Upwind has become a launch partner for Cisco Cloud Control Studio, bringing its real-time cloud and AI security intelligence into Cisco's platform.
The integration centres on Cloud Control Studio, part of Cisco Cloud Control, and gives joint customers access to Upwind data inside Cisco AI Canvas, a workspace where IT teams and AI systems investigate and resolve operational issues.
Using Model Context Protocol, Cisco users can pull in security findings, vulnerability information, API telemetry and AI-related visibility without exporting data to separate tools. Upwind said this data is designed to help users assess which risks are active in production rather than rely on static alerts alone.
The announcement makes Upwind one of the early external providers connected to Cisco's broader push to unify IT operations and security workflows in a single environment. For Cisco, the arrangement adds specialist cloud security data to a platform built to combine networking, observability, identity and compute information.
Runtime focus
At the centre of Upwind's pitch is the argument that modern security teams are not short of alerts, but of context. It said many organisations struggle to distinguish between theoretical vulnerabilities and risks tied to code that is actually running, internet-exposed services, or active and overprivileged identities.
That challenge is becoming more acute as companies deploy AI applications and agent-based workflows. Upwind said these systems create new risks around runtime behaviour, visibility and communication between models and agents that older security approaches were not designed to monitor closely.
Its platform continuously monitors workloads, identities, APIs and runtime behaviour in production environments. It aims to surface higher-confidence risks by focusing on exposure, reachability and exploitability in live systems.
Within Cisco AI Canvas, that information can be used during investigations so operators and AI systems work from the same operational context. Upwind said this allows teams to investigate incidents without switching between multiple consoles to assemble data.
Investigation flow
According to Upwind, when a user starts an investigation in Cisco AI Canvas, the AI systems in that session can use Upwind's runtime context alongside other information already available in the environment. That includes live threat detections from workloads, identities, APIs and cloud infrastructure, as well as vulnerability prioritisation tied to runtime exposure.
The integration also covers API security information, including discovered endpoints, authentication gaps, unusual behaviour and risks correlated with runtime activity. Customers can also examine AI workloads and Model Context Protocol visibility, including communication paths between agents, model usage and suspicious interactions, Upwind said.
Other areas highlighted include cloud posture, identity risk, container behaviour and signs of attacks across the environment. The goal is to help security and IT teams triage issues more effectively by separating static exposure from active operational risk.
Upwind gave examples of prompts users could run inside the Cisco environment, including requests to show critical vulnerabilities running in production ranked by runtime exposure and exploitability, identify production workloads with the highest concentration of exploitable risk, and list internet-facing API endpoints with weak or missing authentication.
Users can also ask for AI workloads communicating over Model Context Protocol with anomalous behaviour, or for identity-driven runtime events that represent the highest active security risk, according to the company.
Broader context
The partnership reflects a wider shift in security software toward embedding specialist data sources into shared operational workspaces rather than keeping analysis in standalone products. Vendors across cloud infrastructure, observability and cybersecurity are trying to make their data usable by automated systems as enterprises rely more heavily on AI-assisted investigation and response.
For customers, the practical issue is often less about collecting more telemetry than reducing the time spent moving across tools to understand what is happening in production. By placing Upwind's security information inside Cisco's operational interface, the two companies are targeting that workflow problem directly.
Upwind said its technology is built around eBPF sensors, which it uses to maintain continuous runtime visibility into workloads. It argued that this level of live operational data gives AI systems a stronger basis for analysis than static posture scans or periodic snapshots.
The company framed the integration as part of a broader view that cloud security data should sit wherever security and IT teams already work. It said runtime cloud security is a foundational input for agent-based operations because AI systems are only as effective as the context they can reason on.
"AI agents are only as good as the data they can reason on," said Upwind.