Key Takeaways

  1. Upwind has raised a $250 million Series B round led by Bessemer Venture Partners, lifting total funding to about $430 million and valuing the company at roughly $1.5 billion.
  2. The runtime-first cloud security platform reports around 900% year‑over‑year revenue growth and 200% customer growth, now protecting millions of workloads for more than 150 enterprises worldwide.
  3. New capital will accelerate product expansion across AI, data and code, deepen runtime-powered CNAPP capabilities, and support global headcount growth beyond 300 employees across the US, UK and Israel.
  4. Upwind’s funding underscores the surge in demand for real-time, runtime-aware cloud security as enterprises shift critical and AI workloads into multi-cloud environments.

Quick Recap

Upwind, a San Francisco–headquartered, runtime-first cloud security startup, has secured a $250 million Series B round led by Bessemer Venture Partners, bringing its total funding to over $430 million and cementing its unicorn status at a reported $1.5 billion valuation. The company disclosed the raise in a real-time announcement on X (formerly Twitter), aligning with a concurrent blog post and press materials outlining its expansion plans in cloud and AI security.

Runtime-First Unicorn Doubles Down on AI-Era Cloud Threats

According to Upwind’s official announcement and accompanying BusinessWire release, the $250 million Series B was led by Bessemer Venture Partners, with Salesforce Ventures and Picture Capital joining as new investors alongside existing backers such as Greylock, Cyberstarts, Craft Ventures, TCV and others. The round lifts cumulative funding to roughly $430 million in under three years, making Upwind one of the best‑capitalized cloud security pure-plays in the market. TechCrunch and regional coverage in Israel also confirm that the financing pegs Upwind’s valuation at around $1.5 billion, officially placing it in unicorn territory.

Upwind positions itself as a runtime-powered cloud security platform and next‑generation CNAPP (Cloud-Native Application Protection Platform), using eBPF-based sensors and runtime telemetry to correlate vulnerabilities, misconfigurations, identity risk and live threats across cloud workloads, containers, serverless and APIs. Unlike traditional, configuration-only CSPM tools, Upwind emphasizes “signal over noise,” claiming it can cut alert noise by roughly 95% while letting teams trace root cause up to 10x faster. The company says it has achieved around 900% revenue growth and 200% customer base expansion over the past year, with its platform now securing millions of workloads for global brands including Siemens, Roku, Nubank, Agoda, Peloton and others.

With the new funding, Upwind plans to accelerate its roadmap across three dimensions: data, AI and code. That includes deepening AI-powered detections within its core runtime security engine, expanding data and API security capabilities, and pushing its real-time insights “closer to developers” to prevent misconfigurations and exploitable issues before they reach production. The company also intends to scale go‑to‑market operations and customer support as it grows its presence in North America, Europe and Asia-Pacific.

Why This Round Matters in the Cloud Security Arms Race?

Investors describe cloud security as one of the largest and fastest-growing segments within cybersecurity, with the shift to AI-heavy, data‑intensive cloud workloads exposing limitations of legacy, static tooling. Upwind’s “runtime-first” philosophy reflects a broader market conviction that meaningful defense now requires continuous observation of what workloads are actually doing in production—rather than occasional scans of infrastructure-as-code or configuration baselines. This approach is particularly resonant as enterprises race to deploy generative AI and real-time applications in multi-cloud environments, where misconfigurations, exposed identities and live exploit paths can change by the minute.

The competitive field around Upwind is crowded, with established CNAPP players like Wiz, Prisma Cloud, Lacework and others still dominating large enterprises, while a newer wave of runtime‑driven and AI‑augmented platforms battle for mindshare. In this newer cohort, investors and analysts often mention Upwind alongside Sweet Security and Skyhawk Security—young companies similarly focused on runtime telemetry, AI‑driven detection and reducing SOC alert fatigue. Against that backdrop, a $250 million Series B signals not just confidence in Upwind’s product, but an expectation that the runtime-first subcategory will be a long‑term structural pillar of cloud defense, not a niche add‑on.

Competitive Landscape 

Upwind vs. Runtime-First Cloud Security Rivals

Below is a high-level feature comparison between Upwind and two similarly focused competitors, Sweet Security and Skyhawk Security.

Feature / MetricUpwindSweet SecuritySkyhawk Security
Core positioningRuntime-first CNAPP for cloud and AI workloads, unifying CSPM, CWPP, CDR, identity and API securityRuntime-powered CNAPP with strong focus on AI-driven detection, vulnerability management and posture controlCloud Threat Detection & Response (CDR) with autonomous “purple team” and AI-based breach prevention
Primary customersEnterprises running large-scale, multi-cloud and AI workloads needing unified runtime visibilityCloud-native enterprises seeking deep runtime detection, especially across Linux and Windows workloadsOrganizations prioritizing proactive attack simulation and verified runtime alerts in public cloud
Context WindowNot a language model; provides runtime context across workloads, identities, data and APIs in cloud environmentsNot a language model; correlates runtime telemetry, cloud audit logs and identity behavior for investigationsNot a language model; maintains multi-layer behavioral models over customer clouds for real-time attack sequences
Pricing per 1M TokensNot applicable; enterprise pricing based on cloud environment scale, not token usage (no public rate cards)Not applicable; enterprise subscription model, details not publicly disclosed (no token-based pricing)Not applicable; SaaS security platform with enterprise pricing, not metered by tokens (undisclosed)
Multimodal SupportMulti-signal: runtime data, configuration, identity, vulnerabilities and API traffic, but not media multimodalityMulti-signal: runtime telemetry, Layer 7 traffic, vulnerabilities, identities and compliance signalsMulti-signal: runtime behavior, cloud logs, digital-twin simulations and attack-path analytics
Agentic CapabilitiesAutomated response workflows and context-aware prioritization to help teams remediate critical risks fasterLLM-driven detection engine, automated investigations and runtime-native correlation to cut alert noiseAI-powered Autonomous Purple Team that continuously simulates attacks, validates detections, and responses

Upwind appears to lead on breadth of unified CNAPP capabilities and proven enterprise traction, making it an attractive “platform anchor” for organizations seeking one runtime-first control plane across posture, workloads, identities and APIs. Sweet Security and Skyhawk Security, meanwhile, differentiate through deeper focus on AI‑driven detection and autonomous purple‑team style simulations respectively, which can complement or compete with Upwind in environments where customers prioritize advanced investigations or proactive breach prevention over platform consolidation

TechViral’s Takeaway

From TechViral’s perspective, this raise is decisively bullish for the runtime-first corner of the cloud security market and for enterprise buyers grappling with AI‑era risk. A $250 million Series B at a unicorn valuation, paired with 900% revenue growth and rapid customer expansion, signals that runtime-powered CNAPP is moving from “interesting innovation” to a mainstream architectural pillar for cloud defence. For security leaders, the practical takeaway is straightforward: budget cycles are likely to tilt further toward platforms that combine real-time workload telemetry, identity context, and automated response, and Upwind now has both the capital and investor pressure to race ahead on that front. If execution keeps pace with expectations, this funding round could accelerate a broader industry shift away from static, configuration-only security and toward continuously observed, AI-informed cloud protection that treats runtime as the primary source of truth.

LinkedInCopy
Sources
Businesswire Techcrunch UpWind WSJ UpWind FinTech Global UpWind
Joseph D'Souza
Joseph D'Souza

Joseph D'Souza co-founded TechViral.News as a personal project to share his insights and experiences with tech gadgets. Over time, it has evolved into a respected tech blog, known for its in-depth coverage of technology trends, smartphone reviews, and app-related statistics. Joseph is also an expert in fintech, with a focus on AI applications in the industry, as well as blockchain and cryptocurrency technologies. His passion for technology drives him to explore emerging trends and provide valuable analysis for his readers.

More Statistics