Upwind Launches Groundbreaking Dynamic Exposure Validation Engine, with Runtime Evidence as the New Standard for Cloud Security Posture

SAN FRANCISCO--(BUSINESS WIRE)--Upwind, a next-generation cloud security leader, announced today the launch of its Exposure Validation Engine, a first-of-its-kind capability that brings dynamic, real-time validation into the Cloud Security Posture Management (CSPM) layer. This innovation enables security, engineering, and compliance teams to validate live cloud exposures with precision in real-world conditions.

The announcement coincides with Upwind’s recognition on the 2026 Fortune × Lightspeed Cyber 60 List, which recognizes leading venture-backed cybersecurity companies shaping the future of security.

“Cloud security teams are tasked to do the impossible, to protect digital assets in ever changing cloud environment.” said Amiram Shachar, CEO and Co-founder of Upwind. “Our job is to simplify the work of cloud security leaders with more clarity, evidence-backed findings and precision. With this new Exposure Validation Engine, cloud security posture and exposure management moves from a noisy, reactive process to a precise, evidence-driven workflow so security teams could drive organizational impact faster.”

Redefining Cloud Exposure Management
At the core of the new dynamic CSPM capability is an AI-based validation framework that fuses configuration analysis with live exposure and reachability testing to test cloud exposures the way attackers would. It introduces external reachability checks that probe live internet paths to confirm whether assets are truly accessible and exploitable.

In the first two weeks of testing, Upwind safely identified tens of terabytes of sensitive data exposed by Fortune 2000 organizations, including AI models, datasets, and entire disks, demonstrating the widespread and unseen nature of real-world exposures, many of which had gone undetected by traditional CSPMs.

By validating each potential exposure in real time under attacker-simulated conditions, Upwind provides the first CSPM experience that turns theoretical posture data into verified, evidence-based risk intelligence. Each exposure includes step-by-step evidence, reproducible commands, and structured outputs for full transparency.

The result is a clear, evidence-driven workflow that replaces guesswork with precision. This approach has shown a 90% reduction in false positives, cutting noisy misconfiguration alerts down to help teams focus only on exposures that are truly exploitable.

Built for High-Volume, High-Stakes Environments
Upwind’s dynamic CSPM is purpose-built for teams operating complex, high-volume cloud environments where misconfigurations are frequent and context is critical. Whether managing sprawling multi-cloud environments or navigating compliance demands, the Exposure Validation Engine helps organizations:

• Security Teams: Eliminate alert fatigue by validating which findings are genuinely exploitable to prioritize real risks

• Engineering Teams: Validate and fix issues faster with reproducible, step-level commands that make it simple to confirm and remediate issues quickly without guesswork

• Compliance Teams: Generate audit-ready evidence for every validation performed, giving regulators and auditors clear proof of control effectiveness

Upwind’s dynamic validation engine marks a major milestone in Upwind’s mission to deliver certainty in cloud security, making it the first to integrate configuration analysis with real-time, runtime validation. With this advancement, Upwind sets a new standard as the first CSPM to deliver runtime-first validation across the entire posture management layer.

“Upwind is not just a security tool - it’s a platform that makes our engineering, security, and audit teams faster and more effective,” said Aman Sirohi, SVP & Chief Security Officer at People.AI.

Upwind’s Continued Growth Momentum

The launch of Upwind’s Exposure Validation Engine follows a year of record expansion for the company. Now serving over 200 enterprise customers, including Peloton, Bill, Fiverr, and Agoda, Upwind has achieved over 4,000% revenue growth between 2024 and 2025, underscoring how its runtime-first approach has evolved from early adoption to an industry standard.

Upwind’s momentum continues with its second consecutive inclusion on the 2026 Fortune × Lightspeed Cyber 60 list, spotlighting the most promising venture-backed cybersecurity companies shaping the industry’s future. Upwind has also been recognized by Gartner in multiple 2025 Hype Cycles and the Market Guide for CNAPP, recognized in the Forrester CNAPP Solutions Landscape 2025, and named a two-time leader in Cloud Security and CADR in the Latio 2025 cloud security report. Together, these milestones highlight Upwind’s continued leadership in runtime-first security and its growing role in defining the next generation of cloud protection.

Today, Upwind protects more than 200 enterprises and validates millions of cloud assets daily, as its runtime-first approach continues to set the pace for modern security.

About Upwind

Upwind is the next-generation cloud security platform built to lead the runtime revolution. With rapid momentum and a bold vision to unify cloud and application-layer protection, Upwind helps organizations run faster, detect threats earlier, and secure their environments with unmatched precision. Upwind was founded by Amiram Shachar and his founding partners from Spot.io (which was sold to NetApp for $450 million) and is backed by top cybersecurity investors Greylock, Cyberstarts, Leaders Fund, Craft Ventures, Cerca Partners, and Sheva, a VC fund founded by former NBA player Omri Casspi. The company has secured $180 million in funding since its founding in 2022. For more information or to schedule a demo and see the future of runtime security firsthand, visit www.upwind.io.