For much of the cloud era, security teams focused their attention on protecting workloads, applications, and infrastructure. The assumption was straightforward: if critical assets lived in the cloud, that was where visibility needed to begin.
The rise of AI is challenging that assumption.
As developers adopt AI-powered tools that interact with cloud services and SaaS platforms, the workstation has become an increasingly important part of the security equation. Actions that once required direct human involvement can now be initiated through AI systems connected to multiple environments, creating new pathways between endpoints and the cloud.
Upwind Security is responding to that shift with the launch of AI Sensor for Endpoints, a capability designed to provide visibility into AI activity that originates on developer devices and extends into cloud environments.
A Growing Blind Spot
The pace of AI adoption has introduced a layer of complexity that many organizations are still working to understand. Developers are connecting AI tools to MCP servers and other services capable of retrieving information and performing actions across different platforms.
Those connections create efficiencies, but they also expand the role of the endpoint. A developer laptop is no longer simply a place where code is written. It can become the starting point for actions that affect cloud infrastructure, SaaS applications, and enterprise resources spread across multiple environments.
According to Upwind, that evolution has created a blind spot for security teams. While organizations may have strong visibility into cloud workloads and identities, they often lack the ability to connect those events back to the workstation where the activity originated.
Connecting Events That Were Previously Separate
Traditional security architectures have generally treated endpoint and cloud monitoring as separate disciplines. Endpoint tools focus on devices, while cloud security platforms focus on infrastructure and workloads.
AI workflows do not necessarily follow those boundaries.
A single interaction on a developer workstation can trigger activity across several systems, making it difficult to reconstruct the full chain of events when investigating security concerns. Understanding what happened often requires pulling together information from multiple tools and data sources.
Upwind’s AI Sensor for Endpoints is intended to simplify that process. The company says the capability monitors MCP connections initiated from developer devices, correlates endpoint activity with cloud identity and action data, and detects anomalous AI-driven actions across SaaS and cloud platforms.
By placing those signals within a single platform, security teams gain visibility into how activity moves between environments rather than viewing each event in isolation.
The Shift From Location to Context
One of the themes underlying Upwind’s announcement is that AI is changing how organizations think about security visibility.
In the past, security strategies often revolved around protecting specific environments. Today, AI-driven workflows regularly cross multiple environments, making context more important than location. Security teams need to understand not only where an action occurred, but also what triggered it, which identities were involved, and how it affected connected systems.
That need for context is particularly relevant when AI agents have access to permissions that allow them to perform actions automatically on behalf of users.
“In the new world of AI Agents and MCP servers, the cloud risk extended to the edge, where tokens, permissions, and cloud actions are now taken automatically from the developers’ workstations. To truly protect the cloud, we must help security teams see the journey from the endpoint,” said Amiram Shachar, CEO of Upwind Security.
Following the Full Path of AI Activity
The introduction of the AI Sensor for Endpoints expands Upwind’s broader effort to unify visibility across cloud, application, and endpoint environments. Rather than viewing each layer separately, the company is advocating for a security model that follows activity as it moves through interconnected systems.
As enterprises continue integrating AI into development workflows, security teams are likely to face increasing pressure to understand those connections. Upwind’s latest release is built around the idea that cloud security investigations should not start where activity ends, but where it begins, and for many AI-driven workflows, that starting point is the developer workstation.
