Featured
NIST NVD Update: What it Means For Vulnerability Management
The shift from static CVE scoring to risk-based prioritization signals a new era for Vulnerability Managers
Blog
Wiz at Google Next: Machine-Speed Defense for Any Cloud, Any Platform, Any AI
Announcing new capabilities at Google Cloud Next that extend and deepen Wiz AI-APP coverage: From the first line of AI-generated code, across AI and agent studios, to the edge of the cloud
Closing the Security Gap in the Age of Agentic Coding
AI agents are writing more and more code. Ensure it's secure. Learn how Wiz Code plugins and the Green Agent bring machine-speed remediation to your AI-IDE.
Mapping Your API Ecosystem: Wiz Expands API Discovery with Apigee
See your full Apigee architecture on the Wiz Security Graph, from API gateways and environments to every endpoint and its authorization scheme.
Context.ai OAuth Token Compromise
Compromised Context.ai OAuth tokens enabled attackers to perform a supply chain attack via trusted SaaS integrations. Learn how to assess the risk in your environment and how to prevent the next attack.
Wiz and Databricks: Adding Databricks to the Wiz Security Graph
Extending Wiz Visibility with the Databricks Data & AI Platform
From Code to Pipeline: Wiz Code Now Secures Your Build Environment
Threat actors have moved upstream, and while security teams have focused on the code developers write, the systems that build and deliver that code have remained a blind spot.
IaC Inventory: A Unified View Across Code, Deployments, and Cloud
As AI applications introduce a new class of infrastructure resources, visibility into what your IaC creates, where it runs, and whether it has drifted has never been more critical.
Securing AI Applications From Inception to Deployment
Extending the Wiz AI APP into the code layer to detect AI-specific risks at inception, validate exploitability at runtime, and orchestrate remediation with agents that understand your codebase
How to Harden GitHub Actions: An Updated Guide
Build resilient GitHub Actions workflows with lessons from recent attacks like TeamPCP and Axios.
Securing the AI Edge: Wiz and Cloudflare Integrate for End-to-End AI Protection
Gain a unified view of AI application endpoints and DNS exposure across your environment, including which are protected by Cloudflare and which need to be secured
Introducing Shadow Data Detection: Reduce Cost and Risk Across Your Cloud
Identify stale, duplicated, and inefficient data — and take action to shrink both your storage spend and exposure surface.
Primer on GitHub Actions Security - Threat Model, Attacks and Defenses (Part 1/2)
Understanding and defending your GitHub Actions - from threat model to security controls.
Claude Mythos: Preparing for a World Where AI Finds and Exploits Vulnerabilities Faster Than Ever
Anthropic's new model can autonomously discover zero-days and develop working exploits. While access is currently limited to responsible actors, now is the time to strengthen response playbooks, reduce exposure, and incorporate AI into security programs.
Cloud Threats Retrospective 2026: What AI Changed (and What It Didn’t)
Insights from public incidents, cloud telemetry, and investigations into how cloud risk evolved in 2025
Bringing Security Visibility to Vercel with Wiz
Giving developers and security teams a shared view of application risk as it evolves.
Six Accounts, One Actor: Inside the prt-scan Supply Chain Campaign
After hackerbot-claw, another AI-powered campaign exploiting pull_request_target confirms the threat is here to stay. We trace the attacker back to three weeks before anyone noticed.
Axios NPM Distribution Compromised in Supply Chain Attack
A compromised axios maintainer account led to malicious npm releases that propagated across environments. Learn how to assess impact, detect compromise, and secure your development workflows.
Tracking TeamPCP: Investigating Post-Compromise Attacks Seen in the Wild
How TeamPCP are leveraging stolen secrets from the recent supply chain attacks to compromise cloud environments
The Wiz Blue Agent, now Generally Available
Accelerate your SecOps team with the Blue Agent for threat investigation, now Generally Available
Beyond the Badge: What Achieving Microsoft’s Certified Software Designation Means for Your Cloud Security
Verified by Microsoft. Built for Azure. Secured by Wiz.
Introducing the Green Agent: AI-Powered Remediation for the Cloud
Accelerate your path to Zero Criticals with AI that investigates, assigns, and guides cloud remediation for you
Introducing Wiz Workflows: Your path to building a self healing cloud
Orchestrate customizable workflows with agents, enabling end-to-end discovery and response in Wiz
Three’s a Crowd: TeamPCP trojanizes LiteLLM in Continuation of Campaign
LiteLLM is the latest victim of TeamPCP’s open-source attack spree. Malicious versions 1.82.7 and 1.82.8 abuse Python’s .pth mechanism for stealthy persistence. The malware exfiltrates cloud credentials, CI/CD secrets, and keys to attacker-controlled domains.
KICS GitHub Action Compromised: TeamPCP Strikes Again in Supply Chain Attack
Checkmarx KICS scanner is the latest victim of a credential-stealing supply chain attack by TeamPCP. Between 12:58–16:50 UTC on March 23, 35 tags were hijacked. Learn how to audit your workflows, identify malicious activity, and secure your GitHub Actions.