Upwind Launches AI Agentic Pack for Runtime Security

The cloud security firm Upwind announced the launch of its AI Agentic Pack on May 13, 2026, introducing a set of specialized AI agents designed to investigate threats, validate exposure, and guide remediation using runtime context. The announcement came via official press release distributed through GlobeNewswire.

Security teams already drown in alerts, findings, and telemetry. The real problem isn't visibility anymore — it's determining which risks are actually meaningful and what action to take next, fast enough to reduce exposure. Upwind's approach connects findings to live cloud activity, service relationships, identity behavior, and execution context. This enables teams to focus on what is actively running and exposed in production environments, rather than spending time analyzing theoretical risk.

The AI Agentic Pack introduces four specialized agents aligned to key stages of the security lifecycle. Choppy gains context by mapping services, dependencies, and relationships across cloud, code, and runtime environments. Blue responds faster by analyzing alerts, suspicious activity, and runtime signals to reconstruct activity and support response efforts. Red proves what's exposed by identifying entry points, mapping attack paths, and validating which risks are likely to be exploitable. Green fixes what matters by translating validated findings into clear remediation steps, including root cause analysis and PR code generation.

Moshe Hassan, VP Product & Research at Upwind, framed the shift this way: "AI is transforming how security teams operate. We are shifting from prioritization to agency and AI-driven security workforces." The future of cloud security will be driven by AI agents that can investigate, validate, solve, and guide action in real time, grounded in the reality of what's happening across the environment (a problem that has plagued users for years, frankly).

The platform provides context and recommended next steps based on runtime evidence, while ensuring teams retain visibility and control over how actions are reviewed and executed. This matters because the physical experience of security work involves clicking through dashboards, waiting for scans to complete, and manually correlating signals across disconnected tools. The AI Agentic Pack attempts to compress that friction.

Industry context supports the timing. Gartner predicts AI applications will drive 50% of cybersecurity incident response efforts by 2028, reflecting a broader shift toward AI-assisted investigation and response workflows. Vulnerabilities are discovered and exploited faster, environments are more dynamic, and security teams are managing more signals than they can realistically act on.

Customer validation came from Aman Sirohi, SVP & CISO at Cyberhaven, who noted: "What stands out with Upwind is its ability to ground AI-driven investigation and response in runtime reality. The AI Agentic Pack helps our team focus on what is actually exposed, what matters most to the business, and prioritize action with far greater confidence and efficiency."

The AI Agentic Pack expands Upwind's Cloud & AI Security Platform, which brings together visibility, protection, and risk validation across cloud infrastructure, applications, identities, APIs, workloads, and AI systems. By combining agentless discovery, runtime sensors, and contextual analysis, Upwind enables teams to understand where AI is used, how it connects across the environment, and which risks require attention.

Upwind was founded by Amiram Shachar and the founding team behind Spot.io (acquired by NetApp for $450 million). The company has raised $430 million since its founding in 2022 and is backed by investors including Bessemer, Salesforce Ventures, Greylock, Cyberstarts, Leaders Fund, Craft Ventures, TCV, Alta Park, Cerca Partners, Swish Ventures, and Penny Jar Capital.

The AI Agentic Pack is available to Upwind customers as part of the company's broader Cloud & AI Security Platform. For more information, visit upwind.io.

There's a harder question lurking beneath the announcement. When your security AI acts autonomously at 2am and kills a production pod, who is accountable? Not in a technical, PR-safe way. Who designed the guardrails? Who defined the boundary between "act" and "alert"? Who validated that the runtime signal being acted on isn't a false positive caused by a legitimate deployment pipeline?

Upwind's own blog post on agentic security accountability acknowledges this tension. The company describes "consequence engineering" as the practice of designing, validating, and governing the decision logic of autonomous security systems — specifically focused on what happens after a detection, not just whether the detection is accurate. The failure mode of agentic security is not a missed detection. It's a correct detection with a wrong response.

The AI Agentic Pack represents a genuine shift from detection to action. Whether security teams actually trust these agents enough to let them operate at machine speed remains the real question. And if they don't, the whole thing becomes a fancy dashboard with extra steps.

Artūras Malašauskas is an AI Systems Integrator with 20+ years of production-grade web engineering experience. He has designed, shipped, and scaled enterprise Python/PHP systems for logistics, SaaS, and public-sector clients. For the past year, he has focused exclusively on AI integrations: deploying open-source LLMs, building generative media pipelines (image, audio, video), and engineering multi-agent workflows for real production environments. His standard: reproducibility, security, cost-efficient inference—no vaporware. He documents and evaluates emerging AI tooling, separating verified capabilities from marketing noise. Technical editor at: muza-ai.eu, ai-verslas.lt, ai-naujinos.lt Connect on LinkedIn