Upwind Makes Runtime Security the New Cloud Frontier With Full Nyx Integration

The race to secure the cloud is heating up—not just at the perimeter, but deep within the applications themselves. Upwind, the Israeli-founded cloud security startup, is doubling down on that front with the full integration of Nyx, a runtime visibility engine it acquired in April. The result? A platform that promises to shift the very foundation of cloud security—from static scanning to live, in-motion defense.

With Nyx now baked into its core product, Upwind claims it has become the first vendor to offer true Cloud Application Detection and Response (CADR), a term that may soon rival XDR in relevance for cloud-native environments. It’s a bold claim, but one that arrives with technical teeth.

From Posture to Process-Level Protection

Traditional CNAPPs (Cloud-Native Application Protection Platforms) largely focus on misconfigurations, vulnerabilities, and static policy enforcement. They tell you what might go wrong. Upwind’s new capabilities aim to show what is going wrong—live, as code executes and attackers try to move laterally.

At the heart of the Nyx acquisition was its eBPF-based runtime telemetry engine, a lightweight yet powerful tool that can observe the deepest layers of application behavior without dragging down performance. Now embedded into Upwind, it extends visibility to:

• Function-aware vulnerability prioritization: Rather than flagging every known CVE, Upwind analyzes whether a vulnerable function is actually invoked during runtime. This slashes alert volume and lets security teams focus on real risk—not hypothetical ones.

• Application-layer threat detection: Beyond process and network monitoring, Upwind now traces API calls and function executions for anomaly detection, enabling fine-grained insight into attacks that evade traditional security tools.

It’s like going from a CCTV camera outside the building to a motion detector inside the vault.

Changing the CNAPP Game

This latest move puts Upwind ahead in an increasingly crowded CNAPP market. While vendors like Wiz and Palo Alto Networks have pushed shift-left approaches and broader integrations, very few have cracked application-layer runtime protection.

The integration was completed unusually fast—just four months after acquisition—thanks to architectural alignment. Both platforms were designed with scale, low latency, and minimal performance impact in mind. That shared DNA made for a rare smooth merger—both technically and culturally.

Runtime as the New Battleground

The shift to runtime-first security reflects an uncomfortable truth: attackers aren’t waiting for your next code review or security scan. They're exploiting live workloads in real time—often leveraging legitimate tools and functions to move undetected.

Upwind’s move to full-stack runtime protection addresses this head-on, positioning runtime not as a supplement to posture management, but as the foundation of modern cloud defense. It gives teams the power to:

• Detect zero-days and novel attacks

• See real-time behavior of cloud apps down to the function level

• Stop exploitation before it spreads

Looking Ahead: Data and AI on the Radar

While today's announcement focuses on runtime CADR, Upwind’s roadmap doesn’t stop there. Shachar confirmed the company is already exploring how its telemetry engine could extend to Data Security and AI Security—two domains that are quickly becoming the next attack surfaces in cloud-native environments.

Backed by $180 million in funding and alumni from Spot.io (which NetApp acquired for $450M), Upwind is well-positioned to keep pushing the envelope. If runtime is the new frontline, they want to be the first and only platform standing there.

Whether the market agrees will depend on one thing: whether security teams are ready to stop predicting breaches—and start seeing them unfold.