Would You Click ‘Accept’? Automatically detecting malicious Azure OAuth applications using LLMs

How Wiz Research automates detection of emerging malicious Azure app and consent phishing campaigns...

AI Agents vs Humans: Who Wins at Web Hacking in 2026?

Wiz Research teamed up with Irregular, a frontier AI security lab, to settle this once and for all...

How 2 Missing Characters Nearly Compromised AWS

A supply chain vulnerability in AWS CodeBuild recently put the entire AWS Console at risk. Learn how Wiz Research found the flaw and how Amazon responded to prevent a global security crisis...

Dismantling a Critical Supply Chain Risk in VSCode Extension Marketplaces

Wiz Research has uncovered 550+ secrets hiding in plain sight. We worked with Microsoft to shut the door...

Detecting Data Leaks Before Disaster

In January 2025, cybersecurity experts at Wiz Research found that Chinese AI specialist DeepSeek had suffered a data leak, putting more than 1 million sensitive log streams at risk. According to the Wiz Research team, they identified a publicly accessible ClickHouse database belonging to DeepSeek...

Soco404: Multiplatform Cryptomining Campaign Uses Fake Error Pages to Hide Payload

Wiz Research has identified a new iteration of a broader malicious cryptomining campaign, which we’ve dubbed Soco404...

New GitHub Action supply chain attack: reviewdog/action-setup

A supply chain attack on tj-actions/changed-files caused many repositories to leak their secrets over the weekend. Wiz Research has discovered an additional supply chain attack on reviewdog/actions-setup@v1, that may have contributed to the compromise of tj-actions/changed-files...

DeepSeek AI Leaks Over a Million Chat Logs and Sensitive Data Online

DeepSeek, a Chinese AI startup, exposed sensitive data by leaving a database open. Wiz Research found chat logs, keys, and backend details accessible...

Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History

A publicly accessible database belonging to DeepSeek allowed full control over database operations, including the ability to access internal data. The exposure includes over a million lines of log streams with highly sensitive information...

Hackers Use CVE-2024-50603 to Deploy Backdoor on Aviatrix Controllers

A critical vulnerability CVE-2024-50603 in the Aviatrix Controller allows unauthenticated RCE. Active exploitation observed by Wiz Research in…...

Wiz collaborates with NVIDIA to advance ML research for data classification

Wiz Research taps Llama 3 model NVIDIA NIM microservices for sensitive data classification...

Introducing the next generation of AI-powered remediation: Choose your own remediation strategy

The new AI-powered remediation 2.0 combines the power of GenAI with the Wiz Research Team’s expertise in identifying cloud-native attack paths...

Introducing pattern-based agentless malware detection using YARA rules

Wiz is expanding our existing detection capabilities to include pattern-based malware detection using YARA rules written by the Wiz Research team...

SAPwned: SAP AI vulnerabilities expose customers’ cloud environments and private AI artifacts

Wiz Research uncovers vulnerabilities in SAP AI Core, allowing malicious actors to take over the service and access customer data...

Probllama: Ollama Remote Code Execution Vulnerability (CVE-2024-37032) – Overview and Mitigations

Wiz Research discovered CVE-2024-37032, an easy-to-exploit Remote Code Execution vulnerability in the open-source AI Infrastructure project Ollama...

The risk in malicious AI models: Wiz Research discovers critical vulnerability in AI-as-a-Service provider, Replicate

The Wiz Research team's investigations into AI-as-a-service providers reveals a major risk to AI systems...

Wiz Research finds architecture risks that may compromise AI-as-a-Service providers and consequently risk customer data; works with Hugging Face on mitigations

Wiz researchers discovered architecture risks that may compromise AI-as-a-Service providers and put customer data at risk. Wiz and Hugging Face worked together to mitigate the issue...

Wiz Research presents its latest report: “State of AI in the Cloud 2024”

Get a sneak peek at the Wiz research team’s new report examining key observations about AI use in the cloud...

Storm-0558 Update: Takeaways from Microsoft's recent report

The Wiz research team examines Microsoft's latest Storm-0558 findings and summarizes the key learnings cloud customers should take away from the incident...

CVE-2023-32629

Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovlcopyupmetainodedata skip permission checks when calling ovldosetxattr on Ubuntu kernels...