Wiz

We just dropped our 'Ultimate AI Security Masterclass' on YouTube. 🍿 The truth is, AI security is fundamentally an infrastructure and access control challenge. You just need the right playbook. These sessions with experts like Alon Schindel, Rami McCarthy Jack Cable, Igor Andriushchenko Matt Maloney Johann Rehberger skips the theory. 📝 What you will learn? - How to protect enterprise AI applications in real-world scenarios - How to defend against advanced prompt injection attacks - How to map security risks across the full Code-to-Cloud continuum - How to identify and prevent supply-chain hijacking paths Watch the full breakdown >> https://lnkd.in/g9sakpN2

⚔️ The endgame STARTS NOW 🏆 For our CTF finale we did something a little wild ↓ We open-sourced the Cloud Security Championship platform itself 🧠 Yes, the actual system behind the challenge. Your mission: Explore the repo 🕵️ Figure out how to make the platform record your win Hints drop in 48 hours. The clock’s ticking ⏳ Who will become the next cloud security champion? https://lnkd.in/eAXDsFd8

🧠 NEW ERA: AI Threat Defense! As AI speed changes how vulnerabilities are found and exploited, organizations must prepare for a new risk dynamic. In our latest blog by Raaz Herzberg, we show you how Wiz helps you do just that at each stage of our AI Threat Readiness framework: 1) Reduce exposure and exploitable risk with Wiz ASM + the Red Agent 2) Accelerate remediation with the Green Agent and Wiz Workflows 3) Analyze code with Wiz AI SAST, CodeMender or your preferred coding agent 4) Detect threats with Wiz Defend and investigate faster with the Blue Agent We are also in the Google ecosystem: We're teaming up with the Google Cloud Security team to add AI and Mandiant (part of Google Cloud) expertise to help you accelerate operationalization. Read more 👇 https://lnkd.in/eG4DSqq7

🚨 Our State of SDLC Security 26' report is here ↓ Wiz Research analyzed real-world development environments, public repos, and production telemetry to understand how risk is evolving upstream of runtime. ⚙️ A few things stood out: - Nearly half of orgs rely on #GitHub Actions - Risk concentrates around heavily reused packages and workflows - ~86% of observed developer environments run on macOS - AI-assisted development is amplifying insecure patterns at scale The big takeaway? Modern application risk isn't isolated anymore. It spreads through code reuse, developer tooling, identities, and automation pipelines. The #SDLC is becoming one giant trust graph. Get the full report: https://lnkd.in/ejYnBFRJ

BREAKING: Wiz now integrates with Anthropic's Claude Compliance API 🎉 Anthropic's Claude is becoming part of how every team works. So we built an integration with the Claude Compliance API to bring that activity directly into the Wiz platform. We map Claude Enterprise activity straight onto the Security Graph → users, roles, permissions, projects, and the AI datasets connected to them. Same visibility you already have for the rest of your cloud, now extended to Claude. In Private Preview for teams running Wiz + Claude Enterprise. Full details on the blog 👇 https://lnkd.in/etyv-3we

🎙️ NEW PODCAST EPISODE: AI just found a Linux bug hiding since 2017! Eden Naftali & Amitai Cohen sit down with Tim Becker and Jacob Newman from Xint to break down CopyFail, a privilege escalation bug their autonomous AI agents uncovered that affects almost every Linux machine. What they get into: 🤖 How Xint's custom LLM harness actually found it ⏳ Why 90-day disclosure feels broken when models can weaponize a patch diff instantly 🧠 The road from the DARPA AI Cyber Challenge to Claude 3.5 Sonnet to Mythos 📊 Why benchmarking is everything in agentic workflows Stream the episode ↓  YouTube: https://lnkd.in/exVbsXuB Spotify: https://lnkd.in/eByej2_3 Apple: https://lnkd.in/ekaCREy9

🚨 TeamPCP supply chain attack continues: durabletask v1.4.1, 1.4.2, and 1.4.3 were compromised on PyPi. durabletask is Microsoft's official Python client for the Durable Task framework. The malicious versions have been quarantined. Same playbook as the @antv wave: compromised GitHub account → dumped repo secrets → stolen PyPi token. Payload steals creds across AWS, Azure, GCP, K8s, Vault, and password managers. Full breakdown from Rami McCarthy: https://lnkd.in/eGyx8fKF

Runtime threat detection for Google Cloud Run is now GA in Wiz 🥳 Cloud Run made serverless containers easy to scale. Security teams still had one big blind spot: what actually happens inside running containers. Now you can detect malicious processes, reverse shells, suspicious behavior, and more [YES, in real time]. 🔍 Plus: → Correlated detections instead of alert chaos → AI-powered investigations with Wiz Blue Agent → Automated response for fast-moving ephemeral workloads This completes Wiz runtime coverage across Google Cloud Security, Amazon Web Services (AWS), and Microsoft Azure serverless containers ☁️ Read the full announcement: https://lnkd.in/eQVAptrr

🔮 Quantum computing is getting closer. Your cryptographic blind spots shouldn't be. Today we're introducing Wiz for PQC Readiness: new capabilities that help organizations discover cryptographic risks across code, cloud, and runtime, and actually prioritize what matters first. Wiz connects cryptographic findings to the Security Graph, so teams can focus on risks tied to attack paths and sensitive data instead of chasing noise. From #OpenSSL libraries to certificates to legacy algorithms, Wiz helps security teams build a practical roadmap for post-quantum readiness!

We *manually* reviewed cloud data in our longest livestream yet 🎥 (It was as exhausting as it sounds 😅) BIG THANKS to Alma Raziel, Shahar Yakir & everyone who joined our KEEP or TOSS livestream - you helped save storage costs, grabbed swag, and confirmed one thing: manual data review shouldn't be a job. Here's a quick recap of our attempt to tame the chaos live ⇣