To unlock the full value of these systems, organizations are connecting them to production environments, granting access to sensitive data, and enabling them to take action across their systems.This is where risk is introduced.<\/p>\n
Most approaches still analyze infrastructure, identity, and applications in isolation \u2014 leaving teams without the context needed to identify real risk.\u00a0<\/p>\n
Today, we\u2019re introducing the Wiz AI Application Protection Platform (AI-APP)<\/a> \u2014 designed to secure AI applications end-to-end, with the context needed to understand real risk and act on it.<\/p>\n The Context Gap in AI Security<\/p>\n Security teams are left trying to answer:<\/p>\n Where AI applications are running across my environment?<\/p>\n What are their capabilities – what can they actually do?\u00a0<\/p>\n Which of these actually represent real, exploitable risk?<\/p>\n Can I detect and respond to threats across these AI applications in time?<\/p>\n Because AI risk<\/a> doesn\u2019t live in a single layer.<\/p>\n It emerges when systems interact \u2014 across models, agents, tools, infrastructure, and data.<\/p>\n Consider a customer-facing AI chatbot connected to internal tools and data systems.<\/p>\n An attacker discovers an authentication bypass vulnerability \u2014 a common issue in rapidly built, \u201cvibe-coded\u201d applications \u2014 and uses it to inject a prompt,<\/a> manipulating the agent into taking unintended action.<\/p>\n From there, the system behaves exactly as designed \u2014 but with unintended consequences.<\/p>\n Each part of this activity, on its own, can appear expected:<\/p>\n the prompt is processed as a normal model interaction<\/p>\n the agent executes code to retrieve sensitive data \u2014 a capability it was designed to perform<\/p>\n the resulting access and data movement appear as valid cloud activity<\/p>\n It\u2019s only when these are connected that the full AI attack path<\/a> becomes clear.<\/p>\n The Wiz AI Application Protection Platform (AI-APP) brings together visibility, risk analysis, and runtime protection into a single, graph-powered platform \u2014 allowing teams to understand and secure AI systems as they actually operate. It is the natural evolution of the Cloud-Native Application Protection Platform (CNAPP)<\/a> as organizations increasingly build AI-native applications.<\/p>\n This allows teams to move from understanding how AI systems are built, to identifying cross-layer risk, to detecting and responding to threats in real time \u2014 all in one place.<\/p>\n 1. Visibility \u2014 Build a Complete AI Inventory AI adoption spans managed services, SaaS platforms, and custom-built applications \u2014 creating blind spots across environments.<\/p>\n Wiz builds a complete inventory<\/a> of AI applications using multiple detection methods across all of them:<\/p>\n Managed platforms \u2014 deep integrations with services like AWS Bedrock, Azure AI, and Google Vertex AI<\/p>\n Custom and self-hosted AI \u2014 code and workload analysis to identify frameworks, agents, and services running in your environment<\/p>\n A key part of this is the Wiz Workload Explainer \u2014 which uses AI to detect and analyze how your AI applications are built, translating custom implementations into clear components that deterministic scanning alone cannot identify.<\/p>\n This enables Wiz to map AI systems end-to-end regardless of their architecture \u2014 including models, agents, tools, and data flows. Our goal is to let teams build AI applications in the way that works best for them, while providing consistent security across all of it.<\/p>\n In the chatbot example, this means identifying the agent service, underlying model, connected tools, and the infrastructure it runs on \u2014 even when they are not explicitly defined.<\/p>\n \ud83d\udc49 Explore more in our visibility deep dive<\/a>.<\/p>\n 2. Risk \u2014 Understand How Risk Emerges Across Layers<\/p>\n AI risk is not defined by a single issue \u2014 but by how multiple conditions come together.<\/p>\n Wiz connects signals across the layers that make up an AI application.<\/p>\n In the chatbot risk example, these include:<\/p>\n Infra & Access \u2014 the AI agent is exposed through a public endpoint with an authentication bypass.<\/p>\n Model & Guardrails \u2014 the agent runs on an AI Model hosted in a PaaS with misconfigured guardrails<\/p>\n Data \u2014 the model was trained on sensitive data\u00a0<\/p>\n Application \u2014\u00a0 the agent has tools that allow it to read and expose the sensitive data.<\/p>\n Individually, each layer may appear benign. Together, they define whether an attack is possible.\u00a0<\/p>\n A key part of this understanding is how deeply Wiz analyzes AI components. For example, Wiz identifies and classifies the tools an agent can use \u2014 such as:<\/p>\n reading or exposing data<\/p>\n executing code<\/p>\n interacting with APIs<\/p>\n modifying infrastructure<\/p>\n This is one example of how Wiz continuously deepens its understanding of AI-native risk over time. By correlating signals across layers, Wiz maps real, exploitable attack paths.<\/p>\n Wiz also maps AI risks to frameworks like the OWASP Top 10 for LLM Applications \u2014 helping teams prioritize issues in the context of real-world standards and compliance requirements.<\/p>\n \ud83d\udc49 Explore more in our risk deep dive.<\/a><\/p>\n 3. Runtime \u2014 Detect and Respond to AI Threats AI systems are dynamic \u2014 and attacks unfold in real time.<\/p>\n Wiz provides threat detection across three complementary layers:<\/p>\n Model activity \u2014 monitoring inputs, outputs, and prompt behavior<\/p>\n Workload execution \u2014 tracking agent execution, tool usage, and system activity<\/p>\n Cloud layer \u2014 observing identity usage, API calls, and infrastructure changes<\/p>\n In the chatbot scenario, this means:<\/p>\n identifying the manipulated prompt at the model layer<\/p>\n detecting code execution and behavior on the host container<\/p>\n and tracking credential usage and downstream activity in the cloud<\/p>\n Because this telemetry is connected back to the full application context, teams can: detect threats earlier, understand whether activity represents real exploitation and prioritize response based on actual impact<\/p>\n \ud83d\udc49 Explore more in our runtime deep dive<\/a><\/p>\n Extending AI Security beyond the Wiz platform<\/p>\n To extend this even further, Wiz integrates with leading WIN AI partners, bringing the intelligence of the AI security ecosystem into Wiz:<\/p>\n Cloudflare and Wiz integrate to surface which AI application endpoints are protected by Cloudflare\u2019s AI Security for Apps, highlighting what remains exposed so teams can reduce risk from prompt injection, PII leakage, and shadow AI<\/a>.<\/p>\n TrojAI and Wiz integrate to bring AI red teaming findings from TrojAI into Wiz, revealing vulnerabilities like jailbreaks, prompt injection exploits, and data leakage from your AI Endpoints. Wiz enriches these Findings with cloud context to surface attack paths to your AI application, helping teams prioritize exploitable risks.<\/p>\n Pillar Security and Wiz integrate to bring black-box agentic red team assessments from Pillar into Wiz, highlighting vulnerabilities at public-facing AI endpoints. By correlating these findings with existing risks across the environment, teams gain visibility into exploitable paths and can focus remediation on high-impact issues.<\/p>\n Understanding risk is only part of the challenge.<\/p>\n Security teams need to operationalize it \u2014 turning insight into action across engineering, security, and platform teams.<\/p>\n Wiz enables teams to:<\/p>\n prioritize real risk based on full context<\/p>\n route issues to the right owners<\/p>\n and drive remediation with clear, actionable guidance<\/p>\n This is powered by Wiz Agents<\/a> \u2014 acting as force multipliers across the lifecycle:<\/p>\n Red Agent identifies complex exploitable risk by reasoning like an attacker<\/p>\n Green Agent determines what to fix and who owns it<\/p>\n Blue Agent investigates threats and validates real impact<\/p>\n We are also extending this “insight to action” philosophy directly into the AI-SDLC. By injecting Security Graph context into AI development workflows, we enable agents to move beyond generic suggestions. Instead, they can automatically identify misconfigurations, prioritize fixes based on cloud-layer risk, and even perform real-time remediation before code is ever committed.<\/p>\n Secure AI at the Speed of AI<\/p>\n AI is changing how systems are built \u2014 and how attackers operate.<\/p>\n Security must evolve to match.<\/p>\n Wiz AI-APP is built for this new reality:<\/p>\n cross-layer context to understand how AI risk actually emerges<\/p>\n implementation-agnostic coverage across managed services, SaaS platforms, and custom-built applications<\/p>\n and end-to-end visibility from code to runtime<\/p>\n Wiz AI-APP connects code, cloud, and runtime into a single platform \u2014 giving teams the context they need to understand and secure AI systems end-to-end.<\/p>\n Secure AI applications \u2014 from code to runtime.<\/p>\n","protected":false},"excerpt":{"rendered":"AI hasn\u2019t just changed how we build \u2014 it has fundamentally changed how risk emerges. AI applications are…\n","protected":false},"author":2,"featured_media":560478,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20],"tags":[256,254,255,64,63,105],"class_list":{"0":"post-560477","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-artificial-intelligence","8":"tag-ai","9":"tag-artificial-intelligence","10":"tag-artificialintelligence","11":"tag-au","12":"tag-australia","13":"tag-technology"},"_links":{"self":[{"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/posts\/560477","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/comments?post=560477"}],"version-history":[{"count":0,"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/posts\/560477\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/media\/560478"}],"wp:attachment":[{"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/media?parent=560477"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/categories?post=560477"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/tags?post=560477"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}AI Risk Issue on Security Graph – Externally exposed agent with authentication bypass vulnerability exposing sensitive data<\/p>\n
<\/p>\n
<\/p>\n
AI Inventory<\/p>\n
Agent hosted on AWS Bedrock & the tools its connected to
Agent built in Copilot studio with access to sensitive data in Sharepoint<\/p>\n
Custom hosted agent on the Wiz Security Graph<\/p>\n
<\/p>\n
<\/p>\n