Updated on: April 24, 2025
In a cloud landscape overwhelmed by static tools and endless alerts, Upwind is redefining what modern security looks like. We sat down with Joshua Burgin, Chief Product Officer, to explore how Upwind’s developer-first platform brings runtime context, build-time visibility, and actionable intelligence to the forefront of cloud defense—and why the future of cybersecurity demands this shift.
Can you provide an overview of Upwind’s mission and its evolution since its founding in 2022?
Upwind was born out of a need to address the challenge of cloud security tools that surfaced thousands of issues with no context, minimal prioritization, and little collaboration between security and engineering. We realized that modern cloud security couldn’t be static or siloed. It had to be dynamic, integrated and developer-first. Since founding Upwind in 2022, our mission has been to shift the paradigm by bringing runtime to the forefront of cloud security.
That means securing workloads while they’re running, understanding the full context of threats and making it easy for platform and engineering teams to take action. Three years in, we’re proud to be trusted by organizations like Wix, Bill.com, Booking.com, and Abnormal Security and to be recognized among The Information’s 50 Most Promising Startups.
How does Upwind’s Cloud Security Platform integrate runtime and build-time intelligence to enhance cloud security?
What sets Upwind apart is how we bring real-time runtime insights and link them back to their origin in the build process. We continuously monitor live workloads for threats, whether it’s suspicious behavior, misconfigurations or policy violations, and trace those findings back to the code, image or pipeline where they started. That full-stack visibility gives teams not only faster detection and response but also root-cause analysis that’s actionable. It’s one thing to know something went wrong in production. It’s another to know exactly when, why, and how it happened, and who owns the fix. By unifying runtime and build-time intelligence, we help teams prevent incidents from recurring and secure their environments holistically.
What sets Upwind apart from other cloud security providers in terms of technology and approach?
The cloud has fundamentally changed the security game. Static tools just can’t keep up with ephemeral workloads, containerized environments and real-time threats. Upwind was built from the ground up with runtime at the core. We don’t just surface vulnerabilities. We help teams understand what’s running in production, how it deviates from intended behavior, and which issues truly matter. If you have 33,000 misconfigurations, we’ll find the five that could impact your business. That level of precision, paired with developer-friendly workflows and root-cause context, is what sets us apart. We’re not just bolting security onto the side. We’re embedding it directly into the way teams build and operate in the cloud.
Can you share some success stories or feedback from clients who have benefited from Upwind’s solutions?
One standout example is The RealReal, a leading luxury consignment marketplace with over 34 million members. Like many e-commerce platforms, it handles sensitive customer data at scale, making runtime visibility critical. Before Upwind, The RealReal’s security and DevOps teams were overwhelmed with a flood of unprioritized vulnerabilities, often spending time fixing issues that posed little real risk. After adopting Upwind’s runtime security, they were able to immediately pinpoint the threats that actually mattered, reducing manual triage work and significantly accelerating their response times.
What’s especially powerful is how accessible the platform is. A junior DevOps engineer was able to deploy Upwind in just half a day, replacing a more expensive and complex set of tools. By shifting to real-time detection and root-cause analysis, The RealReal not only improved its security posture and avoided potential breaches but also cut costs and streamlined operations. It’s a great example of how runtime security doesn’t just reduce risk, it improves how teams work and supports broader business resilience.
What are Upwind’s plans for future growth and innovation in the cloud security sector?
We’re building for the reality of cloud-native development: fast, distributed and constantly changing. That means continuing to invest in our core runtime platform while expanding automation and AI capabilities that help teams respond to threats even faster and with greater precision. We’re also focused on making it easier for customers to unify their security workflows across hybrid and multi-cloud environments because fragmented visibility is one of the biggest challenges today.
Looking ahead, we’ll deepen our integrations across the DevSecOps ecosystem and continue investing in a platform that not only detects and prioritizes threats but helps prevent them in the first place. Our goal is to be the backbone of modern cloud security – fast, contextual and built for how engineering teams actually work.
