AWS re:Invent 2025 - Runtime + AI: Reinventing Cloud Security on AWS (SEC223)

AWS re:Invent 2025 - Runtime + AI: Reinventing Cloud Security on AWS (SEC223)

Introduction to Upwind

• Upwind is a cloud security platform founded by a team with a background in DevOps and the Israeli military
• The founders previously built Spot, a cloud automation platform, which was acquired by Netapp in 2020
• Upwind was started in 2022 with the goal of fundamentally changing the approach to cloud security

The Need for a New Cloud Security Paradigm

• Modern cloud architectures, especially those leveraging AI, behave differently than traditional workloads
• AI agents and microservices communicate through APIs, are ephemeral, and keep minimal state
• This requires a new approach to visibility that goes beyond just configuration and vulnerability scanning

Upwind's Approach: Inside-Out Visibility

• Traditional "outside-in" cloud security focuses on configuration, vulnerabilities, and static scanning
• Upwind introduces an "inside-out" approach that provides runtime visibility into application and workload behavior
• This allows for:
  • Real-time threat detection by observing anomalies and deviations from behavioral baselines
  • Prioritizing security findings based on the actual risk to the specific runtime environment, not just generic CVE scores

Key Capabilities of the Upwind Platform

1. Full Environment Discovery and Visibility:

   • Real-time mapping of the entire cloud environment, including changes over time
   • Visibility into data flows, network traffic, and API interactions

2. Exposure and Attack Surface Reduction:

   • Identifying all exposures and vulnerabilities in the environment
   • Prioritizing the most critical issues based on runtime context

3. Threat Detection and Response:

   • Detecting threats in real-time by observing behavioral anomalies
   • Providing detailed incident analysis and the ability to take immediate action, such as killing processes or blocking network paths

4. AI and Data Security:

   • Securing AI workloads, microservices, and APIs that are highly dynamic and ephemeral
   • Monitoring data flows to and from AI services, both internally and externally

Business Impact and Use Cases

• Upwind's approach allows organizations to focus on the most critical security issues, reducing alert fatigue and improving overall security posture
• The platform can consolidate multiple security tools into a single solution, providing a comprehensive view of the cloud environment
• Specific use cases include:
  • Securing traditional cloud workloads
  • Protecting AI-powered applications and data flows
  • Gaining real-time visibility and threat detection for modern, dynamic cloud architectures

Conclusion and Next Steps

• Upwind offers a new way to approach cloud security by providing deep runtime visibility and context-aware security
• Interested attendees are invited to visit the Upwind booth (Isle 600) to see a demo and discuss their specific security needs