Bringing the Leader of 'Next-Gen CNAPP 2.0' to Japan: 'Upwind Security' Launches Domestically as the New Standard for the AI and Cloud Era

Nox Corporation (Headquarters: Tokyo, hereinafter 'the Company') announces that it has started exclusive domestic sales of 'Upwind Security,' a next-generation security platform for cloud-native environments developed and provided by US cybersecurity company Upwind Security, Inc. (Headquarters: California), effective May 1, 2026. In recent years, corporate IT environments have been rapidly evolving due to the spread of generative AI and advances in cloud-native technologies. On the other hand, traditional security products have relied on static vulnerability assessments and detection in single domains, making it difficult to identify 'risks with a high likelihood of actual attack.' Against this backdrop, a security method based on an 'Inside-Out Approach' starting from runtime data is gaining attention, particularly in the US and European markets. Upwind Security is growing rapidly as a representative of this approach, and with this launch in Japan, full-scale adoption will become possible in the Japanese market.

What is the Inside-Out × Runtime Approach?

Traditional security has mainly used an Outside-In model that observes from the outside. In contrast, Upwind Security adopts an 'Inside-Out Approach' that captures the entire environment from the internal execution state (Runtime).

Main Features of Upwind Security

▼ Visualize Attack Paths and Clarify Remediation Priorities

Displays the 'flow leading to a successful attack' in a graph, which was difficult with traditional vulnerability management, allowing response to high-priority risks first.

▼ Comprehensive Visualization Including Multi-Cloud and AI Communications

Graphs dependencies including AI services and external communications in addition to AWS, Azure, and Google Cloud.

▼ Understanding AI/Generative AI Usage and Security Risks

Detects AI technologies used within the enterprise (such as OpenAI, LangChain) and performs risk analysis.

▼ Automated Compliance and Configuration Risk Assessment

Conducts cloud configuration assessment and scoring based on CIS, NIST, etc.

▼ Integrated SBOM and Vulnerability Management

Visualizes risk and impact scope at the software unit level.

▼ Threat Detection and Incident Storytelling

Extracts only essential attacks from a large volume of events and analyzes them chronologically.

▼ Advanced Incident Analysis (Kubernetes Support)

Traces intrusion paths, privilege escalation, external communications, etc., in detail to support investigations.

▼ Runtime-Based Vulnerability Prioritization

Identifies 'actually exploitable vulnerabilities' rather than 'existing vulnerabilities.'

Market Background and Significance

Currently, corporate IT environments face the following three changes:

1. Rapid expansion of generative AI in business operations

2. Increased complexity of structures due to Kubernetes and microservices

3. Normalization of multi-cloud environments

This has expanded the attack surface, and traditional 'perimeter defense' and 'static scan-centric' security models are reaching their limits. By performing analysis based on runtime behavior, Upwind Security is highly effective as a solution that answers the essential question of 'which risks are actually dangerous.'

Future Developments

Through the provision of Upwind Security, the Company will support Japanese companies in achieving the following:

・Advancement of cloud-native security

・Response to new risks associated with AI usage

・Implementation of DevSecOps

・Efficiency improvement in security operations

Furthermore, we will consistently provide services from implementation consulting to operational support, strongly promoting corporate security transformation.

About Upwind Security

Upwind Security (Headquarters: San Francisco, California, USA) is a cybersecurity company founded in 2022 by Amiram Shachar and others, who previously sold the cloud optimization platform 'Spot.io' to NetApp. The company has raised over $430 million (approximately 65 billion yen) in total funding from firms including Bessemer Venture Partners and Salesforce Ventures, and is globally recognized as a rapidly growing unicorn with a corporate valuation of $1.6 billion (approximately 240 billion yen). The company champions a new philosophy of 'Runtime-first,' entering the market with an approach different from traditional static analysis-centric security. By assessing risks based on behavioral data from actual execution environments, not just code and configurations, it achieves more effective security.

The Upwind Security platform comprehensively covers the following areas:

・Cloud Security (CSPM)

・Workload Protection (CWPP)

・Vulnerability Management (VM)

・API Security

・AI Security

This makes it possible to manage security measures, previously handled by multiple tools, on a single platform. Upwind Security is rapidly being adopted in the global market, particularly gaining recognition among cloud-native companies, SaaS companies, and large enterprises.

Company Overview (Nox Corporation)

Company Name: Nox Corporation

Location: 2-23-13 Yakumo, Meguro-ku, Tokyo

Business: Sales of storage and network products, integration and marketing, technical support, consultation, operations and technical support services