There’s a quiet assumption baked into most cloud security tooling today: that the stuff worth protecting lives at the infrastructure layer. Processes, packets, signatures.
Upwind’s CEO Amiram Shachar published a detailed post this week that challenges that assumption- and backs it up with product expansion.
The argument is direct: AI security can’t be a standalone checkbox. It has to run through every layer of how you already think about cloud risk.
For years, runtime security was about watching what ran on your machines – process behavior, network flows, known malware patterns. That lens is still great, but there is more to it.
The “new” type of exposure has migrated up the stack. When an AI agent fires off a task, it’s making API calls, receiving prompts, hitting MCP servers, pulling from vector datastores, and returning payloads – each handoff a potential entry point. The interesting activity is now happening in the application payload itself.
AI infrastructure has exploded in surface area with remarkable speed. AWS Bedrock, Azure AI Foundry, Vertex AI, self-hosted open-source models, custom agents, MCP servers, knowledge bases, inference endpoints — and teams across organizations are deploying all of it, often without security teams having any meaningful visibility.
Upwind’s response is an AI inventory layer designed to map not just what exists, but how everything connects. In practice: a Bedrock Agent surfaces alongside its underlying model, its guardrail status, its last invocation time, and the non-human identity it operates under. Datastores feeding AI workloads get flagged for PII and PHI exposure. MCP servers show their authentication method and whether they’re publicly reachable.
That last detail matters. Shachar specifically flags publicly exposed MCP gateways in degraded states as a high-value attacker target – and given how fast MCP adoption is moving, that’s not a theoretical concern.
While runtime is at the core of it all, Upwind also discussed shift-left security in detail.
Shift-left security isn’t a new idea. What is new is what it’s up against. AI-assisted development has changed the character of code review: higher velocity, more sources, faster merge cycles, and dependencies pulled in automatically. The challenge isn’t just volume – it’s that the assumptions baked into traditional scanning tools were built for human-authored code.
Upwind points to its own research as a concrete illustration: the Shai-Hulud campaign involved a compromised package that traveled through the supply chain and into build pipelines – exactly the kind of threat that requires scanning capabilities rearchitected for this new reality.
The company is already previewing its next move: securing AI endpoints – the actual point where prompts and responses cross the wire – with a private preview open for registration now.
The larger bet Upwind is making is that the security industry is still treating AI as a niche problem, a new category to bolt on rather than a dimension that reshapes every existing risk. The substance here – AI inventory, runtime behavioral baselines, supply chain scanning rebuilt for agentic workflows – makes a more coherent case for that view than most vendors are currently offering.
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.