Upwind, the next-generation Wiz, now covers every aspect of the AI stack.

      Upwind has just announced a new product today, indicating a significant change in the company's approach to AI risk. CEO Amiram Shachar shared a detailed post this morning outlining Upwind’s “Security for AI” thesis, which complements their earlier focus on agentic AI capabilities. The main point is straightforward: AI security cannot be treated as a separate product category that can be added on; it must be integrated into every layer of cloud security, from the code pipeline to runtime.

      The attack surface has shifted

      One of the most compelling aspects of Shachar’s discussion is his assertion about where real threats are now occurring. Traditional runtime security has historically focused on process execution, malware signatures, and network flows, but this is increasingly inadequate. The significant threat activity has transitioned to the application layer, comprising APIs, payloads, prompts, and the multitude of MCP calls made by a single AI agent to complete tasks. When a model processes a prompt, invokes a tool, interacts with an MCP server, retrieves data, and sends a payload, each step in this sequence presents a potential vulnerability. Threats such as prompt injection, data leaks, and overly permissive tool calls cannot be detected merely by monitoring data packets.

      The inventory challenge is now crucial

      A practical point in the announcement highlights the issue of cloud inventory. With numerous ways to leverage AI in the cloud through managed services like AWS Bedrock, Azure AI Foundry, and Vertex AI, along with self-hosted open-source models, custom agents, MCP servers, knowledge bases, and inference endpoints, the landscape is complex. Teams across organizations are continually deploying these resources, often without the security teams being aware. Upwind’s solution is an AI inventory layer that goes beyond a simple resource list to illustrate the connections, dependencies, and risks among various components.

      In practice, this means that every Bedrock Agent, Azure OpenAI Assistant, and self-hosted agent will be listed along with the underlying model, indicating whether it has guardrails enabled, its last usage timestamp, and its non-human operating identity. Datastores that support AI tasks will be flagged for PII, PHI, and exposed secrets, while MCP servers will display their authentication method and status regarding public versus private exposure. Shachar specifically mentions publicly exposed MCP gateways in a vulnerable state as prime targets for attackers, and with the rapid rise of MCP adoption, this is a pressing concern.

      Shift left isn’t obsolete; it just needs to accelerate

      On the coding front, Upwind is enhancing its scanning capabilities to match the pace of AI-generated code, which presents a fundamentally different challenge compared to reviewing human-written commits. The speed has increased significantly, with code coming from more sources, being merged quicker, and automatically pulling in additional dependencies. The company references its research team’s investigation into the Shai-Hulud campaign, a compromised package that traversed the supply chain into build pipelines, showcasing the nature of this threat landscape.

      What lies ahead

      Upwind is indicating that more developments are on the way. The next phase involves securing AI endpoints themselves, the juncture where prompts and responses are transmitted, with a private preview already available for registration.

      Overall, Upwind is positioned to change the perception that the security industry has regarding AI, suggesting it is still seen as a minor concern—a new checkbox rather than an integral thread in every existing risk category. Regardless of whether one adheres to that perspective, the substantive offerings include inventory management, runtime behavioral baselines, and supply chain scanning designed for the agentic era. This presents a more coherent AI security narrative compared to what most vendors are currently offering.