Announcing Our Partnership with Upwind

Every security team has a name for it. Some call it the backlog. Some call it the queue. The more candid ones, usually after their second drink at a conference, call it the list of things we confirmed were real but then piled up for six months.

AI has changed the math for attackers. Adversaries are now automating reconnaissance, exploit generation, and lateral movement at a pace that's compressing the window between disclosure and exploitation down to nothing. That backlog used to be a management problem. Now it's a liability.

Upwind detection capabilities can mitigate this issue. By combining runtime context with exploitability analysis, Upwind cuts through scanner noise and surfaces what is actually exposed, reachable, and exploitable — not just what appears on a vulnerability list.

The eleven steps after a confirmed finding is where the new operational challenge begins and remediation stalls. Who are the seven people those steps require? The four systems none of them share access to? The two weeks before anyone touches a keyboard to fix anything?

That is what this partnership addresses.

The problem in plain terms

Traditional scanners hand security teams thousands of theoretical findings a week. Upwind takes a different approach. eBPF sensors observe what is actually running across cloud workloads, identities, APIs, and production behavior, and surface only the findings that are exposed, reachable, and worth addressing today.

That precision matters because it changes the downstream math. A 10,000-line scanner export is not a work queue. A focused set of confirmed runtime findings is. The question is what happens next.

A confirmed finding is the starting line for operational work. Who owns this service? What depends on it? Is this workload customer-facing? Is it PCI-scoped? Those answers live across identity systems, code repositories, ticketing, the CMDB, HR records, and the on-call rotation. Gathering them by hand takes hours per finding. Multiply that by the backlog, and the math stops working.

What Surf adds when Upwind confirms a finding

Surf AI is an agentic security operations platform. The Context Graph stitches identity, cloud, HR, IT, and data systems into a single picture of the environment. Specialized AI agents act on that picture, with human approval at every irreversible step.

When Upwind confirms a runtime CVE, Surf takes the handoff:

Ownership resolved in seconds. Surf cross-references the affected workload against the identity, HR, ITSM systems and the rest of the connected stack. The right owner and escalation path come back in seconds, not after a 90-minute Slack thread.

Impact modeled before action. Surf walks the service-to-service call graph, checks retry and fallback configurations, and maps what would and would not change if the proposed remediation ships. The team knows what ‘ripple effects’ will happen  before they act.

Approval routed to the right person, with the right context. The finding lands with the on-call engineer in Slack, the change record drafted, the SLA mapped to the team's policy, and a one-click approval path. Standard fixes move in a single step. Sensitive ones get the review depth they need.

Action executed and verified. Surf runs the rolling redeploy, validates the fix in production, and writes the outcome back to Upwind. Every step is logged. Every approver is captured. The audit trail closes the moment the loop does.

Closing the loop

Upwind narrows the signal to findings that are real and worth acting on. Surf eliminates the coordination that stalls action on them. Together, the loop runs at a tempo that matches the threat landscape rather than trailing behind it.

"Upwind has set the bar for runtime cloud security. Their findings are precise enough to act on with confidence, and that precision is what makes meaningful automation possible. Surf AI's Context Graph is built to take signals like Upwind's and resolve every piece of context needed to remediate them safely. This partnership turns detection into action at a speed that matches the threat landscape." — Elad Horn, President and Chief Product Officer, Surf AI

"Runtime visibility changes the security conversation from theoretical risk to production reality. Upwind identifies what matters in live environments, and Surf AI operationalizes that intelligence by connecting the context needed for safe remediation. The result is a loop that closes faster, with confidence." — Alon Saban, Head of Global Partnerships, Upwind

For Upwind customers

If you're running Upwind today, the integration is ready to walk through. Request a demo and we'll show you what the loop looks like in your environment.

About Surf AI 

Surf AI is an agentic operations platform that helps enterprises operationalize security programs with AI. By connecting context across identity, cloud, data, HR, and IT systems, Surf closes the gap between understanding risk and acting on it. Surf's AI-native platform uses specialized agents to drive action with human oversight, guardrails, and auditability built in. Surf is backed by Accel, Cyberstarts and Boldstart Ventures, and trusted by global companies including Fortune 500 enterprises. For more information, visit www.surf.ai.

About Upwind

Upwind is the next-generation cloud security platform built to lead the Runtime revolution. Headquartered in San Francisco, California, Upwind brings together a unified vision for cloud and application-layer protection, empowering organizations to run faster, detect threats earlier and secure their environments with unmatched precision. The company was founded by Amiram Shachar and the founding team behind Spot.io (acquired by NetApp for $450 million) and is backed by leading investors including Bessemer, Salesforce Ventures, Greylock, Cyberstarts, Leaders Fund, Craft Ventures,TCV, Alta Park, Cerca Partners, Swish Ventures and Penny Jar Capital. Upwind has raised $430 million since its founding in 2022 and is trusted by forward-thinking enterprises globally to bring real-time runtime intelligence to modern cloud security. For more information or to schedule a demo, visit www.upwind.io.