AI Threat Readiness Pillar 1: Reduce Critical Exposures & Scan with AI

Diving into the first pillar of the AI Threat Readiness Framework and how Wiz helps...

Eliminate Critical API Attack Paths with Wiz API SPM

Wiz API SPM is now GA, enabling customers to discover APIs, assess APIs for exploitability, and prioritize remediation to mitigate the risk of an API-related breach...

Miasma: Supply Chain Attack Targeting RedHat npm Packages

Detect and mitigate malicious npm packages linked to the latest npm supply chain attack, based on the open sourced Mini Shai-Hulud malware...

State of Post Quantum Cryptography

Discussion of PQC relevant statistics that we see across our customers and other data sources...

Evidence at the Moment of Attack. Answers at AI Speed.

Wiz Sensor Forensics is now generally available - automatically capturing forensic artifacts at the moment of detection and using AI to accelerate investigation for SOC and IR teams...

Commit to Compromise: A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure

Wiz CIRT and Wiz Research detail JINX-0164, a threat actor using LinkedIn social engineering, custom macOS malware, and CI/CD hijacking to target cryptocurrency organizations...

Defending at Machine-Speed: Building AI Threat Readiness with Wiz

How Wiz helps organizations adopt an AI Operating Model for AI Threat Readiness...

State of SDLC Security 2026: How Risk Scales in Modern Development

Insights from real-world environments into how code, developer tooling, automation, and AI are reshaping application security...

Claude Enterprise Meets the Security Graph: Wiz Integrates with Anthropic's Compliance API

Security and compliance teams can now monitor Claude activity directly in Wiz, extending the workflows they already rely on to AI...

durabletask: TeamPCP's Latest PyPi Compromise

Discover the latest on malicious versions of the pypi package durabletask, matching TeamPCP tactics...

Introducing Runtime Threat Detection for Google Cloud Run

Wiz Runtime Sensor support for Google Cloud Run Containers is now generally available, giving teams real-time threat detection and response for their serverless container workloads...

The Worm That Keeps on Digging: TeamPCP Hits @antv in Latest Wave

Multi-ecosystem supply chain compromise by TeamPCP targets GitHub, NPM, and VSCode to steal credentials and establish persistence...

From Cryptographic Blind Spots to Post-Quantum Agility: Introducing Wiz for PQC Readiness

Eliminate cryptographic blind spots and neutralize legacy debt with an integrated cryptographic asset inventory. Identify risks across code, cloud, and runtime, using the Wiz Security Graph to prioritize migration and protect against "Harvest Now, Decrypt Later" attacks...

Beyond Findings: Connecting Exploitable Risk to Cloud Context with Wiz and HackerOne

See proven, exploitable risk in the context of your full cloud environment...

Fragnesia: Linux Kernel Local Privilege Escalation via ESP-in-TCP

A new page-cache corruption vulnerability in the Dirty Frag family enables unprivileged local attackers to achieve root...

Introducing Wiz Audit History: Track Every Change Across your Environment

Wiz Audit History is now GA, providing a continuous, cross-cloud timeline of changes to resource configurations and findings to accelerate incident response and simplify compliance...

Mini Shai-Hulud Strikes Again: TanStack + more npm Packages Compromised

Detect and mitigate malicious npm packages linked to the latest Mini Shai-Hulud supply chain campaign targeting high-value developer tooling...

Wiz at Wiz: Reducing Risk through Service Ownership

How Wiz security uses Service Catalog to turn cloud risk into service ownership...

A Framework for AI Threat Readiness

AI models now find and exploit zero-days autonomously. This 4-pillar framework accelerates patching, analysis, and threat response...

See and Secure Everything at the Edge with Wiz and Akamai

Akamai edge configurations are now visible on the Wiz Security Graph, giving teams a single understanding of risk from edge to runtime...

Dirty Frag: Linux Kernel Local Privilege Escalation via ESP and RxRPC

Unpatched kernel flaw chain CVE-2026-43284, CVE-2026-43500 enables root escalation on major Linux distributions...

Build Fast, Build Secure: Wiz findings are now in Lovable

With Wiz in Lovable, every builder can catch and fix risks in real time, keeping apps secure as they’re created...

It's Time to Go After Achieving Zero Code Criticals

Ready to hit Zero Code Criticals? Here's how Wiz helps you get there and stay there, with the badge to prove you did...

The Jenkins Threat Landscape

What usage patterns, plugin adoption, and configuration choices reveal about the Jenkins attack surface...

Critical Buffer Overflow Vulnerability in PAN-OS Exploited in-the-Wild

Detect and mitigate CVE-2026-0300, a critical vulnerability in Palo Alto Networks PAN-OS User-ID Authentication Portal that allows unauthenticated attackers to achieve remote code execution RCE with root privileges...

Introducing Penetration Test Findings: Unified Offensive Security in Wiz

Streamline pen-testing by unifying findings from bug bounties, manual audits, and Wiz Red Agent into a single, context-rich view...

Practical Package Security: The Unofficial Guide

Get actionable best practices to shrink your attack surface, protect execution environments, control package ingestion, and catch compromises early...

From Foundation to Force: Your Guide to Operationalizing Wiz at Scale

Following your foundation, operationalize Wiz across development, detection and response, and program maturity so your security program never stops getting stronger...

Meet Wiz for M365: Bringing SaaS into the Security Graph

Secure Microsoft 365 and the cloud it powers — one platform, one graph, complete context...

Copy Fail: Universal Linux Local Privilege Escalation Vulnerability

Detect and mitigate Copy Fail CVE-2026-31431, an easily exploitable vulnerability in the Linux kernel that allows escalation from an unprivileged local user account to root access...

Red Agent and Claude Opus: Securing Production Targets at Scale

Delivering enterprise-grade continuous AI-powered risk assessment to hundreds of customers through the combined power of Wiz and Anthropic...

The (In)security Landscape of AI-Powered GitHub Actions (Part 2/2)

When AI meets CI/CD: permission bypasses, prompt injection, and what to do about it...

Key Takeaways from the 2026 State of AI in the Cloud Report

How AI Adoption, Autonomy, and Attacker Innovation Are Reshaping Cloud Security...

Supply Chain Campaign Targets SAP npm Packages with Credential-Stealing Malware

Detect and mitigate malicious npm packages linked to the recent Shai-Hulud-style campaign - Mini Shai Hulud...

Wiz Code Week Recap: Securing AI Native Development

Providing Application Security teams with visibility and guardrails to secure agentic software development and the modern software supply chain...

Modern Defensible Architecture: Resilience for the Australian Federal Government

How Wiz enables Australian government agencies to operationalise MDA with real-time context, zero trust enforcement, and end-to-end cloud visibility...

Securing GitHub: Wiz Research uncovers Remote Code Execution in GitHub.com and GitHub Enterprise Server (CVE-2026-3854)

Details on CVE-2026-3854: A critical flaw in GitHub’s internal git infrastructure enabling RCE on GitHub.com and GitHub Enterprise Server...

NIST NVD Update: What it Means For Vulnerability Management

The shift from static CVE scoring to risk-based prioritization signals a new era for Vulnerability Managers...

Wiz at Google Next: Machine-Speed Defense for Any Cloud, Any Platform, Any AI

Announcing new capabilities at Google Cloud Next that extend and deepen Wiz AI-APP coverage: From the first line of AI-generated code, across AI and agent studios, to the edge of the cloud...

Closing the Security Gap in the Age of Agentic Coding

AI agents are writing more and more code. Ensure it's secure. Learn how Wiz Code plugins and the Green Agent bring machine-speed remediation to your AI-IDE...

Mapping Your API Ecosystem: Wiz Expands API Discovery with Apigee

See your full Apigee architecture on the Wiz Security Graph, from API gateways and environments to every endpoint and its authorization scheme...

Context.ai OAuth Token Compromise

Compromised Context.ai OAuth tokens enabled attackers to perform a supply chain attack via trusted SaaS integrations. Learn how to assess the risk in your environment and how to prevent the next attack...

Wiz and Databricks: Adding Databricks to the Wiz Security Graph

Extending Wiz Visibility with the Databricks Data & AI Platform...

From Code to Pipeline: Wiz Code Now Secures Your Build Environment

Threat actors have moved upstream, and while security teams have focused on the code developers write, the systems that build and deliver that code have remained a blind spot...

IaC Inventory: A Unified View Across Code, Deployments, and Cloud

As AI applications introduce a new class of infrastructure resources, visibility into what your IaC creates, where it runs, and whether it has drifted has never been more critical...

Securing AI Applications From Inception to Deployment

Extending the Wiz AI APP into the code layer to detect AI-specific risks at inception, validate exploitability at runtime, and orchestrate remediation with agents that understand your codebase...

How to Harden GitHub Actions: An Updated Guide

Build resilient GitHub Actions workflows with lessons from recent attacks like TeamPCP and Axios...

Securing the AI Edge: Wiz and Cloudflare Integrate for End-to-End AI Protection

Gain a unified view of AI application endpoints and DNS exposure across your environment, including which are protected by Cloudflare and which need to be secured...

Introducing Shadow Data Detection: Reduce Cost and Risk Across Your Cloud

Identify stale, duplicated, and inefficient data — and take action to shrink both your storage spend and exposure surface...

Primer on GitHub Actions Security - Threat Model, Attacks and Defenses (Part 1/2)

Understanding and defending your GitHub Actions - from threat model to security controls...