Executive Summary Our research team identified a sophisticated supply chain attack targeting SAP Cloud Application Programming (CAP) framework packages. The campaign demonstrates advanced techniques for compromising trusted publishing pipelines and injecting malicious code directly into enterprise CI/CD workflows. The activity has been attributed to TeamPCP, a financially motivated threat actor known for large-scale supply chain […]

TL;DR: Time-to-Exploit (TTE), the gap between vulnerability disclosure and first observed exploitation, has gone negative. Mandiant’s M-Trends 2026 report shows attackers now exploit vulnerabilities, on average, before a patch is publicly available and we see the same in running environments. That breaks the foundational assumption every legacy CNAPP architecture was built on — that defenders […]

Security teams need confidence that the cloud environments they rely on are covered. In fast-moving organizations, that confidence can be difficult to maintain as new accounts are added, workloads shift, and infrastructure changes across teams, regions, and providers. Upwind now makes it easier to validate cloud security coverage across connected cloud accounts and runtime sensors. […]

Everyone is catastrophizing about AI-powered attacks. Here’s the contrarian case, and why the window is narrower than it looks. TL;DR: The prevailing narrative at Black Hat 2025 was that AI has made attackers unstoppable. The most credentialed voice in the room said the opposite, and the data backs him up. The Mythos release through Project […]

Notes on the Vercel / Context.ai OAuth incident, and how Upwind stands with its community through moments like these. On April 19, Vercel disclosed a security incident stemming from a compromise of a third-party AI tool, Context.ai, whose Google Workspace OAuth application was abused by an attacker. A Vercel employee signed into Context.ai using their […]

Key Takeaways Anthropic’s Mythos model has been called a cybersecurity watershed and a marketing stunt in the same week. Both camps have a point. Mythos appears to represent a real capability gain, and Anthropic deserves credit for releasing it through Project Glasswing rather than dropping it in the wild. At the same time, independent replication […]

The AI security industry is calling 2025 the new 1990s. The uncomfortable truth is that we predicted every mistake we’re making right now — and made them anyway. TL;DR: AI security in 2025 is repeating the same structural mistakes that made the early internet a golden age for hackers — not because the industry forgot […]

Cloud security teams are expected to move fast. They need to investigate issues quickly, answer leadership questions clearly, and stay ahead of risk across environments that keep growing more complex. But in many organizations, too much time is still spent on work that does not reduce risk. Before a team can investigate an issue, they […]

There’s increased friction happening inside security teams right now. It’s not a new vulnerability or an active breach. It’s the weight of context-switching, the hours spent translating raw logs, JSON payloads, detection logic, and technical alert data into something a human can actually act on. Leaders already know this problem. The answer isn’t more dashboards […]

Cloud environments don’t care about your org chart, and neither do attackers. Whether your workloads run on AWS, Azure, or GCP, your security team needs to investigate threats, query inventory, and understand risk without mentally translating between three different provider schemas. That translation work is slow, error-prone, and reduces time to remediation. Today, we’re excited […]