There is a version of enterprise AI security that focuses entirely on what happens inside cloud infrastructure. It monitors workloads, protects APIs, tracks model behavior, and flags unusual patterns in how production systems operate. It is rigorous, necessary work.
It also misses where a growing share of AI activity actually begins.
Upwind Security announced today that it is extending its platform to cover developer endpoints with an AI Sensor for Endpoints, a capability that brings device-level AI activity into the same unified view as cloud workloads, identities, and actions.
Starting at the Source
The developer laptop has undergone a quiet transformation. It was once a tool for writing code and occasionally connecting to corporate systems. It is now, in many enterprises, one of the most operationally active nodes in the entire technology stack.
Developers running AI agents on their machines, connecting to MCP servers, and executing automated workflows across SaaS and cloud platforms are generating a category of activity that has no precedent in earlier generations of endpoint behavior. The laptop is not just a device anymore. It is the starting point for automated processes that can reach anywhere in an organization’s infrastructure.
That change has not gone unnoticed by attackers. Developer endpoints have always been attractive targets because they tend to hold credentials and access tokens. Today, those devices are connected to MCP servers capable of extracting information and performing actions across entire organizational stacks. Compromising one becomes dramatically more valuable than it used to be.
What the Sensor Provides
Upwind’s AI Sensor for Endpoints is designed to give security teams visibility into exactly this activity. It monitors MCP connections initiated from developer endpoints in real time, correlates that endpoint activity with cloud identity and action data, and detects anomalous AI-driven actions across SaaS and cloud platforms.
The capability slots into Upwind’s broader platform, which already covers cloud workloads and runtime behavior. Rather than adding a separate endpoint tool that security teams have to manage alongside their cloud security stack, the sensor feeds its data into the same unified view, covering endpoints, cloud, actions, identities, and prompts together.
CEO Amiram Shachar explained the rationale: “In the new world of AI Agents and MCP servers, the cloud risk extended to the edge, where tokens, permissions, and cloud actions are now taken automatically from the developers’ workstations. To truly protect the cloud, we must help security teams see the journey from the endpoint.”
The Gap the Announcement Addresses
AI security tooling has developed quickly, but it has largely developed in categories. Cloud security platforms cover the cloud. Endpoint detection and response tools cover devices. The assumption embedded in that structure is that the two domains are separable, that what happens on a laptop and what happens in a cloud environment are distinct enough to be handled by distinct tools.
AI agents operating through MCP connections break that assumption. When an agent on a developer’s machine can initiate cloud actions, manage identities, and interact with SaaS platforms, the laptop and the cloud are not separate environments. They are parts of the same system, connected by the permissions the device holds and the servers it is talking to.
A security team using separate tools for each layer sees each layer in isolation. It sees endpoint events over here and cloud events over there, with no automated way to understand how the two relate. Upwind’s AI Sensor is designed to collapse that separation, building the correlation layer directly into the platform rather than leaving it as a manual exercise for security analysts.
Timeliness of the Move
The announcement arrives as enterprise AI adoption continues to accelerate. More developers are building with AI tools, more workflows are being automated through agent frameworks, and more of that activity is running through MCP-connected architectures that touch cloud infrastructure directly.
Security teams have been aware for some time that their tooling was not keeping pace with this shift. The endpoint has been a recognized gap in AI security coverage, particularly as MCP has emerged as a standard integration layer that dramatically increases the reach of any given endpoint.
By extending its platform to cover this layer, Upwind is addressing a gap that has grown more consequential with each passing month of enterprise AI adoption. Security teams running Upwind can now monitor the full arc of AI activity, from the developer laptop where a workflow originates to the cloud infrastructure where it executes, without switching contexts or stitching together outputs from separate systems.