Upwind Launches Open Source Security Model, Redefines Cloud Risk Governance with Radical Transparency

In a move that fuses transparency, autonomy, and runtime intelligence, Upwind has unveiled its Open Source Security Model — a novel framework aimed at decentralizing and demystifying cloud risk management. The launch comes as the company also earns a coveted spot on CRN’s 2025 Stellar Startups list in the Security category, solidifying its status as one of the most disruptive forces in modern cloud protection.

A New Philosophy for Cloud Risk Management

Upwind’s Open Source Security Model represents a departure from traditional, top-down governance structures. Rather than confining risk management to central teams, the model invites every engineer, DevOps specialist, and compliance officer to actively shape how risks are interpreted and resolved — in real time.

By allowing users to “modify, accept, recast, or snooze” findings within the platform, Upwind effectively transforms cloud security into a living, collaborative workflow. The system is driven by runtime evidence — not static scans — enabling organizations to make context-aware decisions that reflect what’s actually happening inside their cloud workloads.

“In the age of AI, where teams are adopting new tools and cloud environments are becoming dynamic and complex, it’s harder than ever for centralized security teams to keep up,” said Moshe Hassan, VP of Research at Upwind. “Our Open Source Security Model gives every team the tools to take ownership of their risks, guided by Upwind’s runtime intelligence. This is how cloud security becomes not only more precise, but more organized and accurate with the necessary hygiene.”

The approach embodies the principle of extreme ownership — pushing risk visibility and accountability closer to those operating the systems, while maintaining centralized oversight through audit-ready logs and evidence-backed controls.

Runtime-First Meets Partner-First

Upwind’s technology already stands out for its runtime-first methodology — analyzing workloads as they execute, rather than relying solely on pre-deployment scanning. That runtime visibility underpins the new security model, enabling faster validation and resolution of issues.

“Upwind’s runtime-first innovation and partner-first mindset are redefining what modern cloud security looks like,” said Nir Alfandary, Digital Natives Lead at Microsoft. “We’re proud to partner with Upwind to help organizations secure their Azure environments while accelerating growth and innovation through the Microsoft ecosystem.”

The Open Source Security Model extends this philosophy by aligning technical and compliance functions, ensuring organizations focus exclusively on exploitable risks. The result: fewer false positives, faster remediation, and an operational environment that’s both more efficient and more transparent.

Partnerships Powering 4000% Growth

Recognition on CRN’s Stellar Startups list underscores not only Upwind’s product innovation but also its strategic expansion. Over the last six months, the company has forged more than 70 new ISV and third-party partnerships, alongside strengthened collaborations with hyperscalers like Microsoft Azure and AWS.

“We’re excited to recognize the forward-thinking companies featured on this year’s Stellar Startups list,” said Jennifer Follett, VP of U.S. Content and Executive Editor at CRN. “This honor highlights each organization’s commitment to tackling IT channel challenges, driving innovation through cutting-edge technologies, and empowering partner success.”

That partner-first approach now scales through the Upwind Partner Program (UPP) — a structured enablement ecosystem offering certification, training, and co-sell support. The initiative has been instrumental in fueling Upwind’s 4000% year-over-year growth, with enterprise customers including Peloton, Bill, Fiverr, and Agoda.

The Future: Transparent, Autonomous Cloud Defense

As cloud environments grow more fluid — blending ephemeral containers, AI agents, and distributed APIs — Upwind’s model signals a broader industry shift toward open governance. Rather than treating security as a black box, it opens the box entirely — making every risk, action, and exception part of a visible, verifiable chain of accountability.

If traditional security platforms aimed to detect threats faster, Upwind’s vision goes a step further: making security collective, contextual, and continuous. In a landscape defined by automation and AI, that might be the kind of human-centered transparency the cloud has been missing.