Upwind, the next-generation Wiz, now encompasses every aspect of the AI stack.

      Upwind announced a new product today, indicating a significant change in the company’s perspective on AI risk. CEO Amiram Shachar shared an extensive post this morning detailing Upwind’s “Security for AI” thesis, which complements their prior initiatives focused on agentic AI capabilities. The main point is straightforward: AI security cannot be viewed as an isolated product category; it must be integrated into every layer of existing cloud security, from the code pipeline to runtime.

      The attack surface has shifted. Shachar's most compelling argument pertains to where real threats now arise. Traditional runtime security has historically monitored process execution, malware signatures, and network flows. However, this approach is becoming outdated. The critical threat landscape has shifted to the application layer, encompassing APIs, payloads, prompts, and the multitude of MCP calls that a single AI agent generates to accomplish a task. Each stage in the process—when a model receives a prompt, invokes a tool, accesses an MCP server, retrieves data from a datastore, and delivers a payload—represents a potential exposure point. Issues like prompt injection, data leakage, and over-permissioned tool calls go unnoticed when merely observing packets.

      The inventory issue has become crucial. There are now numerous ways to utilize AI in the cloud, through managed services like AWS Bedrock, Azure AI Foundry, and Vertex AI, as well as self-hosted open-source models or custom agents, MCP servers, knowledge bases, and inference endpoints. Teams throughout an organization are frequently launching these services, often without any visibility from the security team. Upwind’s solution is to implement an AI inventory layer that does more than just provide a simple resource list; it maps relationships, dependencies, and risks among components.

      In practical terms, this means that every Bedrock Agent, Azure OpenAI Assistant, and self-hosted agent is displayed alongside its underlying model, indicating whether guardrails are enabled, the timestamp of the last invocation, and the non-human identity it operates under. Datastores supporting AI workloads will be flagged for PII, PHI, and exposed secrets. MCP servers will reveal their authentication methods and their public/private exposure status. Shachar points out that publicly accessible MCP gateways in a vulnerable state are prime targets for attackers, and given the rapid adoption of MCPs, this is a pressing concern.

      The concept of shifting left is not obsolete; it simply needs to accelerate. On the coding front, Upwind is enhancing its scanning capabilities to keep up with the speed of AI-generated code, which presents a distinct challenge compared to reviewing human-written commits. The pace has dramatically increased, with more code being sourced from a variety of origins, merged rapidly, and automatically pulling in additional dependencies. The company cites its research team’s findings on the Shai-Hulud campaign, a compromised package that infiltrated the supply chain and entered build pipelines, as an illustration of this evolving threat landscape.

      What lies ahead? Upwind is hinting at further developments. The next step involves securing AI endpoints—the juncture where prompts and responses are transmitted, with a private preview currently available for registration.

      Overall, Upwind is positioning itself with the belief that the security industry still regards AI as a niche issue, merely a checkbox to tick rather than a thread that weaves through every risk category. Whether or not one agrees with this perspective, the tangible offerings involve inventory management, runtime behavioral baselines, and supply chain scanning, all reengineered for the agentic era. This presents a more cohesive AI security narrative than most vendors currently provide.