Upwind raises $250M in $1.5B valuation to continue building ‘runtime’ cloud security

On the surface, Upwind Security looks like it’s had a smooth ride so far. Just four years since its inception, the cloud security startup is now worth $1.5 billion, and boasts the likes of Siemens, Peloton, Roku, Wix, Nextdoor and Nubank among its clients. But if you ask the company’s founder and CEO Amiram Shachar, the journey to get here was sure.

“Three years ago, we were spending hours wondering if we were headed in the right direction, and 80% of the time, it felt like we weren’t,” a soliloquitic Shachar told TechCrunch in an interview following a recent $250 million Series B round.

“In the beginning, we always asked if the market needed our solution, if it would be too difficult to integrate large systems, or if customers would accept it,” he recalled. Inventing a new method was difficult; people are used to putting some agents in machines, but they don’t like to do it.

Upwind likes to call that approach “protection”: Prioritizing alerts and remediation efforts about threats and vulnerabilities in active services in real time. As Shachar puts it, “inside-out” is taking cloud security, where internal signals like network requests and API traffic work as a core to help security teams distinguish urgent risks from those that can wait.

Developing that approach wasn’t easy, however, as Shachar and his co-founders didn’t have a traditional background in security: they first built and sold a cloud compute brokerage called Spot.io, to NetApp for about $450 million in 2020.

“After joining NetApp for Spot acquisition, I saw firsthand how difficult cloud security is,” said Shachar. “The security team would scan our environment and report issues, but they lacked critical context. Coming from a DevOps background, we (Shachar and his team) had a deep understanding of the infrastructure, while security teams often didn’t know how APIs were exposed or which packages were running. As a result, they flagged many issues that weren’t real risks.”

But Shachar and his team felt they had a better understanding of cloud environments because they were running them. “The best way was a passive, ‘outside’ model where you explore places outside,” he explained. “It’s easy to install, but it makes a lot of noise because you can see what’s visible outside.”

The team realized that the context provided by internal signals can be very useful for security teams, as they will be able to see what is happening on the network, in real time. But selling their new take on cloud security has been a challenge, as security teams often lack the permission to integrate software into and automate most traditional tools.

So selling Upwind took time. “It wasn’t clear at first, and there was a lot of uncertainty; customers were reluctant,” Shachar said.

“But we saw something that others did not see,” he explained. “Inside-out is not an advanced option; it’s the only way to solve the next generation of problems. With ad-hoc infrastructure like containers, serverless workloads, AIs talking to each other, and data constantly flowing through APIs, you can’t map this from the outside. It has to be inside.”

Nevertheless, the company had to deal with an overcrowded security market. Security teams were already overwhelmed by the number of tools, and customers didn’t want multiple products to manage cloud security. “From the beginning, it was clear that Upwind would need to build a comprehensive, integrated platform,” Shachar said. Otherwise, customers will not share or allow us to use our technology.”

The company’s concept eventually spoke to its target customers: large, data-intensive organizations with large cloud footprints. Starting with a $100 million Series A in 2024, Upwind has grown rapidly, posting 900% annual revenue growth and doubling its customer base. The company has also expanded from its core markets of the US, UK and Israel to emerging markets including Australia, India, Singapore and Japan.

The $250 million Series B was led by Bessemer Venture Partners, with participation from Salesforce Ventures and Picture Capital. The new money will be used for product development and go-to-market, and the startup plans to invest its AI security capabilities within its cloud security platform and “extend its approach closer to developers to help prevent errors before they reach the product.”