Ask most security teams where their cloud protection begins, and they will describe a boundary somewhere around the cloud itself. Workload monitoring, API security, identity governance, runtime detection. All of it scoped to the infrastructure layer.
That boundary was always a simplification. Now, with AI agents running on developer laptops and MCP servers connecting those laptops to cloud platforms at scale, it is a liability.
Upwind Security today announced the AI Sensor for Endpoints, extending its cloud and AI security platform to cover developer workstations. The announcement is a direct response to the ways AI adoption has dissolved the conceptual line between endpoint security and cloud security.
A Threat Model Rewritten by AI
Laptops have been targets for as long as enterprise computing has existed. They carry credentials, store sensitive files, and provide a foothold for lateral movement. The standard playbook for compromising an organization often runs through the endpoint, and security teams have invested heavily in endpoint detection and response tools as a result.
What has changed is the nature of what a compromised endpoint can now do. An attacker who gains access to a developer’s machine today does not just get the credentials stored on it. If that machine is connected to MCP servers, the attacker inherits the ability to initiate actions across every SaaS platform and cloud environment those servers can reach. The blast radius of a single device compromise has expanded dramatically.
Amiram Shachar, CEO of Upwind Security, made the connection explicit: “In the new world of AI Agents and MCP servers, the cloud risk extended to the edge, where tokens, permissions, and cloud actions are now taken automatically from the developers’ workstations. To truly protect the cloud, we must help security teams see the journey from the endpoint.”
Three Capabilities, One Unified View
The AI Sensor for Endpoints delivers three specific capabilities for security teams. It monitors MCP connections initiated from developer endpoints in real time, giving teams visibility into which servers their devices are talking to and when. It correlates that endpoint activity with cloud identity and action data, connecting device-level events to the cloud-level consequences they can trigger. It also detects anomalous AI-driven actions across SaaS and cloud platforms, catching behavior that only becomes visible when endpoint and cloud data are analyzed together.
All of this feeds into Upwind’s existing platform rather than standing as a separate product. Security teams working in Upwind see endpoints, cloud workloads, identities, actions, and prompts in a single view, without needing to move between tools or perform manual correlation to understand what is happening across their environment.
Why Platform Integration Matters Here
The value of the AI Sensor is not just in the data it collects. It is in where that data lands.
Security tools generate signals constantly. The problem for most organizations is not a shortage of data. It is the difficulty of connecting data from separate systems into a coherent picture of actual risk. A team using one tool for endpoint monitoring and a different tool for cloud security has to do that correlation work manually, which means it often does not happen at speed.
When endpoint signals and cloud signals arrive in the same platform that already understands runtime context, the correlation is automatic. An anomalous action that originates at a developer laptop and propagates through an MCP server into cloud infrastructure is visible as a single event chain rather than as two separate alerts in two separate dashboards.
The Timing of This Announcement
MCP has developed quickly as a standard for AI agent integration. Its adoption means that developer workstations are, in many enterprises, now integrated directly into cloud workflows in ways that would have been unusual even two years ago.
The security tooling designed for the pre-AI endpoint landscape was not built to monitor this kind of activity. It was designed for a world where the endpoint was a device that connected to corporate resources, not a node in an automated system that could initiate cloud actions on its own.
Upwind’s AI Sensor for Endpoints closes a gap that has become increasingly difficult for security teams to ignore. As AI-driven development workflows become standard practice rather than edge cases, the need for security coverage that spans both endpoints and cloud infrastructure without gaps will only become more pressing. Upwind is positioning its platform to meet that need now, before the gap widens further.
