Feed
Grid

Upwind brings Custom Detection Policies for APIs
Every API has a different risk profile. An internal billing endpoint and a public-facing authorization endpoint don't fail the same way. They don't get attacked the same way either. A generic ruleset can't account for that. Custom rules can, and now those rules can see sensitive data too. This new release brings two things together…

Complete KSPM: From Pull Request to Production Runtime
Kubernetes environments move fast. Workloads appear and disappear, container images change continuously, services are exposed, permissions evolve, and development teams deploy updates throughout the day. But most cloud security platforms force practitioners to investigate Kubernetes risk through interfaces designed for the broader cloud, leaving teams to manually filter the noise before they can begin investigating…

Revolutionizing Security Investigations with the Upwind MCP Server
Frontier AI models combined with a rampant rate of new critical vulnerabilities mean speed and context are everything. When a critical production service starts behaving suspiciously, every second spent jumping between different tools and dashboards is a second lost to a potential attacker. At Upwind, we are excited to introduce a game-changer for security teams:…

No npm Token Required: Inside the AsyncAPI Supply Chain Attack
Executive Summary Upwind identified a critical supply chain compromise across five npm packages in the @asyncapi scope, published on July 14, 2026 via two separate branch compromises in two GitHub repositories. The attacker never touched an npm token. They abused each project's own CI pipeline through GitHub Actions OIDC to publish the malicious packages. The…

AI Proves the Real Bottleneck Was Never Finding Vulnerabilities
Let this sink in: finding security vulnerabilities was never the bottleneck, vulnerability prioritization was. AI-scale discovery is about to make that impossible to ignore, and the teams that see it coming will pull ahead of the rest. Here's what kept me up this week. Anthropic ran a frontier model against some of the world's most…

Upwind gives you SBOM coverage across every cloud workload
Software supply chain risk doesn't stop at the container boundary. Most organizations still run a meaningful share of production workloads on virtual machines across legacy services, data pipelines, and infrastructure that was never containerized. The Upwind Platform creates SBOMs at runtime, delivering greater accuracy than build-time tools by continuously monitoring your live environment. Format adds…

Security AI Needs an Honest Scoreboard: What It’s Superhuman At, and Where It Comes Up Short
If you follow AI at all, you know the leaderboards. Every few weeks a model takes the top spot, and we all check where our favorite landed. But a leaderboard only tells you who's ahead, and it stays quiet about where any of those models still come up short. Which, conveniently, is the part that…

Find What Matters with Upwind Focus Mode
Focus Mode is now available in the Upwind platform, giving security teams a faster, more focused way to work. Instead of navigating across the platform, you can switch to Focus Mode to slice and dice the Upwind platform by Vulnerability Management, Cloud Security Posture, Attack Surface Management, Administration, or Threats, and starting next week, AI…

Introducing Early Advisories: Turn Emerging Threats into Action
We’re excited to introduce Early Advisories as part of the Upwind platform. Powered by Upwind's security research team, Early Advisories notify customers about emerging threats, including zero-days and supply chain attacks, before they receive a CVE identifier. Early Advisories are published directly into the Vulnerabilities module alongside CVE-based findings and automatically correlated with your live…

The Pyramid of Agents Is Also a Pyramid of Identities
Key Takeaways When Anthropic published its piece on recursive self-improvement, the line that traveled was the efficiency one. A 100-person company doing the work of a much larger one, because each person sits atop a pyramid of agents. It's a striking image, and it's probably right. But there's a second diagram hiding inside the first…

Protect Windows Workloads Wherever They Run
Windows workloads remain a critical part of modern cloud environments. From business applications and identity services to databases and internal tooling, Windows Server hosts often support some of the most important pieces of the enterprise stack. Upwind is extending runtime protection and visibility to Windows Server hosts running in private cloud and on-premises environments, including…

Realtime Data Security, Across Every Cloud
If you asked most security leaders where all of their data is flowing, which workloads and AI services are accessing it, and whether it's exposed, only a few could answer with confidence, and almost none would have the answer in real time.Not because that data is not available, but because it's scattered across multiple cloud…
Upwind brings Custom Detection Policies for APIs
Every API has a different risk profile. An internal billing endpoint and a public-facing authorization endpoint don't fail the same way. They don't get attacked the same way either. A generic ruleset can't account for that. Custom rules can, and now those rules can see sensitive data too. This new release brings two things together…

Latest

Complete KSPM: From Pull Request to Production Runtime
Kubernetes environments move fast. Workloads appear and disappear, container images change continuously, services are exposed, permissions evolve, and development teams deploy updates throughout the day. But most cloud security platforms force practitioners to investigate Kubernetes risk through interfaces designed for the broader cloud, leaving teams to manually filter the noise before they can begin investigating…

Revolutionizing Security Investigations with the Upwind MCP Server
Frontier AI models combined with a rampant rate of new critical vulnerabilities mean speed and context are everything. When a critical production service starts behaving suspiciously, every second spent jumping between different tools and dashboards is a second lost to a potential attacker. At Upwind, we are excited to introduce a game-changer for security teams:…

No npm Token Required: Inside the AsyncAPI Supply Chain Attack
Executive Summary Upwind identified a critical supply chain compromise across five npm packages in the @asyncapi scope, published on July 14, 2026 via two separate branch compromises in two GitHub repositories. The attacker never touched an npm token. They abused each project's own CI pipeline through GitHub Actions OIDC to publish the malicious packages. The…

AI Proves the Real Bottleneck Was Never Finding Vulnerabilities
Let this sink in: finding security vulnerabilities was never the bottleneck, vulnerability prioritization was. AI-scale discovery is about to make that impossible to ignore, and the teams that see it coming will pull ahead of the rest. Here's what kept me up this week. Anthropic ran a frontier model against some of the world's most…

Upwind gives you SBOM coverage across every cloud workload
Software supply chain risk doesn't stop at the container boundary. Most organizations still run a meaningful share of production workloads on virtual machines across legacy services, data pipelines, and infrastructure that was never containerized. The Upwind Platform creates SBOMs at runtime, delivering greater accuracy than build-time tools by continuously monitoring your live environment. Format adds…

Security AI Needs an Honest Scoreboard: What It’s Superhuman At, and Where It Comes Up Short
If you follow AI at all, you know the leaderboards. Every few weeks a model takes the top spot, and we all check where our favorite landed. But a leaderboard only tells you who's ahead, and it stays quiet about where any of those models still come up short. Which, conveniently, is the part that…

Find What Matters with Upwind Focus Mode
Focus Mode is now available in the Upwind platform, giving security teams a faster, more focused way to work. Instead of navigating across the platform, you can switch to Focus Mode to slice and dice the Upwind platform by Vulnerability Management, Cloud Security Posture, Attack Surface Management, Administration, or Threats, and starting next week, AI…

Introducing Early Advisories: Turn Emerging Threats into Action
We’re excited to introduce Early Advisories as part of the Upwind platform. Powered by Upwind's security research team, Early Advisories notify customers about emerging threats, including zero-days and supply chain attacks, before they receive a CVE identifier. Early Advisories are published directly into the Vulnerabilities module alongside CVE-based findings and automatically correlated with your live…

The Pyramid of Agents Is Also a Pyramid of Identities
Key Takeaways When Anthropic published its piece on recursive self-improvement, the line that traveled was the efficiency one. A 100-person company doing the work of a much larger one, because each person sits atop a pyramid of agents. It's a striking image, and it's probably right. But there's a second diagram hiding inside the first…

Protect Windows Workloads Wherever They Run
Windows workloads remain a critical part of modern cloud environments. From business applications and identity services to databases and internal tooling, Windows Server hosts often support some of the most important pieces of the enterprise stack. Upwind is extending runtime protection and visibility to Windows Server hosts running in private cloud and on-premises environments, including…

Realtime Data Security, Across Every Cloud
If you asked most security leaders where all of their data is flowing, which workloads and AI services are accessing it, and whether it's exposed, only a few could answer with confidence, and almost none would have the answer in real time.Not because that data is not available, but because it's scattered across multiple cloud…

Trust Is Full-Duplex
Key Takeaways A few weeks ago, Mira Murati's lab, Thinking Machines, put out a research preview of something they're calling interaction models. If you haven't seen it, it's worth your time. This is a serious effort from serious people, the kind of lab that trains a 276-billion-parameter model from scratch and stands up a whole…