The newly released ISMG 2025 CNAPP Market Guide doesn’t just map the rapid evolution of cloud-native security – it highlights the vendors defining its future. Among the 19 platforms evaluated, Upwind stands out as one of the clearest examples of where the market is heading: runtime-powered, AI-driven, and built for the speed and complexity of […]

The newly uncovered “Shai Hulud 2.0”, also known as sha1-hulud, campaign is one of the most aggressive npm supply-chain attacks to date. Unlike the earlier, more contained incident, this wave introduces a fully automated worm that rapidly spreads across maintainers, repositories, and dependency graphs. More than 25,000 repositories tied to hundreds of developers have already […]

The QKS Group 2025 SPARK Matrix™: Cloud Native Application Protection Platform report captures a shift that many security engineering teams have been anticipating for years. Cloud environments have become too dynamic, too identity-driven, and too interconnected for configuration-centric CNAPP tools to keep pace. According to QKS Group, the vendors advancing most quickly are those that […]

A deep dive into architectures, trade-offs, and total cost of ownership Agentless cloud scanning has become a foundational capability for cloud-native security. By connecting directly to cloud provider APIs, organizations gain near-instant visibility into configurations, assets, and vulnerabilities without deploying agents or modifying workloads. The operational appeal is clear: agentless scanning reduces friction for DevOps, […]

We’re thrilled to announce that Upwind now automatically posts concise, runtime-informed vulnerability feedback directly on GitLab merge requests when enabled in your CI/CD pipeline. Developers spend most of their time in merge requests, where they also need security context. As part of our Shift Left capabilities, Upwind brings prioritized, contextual findings into the GitLab review […]

Modern cloud environments generate an overwhelming volume of configuration and security alerts, leaving teams struggling to separate signal from noise. Manually investigating and remediating critical risks slows response times and increases exposure. Together, Upwind and Tines solve this by combining Upwind’s runtime-powered insights, findings, and detections with Tines’ intelligent workflow platform—allowing teams to detect, prioritize, […]

Organizations today face mounting pressure to manage vulnerabilities across increasingly complex cloud environments and software supply chains. According to Gartner, 45% of organizations worldwide will have experienced attacks on their software supply chains by 2025, a threefold increase from 2021. This surge highlights the need for proactive, integrated security solutions that not only uncover vulnerabilities […]

In today’s fast-paced cloud environments, risks and threats evolve by the minute, and teams closest to the code and infrastructure need the ability to understand their security posture, but also the flexibility of taking ownership of how to prioritize and remediate any given risk. In order to do so, security professionals need a way to […]

Upwind is advancing federal cloud security with the pursuit of FedRAMP Moderate Equivalency, in partnership with Coalfire, the leading FedRAMP advisor and assessor. This milestone clears the way for the enterprises, integrators, and software vendors that serve government agencies to deliver live runtime protection with the compliance assurances their customers demand. By working with Coalfire […]

We’re excited to announce that Upwind now supports the NIST Cybersecurity Framework, giving organizations a faster and more effective path to achieving compliance across their environments. With this release, all Upwind customers can map their entire cloud and containerized infrastructure to NIST controls in a single day, gaining instant visibility into alignment, gaps, and risk. […]