AI has introduced an era of unparalleled innovation, empowering organizations to efficiently build transformative applications across all industries. AI adoption has exploded over the past few years, with AI becoming an integral component of many industries. Based on analysis from the Wiz research team, over 62% of organizations are already using at least one AI cloud service. This surge of adoption is unstoppable and predicted to continue growing, with 67% of organizations planning to increase their spending in data and AI technologies according to Accenture’s CxO Pulse Survey. AI today is analogous to where cloud was 5-10 years ago — everyone is using it to some extent, but very few have a process to govern it.
In the race to innovate, developers and data scientists often unintentionally create shadow AI by introducing new AI services into their environment without the security team’s oversight. Lack of visibility makes it hard to ensure security in the AI pipeline and to protect against AI misconfigurations and vulnerabilities. Improper AI security controls can lead to critical risks, like the real-life example when the Wiz research team discovered 38TB of data was accidentally exposed by Microsoft AI researchers. Some additional risks are discussed in the OWASP Top 10 for LLM, including model poisoning, data leakage, and model supply chain attack. Such risks make it paramount to embed security into every part of the AI pipeline.
Introducing Wiz for AI Security (AI-SPM)
Today, we are excited to announce Wiz for AI Security, making Wiz the first CNAPP to provide native AI security capabilities fully integrated across the Wiz platform. With this launch, Wiz provides unmatched security to empower organizations to safely build with AI, accelerating innovation while staying protected against AI-related risks. Wiz for AI Security introduces these new capabilities:
Extending full-stack, agentless inventory with AI-BOM
Enforcing AI configuration baselines with built-in misconfiguration checks
Extending DSPM to AI
Extending Attack Path Analysis to AI
AI Security Dashboard
Full-stack, agentless inventory extended to AI
AI security starts with full visibility, which enables you to remove the risk of shadow AI in your environment. Wiz’s AI-BOM gives security teams and AI developers full-stack visibility by identifying every AI service, technology, libraries, and SDKs in your environment, without any agents, and presenting them on the Wiz Security Graph and in Wiz Inventory. This gives organizations unconditional visibility, allowing the security team to immediately detect new AI services introduced into the environment such as AWS SageMaker, GCP Vertex AI, Amazon Bedrock (launching next week), and Azure Cognitive Research and flag the different technologies as approved, unwanted, and unreviewed.
Our data scientists and engineers use Vertex AI to build innovative AI-powered applications for our business units. Wiz provides us with full visibility across resources and helps protect our AI infrastructure from security risks
Ashley Dunn, Head of Security Engineering, OVO
Enforce AI configuration baselines with built-in checks
After gaining visibility, the next step is to identify AI misconfigurations in your environment. Wiz’s AI-SPM helps organizations enforce AI security baselines, identifying misconfigurations in AI services. Wiz provides built-in configuration rules assessing your AI services for misconfigurations such as a SageMaker endpoint with no encryption enabled, or a Vertex AI Workbench notebook that has a public IP.
Extending DSPM capabilities to AI
Wiz is extending our Data Security Posture Management (DSPM) capabilities to AI, helping organizations safeguard sensitive AI training data in the cloud. Wiz automatically detects sensitive training data and helps you ensure that it is secure, with new out-of-the-box DSPM AI controls. The controls make it easy for organizations to identify and proactively remove attack paths that can lead to data leakage and poisoning.
Extending Attack Path Analysis to AI
Wiz is extending our Attack Path Analysis to AI, assessing AI pipeline risks across vulnerabilities, identities, internet exposures, data, misconfigurations, exposed secrets, and malware correlating risks on the Wiz Security Graph. This provides full cloud and workload context around the AI pipeline, helping organizations proactively remove attack paths in an environment — such as a Vertex AI Workbench hosted on a Google Compute Engine that has exploitable vulnerabilities and access to sensitive data.
Introducing the new AI security dashboard
Wiz makes it easy for your AI developers and data scientists to quickly understand their AI security posture with the new AI security dashboard. The dashboard provides an overview of top AI security issues with a prioritized queue of contextualized risks, so developers can quickly focus on the most critical ones. The dashboard also includes an AI inventory, listing vulnerabilities found in AI SDKs such as Hugging Face and OpenAI, and storage used for AI training. This easy-to-understand UI helps AI engineers join the cloud security operating model.
Start accelerating your AI innovation today
Dive into the future of AI with confidence with Wiz for AI and empower your AI developers to innovate faster while staying secure. Wiz’s goal is to protect your AI infrastructure and minimize security risks across the AI development lifecycle so you can focus on bringing more machine learning models to production. Get started now with Wiz for AI Security. You can learn more by visiting the Wiz for AI webpage. If you prefer a live demo, we would love to connect with you.