The arrival of AI agents has complicated a question security teams once answered with relative certainty: where does a security event actually begin?
In many organizations, cloud security programs are built around monitoring workloads, applications, and infrastructure. Yet AI-driven workflows are increasingly initiated somewhere else entirely. Developers are using AI-powered tools directly from their workstations, connecting them to MCP servers, SaaS platforms, and cloud environments that stretch across the enterprise.
Upwind Security says that the shift has created a visibility gap that traditional security architectures were not designed to address. To help close it, the company has launched AI Sensor for Endpoints, a new capability that brings developer workstation activity into the same view as cloud identities, actions, and resources.
The Endpoint Is No Longer Just an Endpoint
For years, security teams treated developer laptops primarily as devices that required protection. They contained credentials, access tokens, and connections to important systems, making them attractive targets for attackers.
The rise of AI is changing how those devices function inside an organization. According to Upwind, developer workstations are increasingly acting as operational gateways through which AI tools retrieve information and perform actions across multiple platforms. The endpoint is not simply storing access anymore; it is actively participating in workflows that extend into cloud and SaaS environments.
That evolution changes the nature of risk. A compromised workstation may expose more than local resources because the device can serve as a bridge to a much wider collection of services and permissions.
Why Security Teams Need More Context
The challenge for many organizations is that endpoint activity and cloud activity often exist in separate systems. Security teams may identify suspicious behavior in a cloud environment but have limited visibility into the device that initiated it. Likewise, unusual activity on a workstation may appear disconnected from events taking place elsewhere.
As AI-powered workflows become more common, those gaps can make investigations more difficult.
Actions triggered by AI tools can move rapidly between environments, creating chains of activity that cross endpoints, identities, SaaS applications, and cloud resources. Without context connecting those events, teams may struggle to understand how an incident unfolded.
This is the problem Upwind’s latest release is designed to address.
Following the Journey From Device to Cloud
The company says AI Sensor for Endpoints allows security teams to monitor MCP connections initiated from developer devices and correlate that activity with cloud identity and action data. It also enables the detection of anomalous AI-driven actions across SaaS and cloud platforms.
Rather than presenting endpoint and cloud activity as separate streams of information, Upwind aims to provide a unified view that shows how actions progress through an environment. Security teams can track activity from its point of origin to the systems it ultimately affects.
That visibility becomes increasingly valuable as organizations deploy AI tools capable of acting on behalf of users across multiple connected platforms.
“In the new world of AI Agents and MCP servers, the cloud risk extended to the edge, where tokens, permissions, and cloud actions are now taken automatically from the developers’ workstations. To truly protect the cloud, we must help security teams see the journey from the endpoint,” said Amiram Shachar, CEO of Upwind Security.
Security Architectures Are Being Forced to Adapt
The launch reflects a broader trend emerging across enterprise technology. AI is blurring boundaries that have traditionally separated endpoint security, cloud security, and identity security into distinct disciplines.
The systems may still be different, but the activity increasingly flows between them as part of a single workflow. Security teams are therefore under pressure to understand those connections rather than monitor each environment in isolation.
By adding an AI Sensor for Endpoints to its platform, Upwind is expanding its effort to provide a real-time view of cloud, application, and endpoint risk. The company’s message is straightforward: in an era of AI agents and MCP-connected services, understanding the cloud increasingly requires understanding the workstation that initiated the action in the first place.
