Wiz

Vibe coding with Lovable makes building apps fast and fun. And now, even more secure. 🔐 New research from Wiz finds that 1 in 5 organizations building with AI-powered platforms are exposed to systemic risks through common misconfigurations. We identified four common, preventable pitfalls 👇 1) Client-side authentication -Hardcoded Credentials visible in browser source code. 2) Exposed secrets - API keys hardcoded in JavaScript files. 3) Open databases - Misconfigured table access rules (RLS) are leaking sensitive data. 4) Publicly facing internal applications - Admin panels and chatbots deployed without authentication. We've collaborated with Lovable to share our findings and promote secure building practices, so teams could enjoy the creativity of vibe coding - without the hidden risks. Read more: https://lnkd.in/eTPWaeZH

When clouds get dark → light the signal 🦇 The Wiz IR team is on standby to engage. Cloud incident? We're already suiting up. Real-time response. Cloud-native expertise. Zero drama. Signal us → https://lnkd.in/eH5GPZR4

🚨Assess the risk of the Shai-Hulud attack in minutes with Wiz’s new AI Threat Intel Investigation tool To help security teams quickly remediate the new Shai-Hulud supply chain worm, we’ve added a powerful new capability to the Wiz MCP Server and Mika AI, Wiz’s security AI assistant. They can now: * Investigate emerging threats in real time * Impact Assessment – Map risks across your environment using Wiz SBOM scanning, vulnerability detection, and threat signals * Generate tailored remediation plans This turns what used to take hours of manual investigation into minutes of AI-driven insights. Why it matters? When new threats surface, security teams often scramble to assess exposure and impact. The new AI capability eliminates the guesswork by instantly connecting fresh threat intelligence to your infrastructure and Wiz’s scanners, detectors, and SBOM analysis: delivering ready-to-execute remediation steps. 👉 Just ask Mika More details in our latest blog post: https://lnkd.in/d7bNd3km

☎️ A new era of incident response starts today: Introducing Wiz IR! Wiz Incident Response is our newest service, built from the cloud, for the cloud. 🔎 Why it matters? Traditional IR isn't designed for the speed and scale of the cloud. Wiz IR changes that with: 1) Rapid scoping from the first suspicious signal 2) Cloud-to-runtime forensics (yes, even Kubernetes + AI-driven threats) 3) Containment + remediation guided by Wiz experts This is more than a service. It's how cloud incident response should be done. 👉 Learn more: https://lnkd.in/eDtNxVMH

🚨 The kernel-level security revolution you can't ignore, a must-listen with Liz Rice! Eden Naftali and Amitai Cohen sit down with Liz Rice, Chief Open Source Officer at Isovalent (Cisco), and a global expert in eBPF, containers, and Kubernetes security.  In this episode:  • How eBPF is reshaping cloud security from the ground up  • Practical strategies to tackle open source supply chain attacks (a hot topic given today’s events) A must-listen for anyone building or securing cloud infrastructure in an era of AI coding and supply chain attacks. 🎙️ Listen now to our NEW Crying Out Cloud episode: 🍏 https://lnkd.in/eBD8VChH 🎧 https://lnkd.in/eP2YsxwG 📺 https://lnkd.in/egKT2Eka

🚨 Shai-Hulud: One of the biggest supply chain attacks of the year is unfolding. On Sept 16, malicious versions of 100+ packages were published to npm, with scripts designed to steal secrets, hijack repos, and auto-propagate malware. All tied back to stolen GitHub tokens from the s1ngularity campaign. 🔍 What teams need to do >> 1. Remove malicious versions & upgrade clean 2. Audit GitHub logs + repos named "Shai-Hulud" 3. Rotate exposed tokens + keys immediately Wiz customers? We've dropped detections in the Threat Center + SBOM so you can instantly assess exposure. 👉 Full research + guidance here: https://lnkd.in/d7bNd3km

💡 How Wiz customers like Brex and FICO see AI changing security? We asked Brex and FICO how they're using AI to scale defenses, speed remediation, and embed security into daily workflows. Their advice? >> 1) Treat AI as both a risk and an opportunity 2) Build security into engineering from the start 3) Use AI to automate the repetitive, so people can focus on strategy 4) Make speed, visibility, and trust the foundation of defense AI isn't just changing how attackers operate, it's reshaping how defenders think about security. 👉 Read more from Brex and FICO here: https://lnkd.in/g9ZPhZeE

🎮 Happy International Video Game Day! Today, we're challenging you to take control of the cloud… literally. 🚀 wiz.io/asteroids >> Pilot the 𝗪𝗶𝘇 𝗗𝗲𝗳𝗲𝗻𝗱 spaceship through the cloud to spot and eliminate hidden threats. 🕹️ Mission briefing: 1️⃣ Hit 𝘀𝗽𝗮𝗰𝗲 to scan for threats lurking in your cloud. 2️⃣ Dodge attacks and keep your cloud secure. ▶️ Play now the video game made for CISOs: https://lnkd.in/eKyzsebY

RE-STOCK ALERT 👕 Our Cloud Acronym Collective tees are back on cisotopia.com/t-shirts — time to upgrade that security-conference hoodie collection. Here's how to get in on it ⤵ 1️⃣ Give us your funniest, wildest, or most absurd meaning for one of our acronyms. 2️⃣ Funniest takes WIN a tee, shipped straight to your door. 🎁

Wiz has been named a Leader in the IDC MarketScape for ASPM 2025 🙌 "Wiz is an ASPM Leader and has a clear point of view on the market's future, positioning it as a unified, cloud-aware, and remediation-driven platform that serves as the connective layer between security and engineering. Wiz has also made the developer experience a core design priority, embedding security into developer tools and workflows to minimize friction and accelerate remediation. IDE extensions, pull request scanning, WizCLI integration, MCP server support, and a unified policy engine enable earlier issue resolution without slowing delivery.” - Katie Norton, Research Manager for DevSecOps and Software Supply Chain Security, IDC Thank you to IDC for publishing this insightful research and to our customers for their trust and partnership! 📈 Read more: https://lnkd.in/dSTDC--e