Upwind Security just closed a massive $250 million Series B at a $1.5 billion valuation, cementing its place among cloud security's fastest-rising startups. Led by Bessemer Venture Partners, with participation from Salesforce Ventures and Picture Capital, the round comes just over a year after the company's $100 million Series A and follows 900% year-over-year revenue growth. The four-year-old startup is betting big on what it calls 'runtime' security - an inside-out approach that monitors active cloud services in real time rather than scanning from the outside.
Upwind Security is having a moment. The cloud security startup just banked $250 million at a $1.5 billion valuation, barely four years after its founding. But CEO and co-founder Amiram Shachar isn't celebrating the way you'd expect. Instead, he's candid about how uncertain the journey's been.
"Three years ago, we would spend hours asking ourselves if we were heading in the right direction, and 80% of the time, it felt like we weren't," Shachar told TechCrunch in an interview following the Series B announcement. "At the beginning, we constantly questioned whether the market needed our solution, whether it would be too hard to integrate into larger systems, or if customers would adopt it."
The $250 million round was led by Bessemer Venture Partners, with participation from Salesforce Ventures and Picture Capital. It's a significant vote of confidence in Upwind's approach to cloud security - what the company calls "runtime" security. The concept is straightforward but represents a fundamental shift: instead of scanning cloud environments from the outside, Upwind monitors what's actually happening inside active services in real time.
Shachar describes it as an "inside-out" model where internal signals like network requests and API traffic provide the context security teams need to separate genuine threats from false alarms. It's a departure from traditional agentless scanning, which he argues creates too much noise because it can only see what's visible externally.
The approach wasn't an obvious winner from the start. Shachar and his co-founders didn't come from traditional security backgrounds. They previously built and sold Spot.io, a cloud compute brokerage, to NetApp for around $450 million in 2020 according to Blocks and Files. It was during his time at NetApp post-acquisition that Shachar experienced the pain points firsthand.
"The security team would scan our environment and report issues, but they lacked critical context," he explained. "Coming from a DevOps background, we understood the infrastructure deeply, while security teams often didn't know how APIs were exposed or which packages were running. As a result, they flagged many issues that weren't real risks."
That insight led to Upwind's founding premise: if you're running the infrastructure, you have better visibility than anyone scanning from the outside. But selling that vision proved harder than expected. Security teams typically lack permission to deploy software internally and default to tools they already know. Early customer conversations were tough.
"It wasn't clear at first, and there was a lot of uncertainty; customers were hesitant," Shachar admitted. "Developing a new approach was difficult; people are used to installing certain agents on machines, but they don't like doing it."
But Upwind's team believed they'd spotted something the market was missing. "Inside-out isn't an advanced option; it's the only way to solve the next generation of problems," Shachar said. "With ephemeral infrastructure like containers, serverless workloads, AI agents talking to each other, and data constantly moving through APIs, you simply can't map this from the outside. It has to be inside."
The company also faced the challenge of an overcrowded security market. Security teams were already drowning in tools, and the last thing they wanted was yet another point solution. "From the beginning, it was clear that Upwind would need to build a broad, integrated platform," Shachar noted. "Otherwise, customers wouldn't engage or allow us to deploy our technology."
Eventually, the logic clicked with Upwind's target audience: large, data-intensive organizations with substantial cloud footprints. Companies like Siemens, Peloton, Roku, Wix, Nextdoor and Nubank signed on. Since its $100 million Series A in 2024, the company has posted 900% year-over-year revenue growth and doubled its customer base.
Geographic expansion has been equally aggressive. Beyond its core markets in the U.S., U.K. and Israel, Upwind has pushed into Australia, India, Singapore and Japan. The fresh $250 million will fuel more product development and go-to-market initiatives, with particular focus on AI security capabilities and developer-focused tools designed to catch misconfigurations before they reach production.
The timing makes sense. As cloud environments grow more complex with the proliferation of containers, serverless architectures and AI workloads, traditional perimeter-based security struggles to keep up. Upwind's bet is that runtime visibility - seeing what's actually executing in production - becomes not just useful but essential.
It's a steep valuation jump from the $900 million valuation at Series A just 14 months ago, but the growth metrics appear to justify investor enthusiasm. With Bessemer leading the round, Upwind gains a partner with deep experience scaling enterprise security companies.
For Shachar, the validation is sweet but the mission remains unfinished. The company plans to extend its platform closer to developers, aiming to shift security left while maintaining the runtime intelligence that sets it apart. In a market where everyone claims to be solving cloud security, Upwind's inside-out approach is finally gaining traction with customers who've tried everything else.
Upwind's $250 million raise at a $1.5 billion valuation signals that runtime cloud security is moving from niche approach to mainstream necessity. As cloud environments grow increasingly complex with AI workloads, serverless architectures and ephemeral infrastructure, the company's inside-out monitoring model addresses blind spots that traditional scanning can't reach. With 900% revenue growth and enterprise clients already on board, Upwind's bet on runtime visibility appears to be paying off just as the market realizes that securing modern cloud infrastructure requires seeing what's actually executing in production, not just what's visible from the perimeter.
