AI SecurityBlogWizCloud SecurityCloudSecurity
Blog6 minute read

We Gained More Wizdom in 2025

Wiz's inaugural user conference in NYC unveiled new expansions in AI and SaaS security, introducing agentic AI and Attack Surface Management. These innovations aim to enhance context-driven security, addressing emerging threats and prioritizing vulnerabilities. As AI and SaaS platforms evolve, Wiz's proactive approach ensures robust protection against increasingly sophisticated adversaries.

This month, Wiz hosted their first ever user conference in New York City. Wizdom showcased customer success stories, integration partners and more, all brought together in the amazing Wiz fashion we are used to experiencing at conferences. The event was not just a good time, there was plenty of substance, including when Raaz Herzberg, CMO & VP of Product Strategy at Wiz, announced several new product releases on the main stage.

Herzberg 's announcements highlight Wiz's continued effort to expand their platform beyond traditional cloud security, moving with the needs of the overall market and into new and existing threat vectors that are increasingly attractive to adversaries. Announced at the conference, Wiz is expanding capabilities in AI security and SaaS security and introducing Attack Surface Management.

So, let's get into what all of this means.

Did someone say AI?

When it comes to AI security, we like to think of it in three different categories: securing AI systems, securing the usage of AI and using AI for security. Wiz has announced expansions in two of these categories: Using AI for Security and securing AI systems.

Wiz's announcements around using AI for Security centers on agentic AI. Wiz is releasing two new AI agents, the Issues Agent and the SecOps Agent. The Wiz platform is already proficient at bringing detailed context into everything you do, whether that is within the platform itself, the AI chat box, the browser extension, IDE extensions, or their MCP server. But with these new agents, context such as findings, ownership and impact is tied together efficiently, accelerating the path to remediation. Wiz's mission is still the same – gather as much context as possible. The addition of these agents allows you to dig even deeper into the data Wiz provides, then quickly and confidently take the next steps towards remediation, saving your team time and effort to put towards more arduous tasks.

Agentic AI continues to become more widely adopted day by day, which is really no surprise. AI agents are being used across industries to increase productivity and strengthen data analytics. They are so effective because they can be trained in the right way for whatever scenario or circumstances the creator has in mind. 

However, the big question we need to be asking is how do we secure them? 

Like any new technology, agentic AI is moving at a pace faster than the security controls used to protect it can be properly implemented. In some architectures, AI agents communicate with an MCP server which will pull data from appropriate data stores. In other architectures, the agent communicates directly with the data stores through API calls. No matter what, that agent is accessing large amounts of data, which is very likely to contain sensitive information. Because the agents have access to so much, we need to secure these backend systems and monitor for network traffic, sensitive data, and user access.

Which brings us to the other area of AI that Wiz is expanding into: securing AI systems. Wiz's existing AI-SPM focuses on securing cloud-hosted AI services such as AWS Bedrock and GCP's Vertex AI. Now, they are expanding these capabilities to gain visibility into what your AI services are talking to, including AI agents and MCP servers by identifying network connections to these technologies as well as misconfigurations and data access paths. The monitoring of AI agents and MCP servers is a vital component to securing AI usage and data access.

Wiz is getting more SaaSy 

SaaS platforms are used by every organization; some even use 100s in their everyday business. While these platforms are easily accessible and extremely useful to business operations, most typically consider the security of them to be handled by the provider. Which is true to an extent; SaaS providers have control over the entire infrastructure, which means they are also responsible for the security of it, but companies are still responsible for a big piece of it under a shared responsibility model – the security of data, user access and overall platform administration. 

SaaS platforms are now a major attack vector because organizations tend to take the security of them for granted. This is evident by several high-profile attacks that have occurred recently; the Snowflake data breach in 2024, and the Salesforce supply chain attack earlier this year.  

Wiz has several existing SaaS connectors, such as Okta and Snowflake, to scan for misconfigurations and identity risks, but just announced the release of a Microsoft 365 (M365) connector. Now, Wiz can detect misconfigurations, compliance gaps, exposed files and more across M365's suite of applications, with more detections being released every week. 

M365 is used by a majority of Fortune 500 organizations, not just for email and collaboration tools, but also for Authentication and Authorization of non-Microsoft SaaS applications. Integrating Wiz with M365 will provide a more complete picture of token usage, including abuse, as well as unknown data flows and other avenues of exfiltration. Even more, the connectivity with M365 populates within Wiz's Security Graph, allowing you to visualize connections between data, identities, and configurations across your broader cloud attack surface, revealing previously hidden attack paths spanning SaaS and IaaS services. This adds more context to Wiz's powerful analysis of the risks that exist across a customer's cloud estate.

Attack Surface Management

One thing that Wiz constantly talks about within their solutions is context; specifically in providing a bigger story than many disparate alerts all pertaining to the same root issue. Context allows us to see the alerts that are connected, and which may make a certain vulnerability more risky or possibly allow it to be moved to the bottom of the to-do list because it is mitigated by compensating controls. In the end, context provides better prioritization because teams can focus on the most severe issues, reduce alert fatigue and save time for security teams.

Attack surface management is another area Wiz is expanding to make the lives of their customers easier. This allows Wiz to lightly probe externally exposed resources to validate their exploitability. This builds on the Dynamic Scanner that Wiz has had available for a while, which would validate whether ports were actually open. The Attack Surface Scanner will analyze network configurations, actual network traffic, and asset data across your environments to truly validate the exposure of a resource. So not only does Wiz provide loads of context, they are now able to verify the real risk of a vulnerability and provide high-caliber prioritization. 

Conclusion

As mentioned, Wiz is expanding new capabilities into categories that truly matter in cloud security. New and expanding attack vectors continue to open in AI and SaaS applications, and alert fatigue and lack of prioritization in security platforms are one of the biggest issues we hear from customers. We are always continuing to look at new trends or areas of pain and better understand where cloud security is going to go next.

As always, feel free to reach out if you have any questions.

Bye!

 

Technologies