Cloud security startup raises big round as demand grows
Cloud security startup Upwind Security has become one of the most valuable newcomers in the sector after closing a $250 million Series B round that values the four‑year‑old company at $1.5 billion. The fundraising, led by Bessemer Venture Partners with participation from Salesforce Ventures and Picture Capital, follows a $100 million Series A in 2024 and caps a period of 900 percent year‑over‑year revenue growth. Upwind’s customers include Siemens, Peloton, Roku, Wix, Nextdoor and Nubank, and co‑founder and chief executive Amiram Shachar says those partnerships were hard‑won. In interviews, he recalls doubts early on about whether the market needed another security tool, whether companies would integrate it and whether a small Israeli startup could compete with established players. The team, made up largely of former DevOps engineers who previously built and sold cloud‑compute brokerage Spot.io to NetApp for about $450 million, struggled to convince chief information security officers to adopt something new. “People are used to installing agents on their machines, but they don’t like doing it,” Shachar said.

What sets Upwind apart is its “runtime” security philosophy. Rather than scanning cloud environments from the outside and bombarding administrators with generic alerts, Upwind’s platform monitors network traffic and API calls in real time to understand what is actually running and to prioritise alerts based on active threats. Shachar calls it an “inside‑out” approach that uses internal signals as context, reducing noise and allowing security teams to respond quickly to high‑risk vulnerabilities. Building such a system was challenging, because security teams often lack the authority to deploy software into production environments. Upwind spent years persuading customers that a broad, integrated platform would simplify, not complicate, their security operations. Those efforts are paying off. The new funding will help the company add features driven by artificial intelligence, extend protections closer to developers to prevent misconfigurations before code reaches production and expand beyond its core markets in the United States, United Kingdom and Israel into Asia and Australia. Shachar believes the shift toward containerised and serverless workloads makes traditional external scanning obsolete. “Inside‑out isn’t just an option; it’s the only way to solve the next generation of problems,” he says. As companies rely on cloud services and connect artificial‑intelligence agents to their infrastructure, Upwind and its competitors are betting that security must evolve from static monitoring to dynamic, context‑aware platforms.