From the outside, Upwind Security appears to have had a smooth ride so far. Just four years later, the cloud security startup is now worth $1.5 billion and counts Siemens, Peloton, Roku, Wix, Nextdoor and Nubank among its clients. But if you ask Amiram Shachar, the company’s co-founder and CEO, the path to get here was anything but certain.
“Three years ago, we spent hours wondering if we were going in the right direction, and 80% of the time it felt like we weren’t,” Shachar told TechCrunch candidly in an interview following the startup’s recent $250 million Series B round.
“In the beginning, we constantly wondered whether the market needed our solution, whether it would be too difficult to integrate into larger systems, or whether customers would adopt it,” he recalls. “Developing a new approach was difficult; people are used to installing certain agents on machines, but they don’t like to do it.”
Upwind likes to call this approach “runtime” security: prioritizing alerts and remediation efforts around threats and vulnerabilities in live services in real time. As Shachar puts it, this is an “inside-out” view of cloud security, where internal signals like network requests and API traffic work as context to help security teams separate urgent risks from those that can wait.
However, developing this approach wasn’t easy because Shachar and his co-founders didn’t have a traditional security background: They first built and sold a cloud computing brokerage called Spot.io, to NetApp for approximately $450 million in 2020.
“After joining NetApp after the Spot acquisition, I saw firsthand how difficult cloud security is,” Shachar said. “The security team was analyzing our environment and reporting issues, but they lacked critical context. Coming from a DevOps background, we (Shachar and his team) had a deep understanding of the infrastructure, while the security teams often didn’t know how APIs were exposed or what packages were running. As a result, they reported many issues that didn’t pose real risks.”
But Shachar and his team felt they had a better understanding of cloud environments because they were running them. “The dominant approach was agentless, an ‘outside-in’ model where you analyze environments from the outside,” he explained. “It’s easy to deploy, but it creates a lot of noise because you only see what’s visible from the outside.”
Techcrunch event
Boston, Massachusetts
|
June 23, 2026
The team realized that the context provided by internal signals would be more useful to security teams because they could see what was happening on the network, in real time. But selling their new approach to cloud security has proven difficult, because security teams often don’t have permission to deploy software internally and default to more traditional tools.
So Upwind sales took a while. “At first it wasn’t clear and there was a lot of uncertainty; customers were hesitant,” Shachar said.
“But we saw something that others didn’t see,” he said. “Inside-out is not an advanced option; it’s the only way to solve the next generation of problems. With ephemeral infrastructure like containers, serverless workloads, AI agents talking to each other, and data constantly flowing through APIs, you just can’t map that from the outside. It has to be on the inside.”
Still, the company faced a crowded security market. Security teams were already overwhelmed by the number of tools, and customers didn’t want multiple products just to manage cloud security. “From the beginning, it was clear that Upwind would need to build a broad, integrated platform,” Shachar said. “Otherwise, customers would not engage or allow us to deploy our technology. »
The company’s logic ultimately appealed to its target customers: large, data-intensive organizations with a significant cloud footprint. Since his $100 million Series A in 2024Upwind has grown rapidly, posting 900% year-over-year revenue growth and doubling its customer base. The company has also expanded from its core markets in the US, UK and Israel to emerging markets including Australia, India, Singapore and Japan.
The $250 million Series B round was led by Bessemer Venture Partners, with participation from Salesforce Ventures and Picture Capital. The new money will be used for product development and go-to-market, and the startup plans to invest in its AI security capabilities within its core cloud security platform and “expand its approach closer to developers to help prevent misconfigurations before they reach production.”
