How Wiz Became a US$32bn Cloud Security Powerhouse

With cloud infrastructure now underpinning the operations of nearly every large enterprise, the challenge of securing these distributed environments has become paramount. 

Enter Wiz, a cloud security specialist that has achieved remarkable success since it was founded in 2020. The company’s agentless, graph-based cloud-native application protection platform has proven so valuable that Google’s parent company, Alphabet, agreed to acquire Wiz for US$32bn in March 2025. 

The deal highlighted the importance of comprehensive cloud security solutions in a digital landscape.

A platform built for complexity

Wiz’s approach centres on the Wiz Security Graph, providing organisations with complete visibility into every cloud resource and the relationships between them.

The capability allows security teams to identify what Oron Noah, Director of Product Management at Wiz, describes as “toxic combinations of risk that create attack paths in your cloud”. 

Rather than forcing organisations to deploy resource-intensive agents, Wiz connects to customers' cloud environments through API-only architecture, enabling seamless infrastructure scanning with zero friction and no management overhead.

The platform’s multi-cloud capabilities were built into its DNA from the outset. When one of Wiz’s largest customers required support across multiple cloud platforms, the company partnered with Google Cloud to establish the foundation for a security solution capable of serving diverse cloud environments. Leveraging Kubernetes and Google Cloud’s infrastructure-as-code principles, Wiz achieved operational status within a month. 

“We support our customers wherever they are,” explains Yinon Costica, Co-Founder and VP of Product at Wiz. 

Today, the business serves a who’s who of Fortune 500 companies across industries including finance and healthcare, where regulatory compliance and operational agility must coexist.

Securing the AI revolution

As AI adoption accelerates across enterprises, Wiz has expanded its offering to address AI-specific security challenges through AI Security Posture Management (AI-SPM). 

The solution provides security teams with full-stack visibility into AI pipelines and resources, detecting AI services, technologies and SDKs without requiring agents. The platform can identify managed services such as AWS SageMaker and OpenAI, as well as known AI technologies like TensorFlow Hub.

Wiz’s AI-SPM functionality extends beyond simple discovery. The platform enforces AI security best practices by detecting misconfigurations in AI services such as OpenAI and Amazon Bedrock with built-in configuration rules. 

For organisations concerned about data security, Wiz’s Data Security Posture Management (DSPM) for AI automatically detects sensitive training data and proactively removes attack paths to it. The system identifies risks of data leakage with out-of-the-box DSPM AI controls and provides guidance for rapid remediation.

Perhaps most significantly, Wiz has extended its attack path analysis capabilities to AI resources. The platform detects attack paths to AI models by incorporating deep cloud and workload context around vulnerabilities, identities, network exposures, malware, data and exposed secrets. This allows organisations to proactively eliminate AI attack paths before they materialise into genuine threats. 

What’s more, an AI Security Dashboard provides developers and data scientists with an AI security posture overview and a prioritised queue of risks, ensuring teams can focus on the most critical issues. Project-based workflows and role-based access control ensure alerts reach the appropriate teams, empowering AI developers to secure pipelines proactively.

Speed as a competitive advantage

Wiz’s ability to respond rapidly to emerging threats has proven essential to its success. 

When the severe Apache Log4j vulnerability emerged in December 2021, Wiz immediately integrated detection into its platform, helping both existing customers and new prospects triage their risks. 

Scott Sumner, Cloud Services Provider Alliance Manager at Wiz, notes that the company “was able to identify and visualise the Log4j vulnerability very quickly for new customers”.

This responsiveness extends to everyday operations. When a customer acquires a new company and expands their Google Cloud environment, Wiz automatically scans the cloud and uncovers risks within minutes rather than days or weeks. The automation capabilities provided by Google Kubernetes Engine and related managed services enable Wiz’s relatively small team to deliver enterprise-scale solutions while dedicating energy to developing new tools that respond to specific customer needs.

The partnership with Google Cloud has proven mutually beneficial, with Oron noting that collaboration with Google Cloud product teams allows Wiz to onboard new tools into its platform while sharing insights about tool usage.

Wiz’s meteoric rise from startup to US$32bn acquisition in just five years demonstrates the urgent demand for effective cloud security solutions. 

By combining comprehensive visibility, rapid threat response and emerging AI security capabilities, Wiz finds itself at the forefront of cloud protection for the modern enterprise.