particularly passionate about how GenAI is reshaping the cloud security landscape.”
“The threat landscape is evolving fast, especially as AI becomes part of every workload. We’re already seeing AI used by both security teams and threat actors, and that shift is only accelerating. Security leaders can’t afford to sit still. As innovation moves, so must our defenses.”
“That’s why it’s critical to equip teams with platforms that are built for the speed and complexity of modern environments, that are AI-ready and rooted in real-time context. Security can’t rely on static scans or reactive playbooks anymore. It has to evolve in step with how systems are actually operating. That’s the future we’re building at Upwind: proactive, precise, and built for what’s next.”
