Upwind Security Brings AI Visibility to the Endpoint, Unifying Cloud and Device Security

Enterprise security teams have spent years building defenses around the cloud. They secured workloads, locked down identities, and monitored runtime behavior with increasing sophistication. What they didn’t fully anticipate was AI rewriting the rules about where risk actually lives.

Upwind Security is responding to that shift with a new AI Sensor for Endpoints, announced today. The capability extends Upwind’s cloud and AI security platform to cover developer laptops and workstations, giving security teams a unified view of AI activity that runs from individual devices all the way through to cloud infrastructure.

For most of security’s recent history, the endpoint was a known problem with known solutions. Antivirus software, endpoint detection and response tools, and mobile device management platforms handled the device layer, while cloud security platforms handled everything above it. Those two worlds rarely needed to meet.

That separation no longer reflects how enterprise environments actually work. Developer laptops today are not passive workstations. They are active participants in complex, AI-driven workflows. They initiate connections to MCP servers, execute automated actions across SaaS platforms, and carry tokens and permissions that touch enormous portions of an organization’s stack.

A compromised developer device in 2025 is not a localized problem. It is a potential entry point into everything.

Upwind CEO Amiram Shachar framed it directly: “In the new world of AI Agents and MCP servers, the cloud risk extended to the edge, where tokens, permissions, and cloud actions are now taken automatically from the developers’ workstations. To truly protect the cloud, we must help security teams see the journey from the endpoint.”

The AI Sensor for Endpoints gives security teams three core capabilities. First, it monitors MCP connections initiated from developer endpoints in real time, providing visibility into which server devices are talking to and what those connections are doing.

Second, it correlates that endpoint activity with cloud identity and action data, stitching together a picture of how device behavior connects to what happens upstream. Third, it detects anomalous AI-driven actions across SaaS and cloud platforms, surfacing behavior that would otherwise be invisible to teams relying on cloud-only monitoring.

The practical effect is that security teams no longer have to work with disconnected signals from separate tools. Endpoint data and cloud data land in the same unified view, covering identities, actions, and prompts alongside the underlying infrastructure context.

The Model Context Protocol has emerged as a key integration layer for AI agents, allowing tools to connect and communicate across platforms. It has also introduced a new attack surface that security teams are only beginning to fully understand.

When a developer’s laptop is connected to MCP servers that can extract information and perform actions across SaaS and cloud platforms, that device carries risk far beyond its physical boundaries. The tokens and permissions stored on it are no longer just credentials. They are the keys to automated actions that can move laterally across an organization’s entire technology stack without a human ever clicking a button.

This is what makes the endpoint critical to cloud security, not just to device security. The threat path no longer respects the old boundary between where a device ends and where the cloud begins.

Upwind has built its platform around runtime-powered cloud security, using live behavioral data to give security teams an accurate picture of how their environments actually operate rather than how they were configured to operate. The endpoint AI Sensor applies that same philosophy to the device layer.

By pulling endpoint data into the same platform that already covers cloud workloads, Upwind eliminates one of the more significant blind spots that AI adoption has created for enterprise security teams. Developers building with AI tools, running agents locally, and connecting to MCP servers generate a category of activity that cloud-only platforms were never designed to see.

The announcement reflects a broader recognition across the industry that AI has dissolved the architectural assumptions that once made it reasonable to treat endpoint security and cloud security as separate disciplines. Security teams that still operate with that separation are working with an incomplete map of their own environment.

Upwind’s move to close that gap positions the platform as a unified layer for organizations that need their security posture to keep pace with the AI-driven workflows their developers are already running.