645 matches found
The (In)security Landscape of AI-Powered GitHub Actions (Part 2/2)
When AI meets CI/CD: permission bypasses, prompt injection, and what to do about it...
Key Takeaways from the 2026 State of AI in the Cloud Report
How AI Adoption, Autonomy, and Attacker Innovation Are Reshaping Cloud Security...
Supply Chain Campaign Targets SAP npm Packages with Credential-Stealing Malware
Detect and mitigate malicious npm packages linked to the recent Shai-Hulud-style campaign - Mini Shai Hulud...
Wiz Code Week Recap: Securing AI Native Development
Providing Application Security teams with visibility and guardrails to secure agentic software development and the modern software supply chain...
Modern Defensible Architecture: Resilience for the Australian Federal Government
How Wiz enables Australian government agencies to operationalise MDA with real-time context, zero trust enforcement, and end-to-end cloud visibility...
Securing GitHub: Wiz Research uncovers Remote Code Execution in GitHub.com and GitHub Enterprise Server (CVE-2026-3854)
Details on CVE-2026-3854: A critical flaw in GitHub’s internal git infrastructure enabling RCE on GitHub.com and GitHub Enterprise Server...
NIST NVD Update: What it Means For Vulnerability Management
The shift from static CVE scoring to risk-based prioritization signals a new era for Vulnerability Managers...
Wiz at Google Next: Machine-Speed Defense for Any Cloud, Any Platform, Any AI
Announcing new capabilities at Google Cloud Next that extend and deepen Wiz AI-APP coverage: From the first line of AI-generated code, across AI and agent studios, to the edge of the cloud...
Closing the Security Gap in the Age of Agentic Coding
AI agents are writing more and more code. Ensure it's secure. Learn how Wiz Code plugins and the Green Agent bring machine-speed remediation to your AI-IDE...
Mapping Your API Ecosystem: Wiz Expands API Discovery with Apigee
See your full Apigee architecture on the Wiz Security Graph, from API gateways and environments to every endpoint and its authorization scheme...
Context.ai OAuth Token Compromise
Compromised Context.ai OAuth tokens enabled attackers to perform a supply chain attack via trusted SaaS integrations. Learn how to assess the risk in your environment and how to prevent the next attack...
Wiz and Databricks: Adding Databricks to the Wiz Security Graph
Extending Wiz Visibility with the Databricks Data & AI Platform...
From Code to Pipeline: Wiz Code Now Secures Your Build Environment
Threat actors have moved upstream, and while security teams have focused on the code developers write, the systems that build and deliver that code have remained a blind spot...
IaC Inventory: A Unified View Across Code, Deployments, and Cloud
As AI applications introduce a new class of infrastructure resources, visibility into what your IaC creates, where it runs, and whether it has drifted has never been more critical...
Securing AI Applications From Inception to Deployment
Extending the Wiz AI APP into the code layer to detect AI-specific risks at inception, validate exploitability at runtime, and orchestrate remediation with agents that understand your codebase...
How to Harden GitHub Actions: An Updated Guide
Build resilient GitHub Actions workflows with lessons from recent attacks like TeamPCP and Axios...
Securing the AI Edge: Wiz and Cloudflare Integrate for End-to-End AI Protection
Gain a unified view of AI application endpoints and DNS exposure across your environment, including which are protected by Cloudflare and which need to be secured...
Introducing Shadow Data Detection: Reduce Cost and Risk Across Your Cloud
Identify stale, duplicated, and inefficient data — and take action to shrink both your storage spend and exposure surface...
Primer on GitHub Actions Security - Threat Model, Attacks and Defenses (Part 1/2)
Understanding and defending your GitHub Actions - from threat model to security controls...
Claude Mythos: Preparing for a World Where AI Finds and Exploits Vulnerabilities Faster Than Ever
Anthropic's new model can autonomously discover zero-days and develop working exploits. While access is currently limited to responsible actors, now is the time to strengthen response playbooks, reduce exposure, and incorporate AI into security programs...
Cloud Threats Retrospective 2026: What AI Changed (and What It Didn’t)
Insights from public incidents, cloud telemetry, and investigations into how cloud risk evolved in 2025...
Bringing Security Visibility to Vercel with Wiz
Giving developers and security teams a shared view of application risk as it evolves...
Six Accounts, One Actor: Inside the prt-scan Supply Chain Campaign
After hackerbot-claw, another AI-powered campaign exploiting pullrequesttarget confirms the threat is here to stay. We trace the attacker back to three weeks before anyone noticed...
Axios NPM Distribution Compromised in Supply Chain Attack
A compromised axios maintainer account led to malicious npm releases that propagated across environments. Learn how to assess impact, detect compromise, and secure your development workflows...
Tracking TeamPCP: Investigating Post-Compromise Attacks Seen in the Wild
How TeamPCP are leveraging stolen secrets from the recent supply chain attacks to compromise cloud environments...
The Wiz Blue Agent, now Generally Available
Accelerate your SecOps team with the Blue Agent for threat investigation, now Generally Available...
Beyond the Badge: What Achieving Microsoft’s Certified Software Designation Means for Your Cloud Security
Verified by Microsoft. Built for Azure. Secured by Wiz...
Introducing the Green Agent: AI-Powered Remediation for the Cloud
Accelerate your path to Zero Criticals with AI that investigates, assigns, and guides cloud remediation for you...
Introducing Wiz Workflows: Your path to building a self healing cloud
Orchestrate customizable workflows with agents, enabling end-to-end discovery and response in Wiz...
Three’s a Crowd: TeamPCP trojanizes LiteLLM in Continuation of Campaign
LiteLLM is the latest victim of TeamPCP’s open-source attack spree. Malicious versions 1.82.7 and 1.82.8 abuse Python’s .pth mechanism for stealthy persistence. The malware exfiltrates cloud credentials, CI/CD secrets, and keys to attacker-controlled domains...
KICS GitHub Action Compromised: TeamPCP Strikes Again in Supply Chain Attack
Checkmarx KICS scanner is the latest victim of a credential-stealing supply chain attack by TeamPCP. Between 12:58–16:50 UTC on March 23, 35 tags were hijacked. Learn how to audit your workflows, identify malicious activity, and secure your GitHub Actions...
Introducing the Wiz Red Agent- AI-Powered Attacker
Red Agent is an AI-powered, context-aware attacker that uncovers complex exploitable risks across your entire attack surface, continuously and at scale...
Introducing Wiz Agents & Workflows: Security at the Speed of AI
A new security operating model powered by AI agents that removes bottlenecks and enables teams to act at the speed of AI...
Introducing Wiz AI Application Protection Platform (AI-APP)
Secure every layer of AI applications — infrastructure, data, access, models, agents, and applications — from code to runtime, across every environment you build in...
AI Runtime Threat Detection: From Input to Real-World Impact
Understanding and detecting AI-driven behavior across model, workload, and cloud...
Trivy Compromised: Everything You Need to Know about the Latest Supply Chain Attack
On March 19, 2026, threat actors injected credential-stealing malware into Aqua Security’s Trivy scanner and related GitHub Actions. Learn how "TeamPCP" executed this breach and how to audit your environment...
Twenty Years of Cloud Security Research
This post will look at the past 20 years of cloud security research, separating the two decades into eras with important milestones defined that resulted in the change of one era to the next...
C'est officiel : Wiz rejoint Google
Bienvenue dans une nouvelle ère de la sécurité du cloud et de l'IA...
Understanding and Reducing AI Risk in Modern Applications
Identify real AI risk by connecting signals in context across the layers of AI applications...
Introducing Wiz Tenant Manager: Multi-Tenant Management for Federated Organizations
Experience full Wiz security with zero friction, managing multiple tenants in a single console...
The Agile FedRAMP Playbook, Part 4: Reactive Risk Management through Enriched Incident Response
In the final part of our series, we explore Reactive Risk Management. Discover how Wiz for U.S. Government transforms cloud detection and response to help satisfy FedRAMP Rev 5 IR controls and FedRAMP 20x detection benchmarks...
Wiz Achieves CPSTIC Certification in Spain
Strengthening secure cloud modernization for Spain’s public sector through CPSTIC certification...
Seeing AI Clearly: Building Visibility Across Modern AI Applications
AI applications span models, agents, and cloud environments in ways traditional security tools weren’t designed to understand. Here’s why visibility breaks — and how a new, implementation-agnostic approach helps teams safely adopt AI...
The Agile FedRAMP Playbook, Part 3: Preventative Risk Management by building Secure by Design
In the third part of our series, we explore Preventative Risk Management. We discuss how shifting security into the development lifecycle helps organizations meet FedRAMP requirements...
Security Insights Where Work Happens: Notion Custom Agents + Wiz MCP
Bring Wiz cloud security insights into your Notion workspace with Custom Agents — enabling automated reporting, investigation, and security workflows where teams already work...
Wiz Leads the 2026 Latio Application Security Report with awards in 4 categories
Wiz has been recognized in the 2026 Latio Application Security Report. Wiz was spotlighted and awarded four distinct badges, reflecting our continuous commitment to protecting applications all the way from code to runtime...
Building an Agentic Cloud Security Ecosystem: A Reference Architecture with Wiz MCP and Infosys Cyber Next
Coordinated Multi-Agent Investigation and Remediation...
The Agile FedRAMP Playbook, Part 2: Proactive Risk Management with Continuous Monitoring
In the second part of our series, we dive into Proactive Risk Management. Discover how Wiz for U.S. Government automates visibility and prioritizes risk remediation to meet FedRAMP continuous monitoring requirements without slowing down innovation...
Would You Click ‘Accept’? Automatically detecting malicious Azure OAuth applications using LLMs
How Wiz Research automates detection of emerging malicious Azure app and consent phishing campaigns...
Wiz Named a Leader in The Forrester Wave™: Cloud Native Application Protection Solutions, Q1 2026
Forrester’s CNAPP evaluation rated Wiz with the highest Current Offering category score, which we believe reflects our commitment to protecting everything built and run in the cloud...