Build AI Security Agents with Wiz MCP

Power AI-driven security with trusted security context, Wiz AI Agents, and Wiz AI Skills.

Security teams are moving beyond chat-based assistants to agentic workflows - AI assistants, custom agents, and AI-powered applications that reason across systems, coordinate actions, and automate complex security tasks from investigation through remediation.

Today, we're excited to announce the general availability of Wiz MCP, making it easier than ever to securely connect AI assistants, custom agents, and AI-powered applications to the Wiz platform.

To understand, reason about, and act on security, AI assistants, custom agents, and AI-powered applications need trusted context, specialized security intelligence, and a secure way to interact with your environment.

That's what Wiz MCP makes possible.

What powers agentic workflows

Context from the Wiz Security Graph

Everything starts with the Wiz Security Graph.

The Security Graph gives AI a contextual understanding of your environment across cloud infrastructure, identities, code, data, AI, and runtime. Through Wiz MCP, AI can securely retrieve and reason over the same findings, issues, vulnerabilities, threats, attack paths, relationships, ownership information, and other security insights available throughout the Wiz platform -grounding every decision in how your environment actually operates rather than isolated data points.

Intelligence from Wiz AI Agents

Context becomes action through Wiz AI Agents.

Red, Blue, and Green Agents continuously analyze your environment to validate exposures, investigate threats, and accelerate remediation. Through Wiz MCP, your AI can leverage those analyses and recommendations instead of recreating the same reasoning from scratch - bringing the intelligence that powers Wiz directly into your own AI experiences.

Build with Wiz AI Skills

Wiz MCP securely connects your AI to the Wiz platform. Beyond trusted security context, it provides access to verified Wiz AI Skills - predefined, agentic workflows that encapsulate Wiz security expertise and best practices.

Instead of orchestrating individual tool calls, your AI can execute reusable security playbooks for vulnerability triage, remediation, investigation, and more. These Skills simplify implementation, automate complex workflows, and help you accelerate development by reusing proven security workflows instead of building them from scratch.

What teams are building with Wiz

The best way to understand what's possible is to see how different teams are building with Wiz today. From developers and vulnerability teams to SOC analysts and security leaders, these examples show how AI can combine trusted context from the Security Graph, intelligence from Wiz AI, and reusable Tools and Skills to automate the work security teams do every day.

Developers: Remediate production risk from the IDE

Developers can remediate production risk without leaving their IDE, while security teams know every fix is grounded in real production context.

đź’¬ Example prompt

“Identify the Wiz Issues with the greatest production impact on this repository, trace it to the code that introduced it, retrieve Green Agent remediation guidance, apply and test the fix, and open a pull request for review”

Behind the scenes

  • Uses the verified Wiz remediation skill

  • Retrieves the Wiz Issues and Security Graph context

  • Traces each issue to the responsible repository and code owner

  • Uses Green Agent analysis to determine the root cause and recommend remediation

  • Generates a code fix and opens a pull request

See it in action: Explore Green Agent and Code-to-Cloud Remediation. Then see how Cohere built an AI security agent with Wiz to automate vulnerability triage, investigation, and remediation.

Vulnerability Management: Prioritize exploitable vulnerabilities

Instead of sorting thousands of CVEs, teams can focus on the handful of vulnerabilities attackers can realistically exploit.

đź’¬ Example prompt

“Surface only the open vulnerabilities an attacker could realistically chain to reach sensitive data, explain the attack path for each, and rank them by what to remediate first.”

Behind the scenes

  • Retrieves active vulnerabilities across the environment

  • Uses the Security Graph to evaluate attack paths and blast radius

  • Correlates cloud exposure, identities, and affected resources

  • Prioritizes findings based on exploitability instead of severity

  • Recommends the next remediation actions

See it in action: Explore Attack Surface Management and how the Security Graph prioritizes exploitable vulnerabilities through attack path analysis.

Security Operations: Accelerate threat investigations

Analysts can investigate threats with complete context and automatically hand off a fully documented investigation for remediation.

đź’¬ Example prompt

"Investigate this threat end to end: pull the related cloud activity and blast radius, correlate the evidence against the SIEM, build a complete timeline, and hand off a documented investigation with recommended next steps”

Behind the scenes

  • Retrieves the threat and related Security Graph context

  • Uses Blue Agent analysis to determine impact and likely cause

  • Correlates evidence with the SIEM and other connected security tools

  • Builds a complete investigation timeline

  • Creates a ticket with findings and recommended next steps

See it in action: Explore Blue Agent, then see how Grammarly reduced security investigation time by more than 90% with AI-powered investigation workflows built on Wiz MCP.

Penetration Testing: Turn penetration tests into continuous security

One-time penetration tests become part of continuous cloud security operations instead of remaining static reports.

đź’¬ Example prompt

"Import this penetration test report into Wiz, map findings to my environment, and create Penetration Test Findings."

Behind the scenes

  • Extracts findings from external security reports

  • Maps findings to cloud resources and repositories

  • Identifies existing findings to avoid duplication

  • Creates Penetration Test Findings within Wiz

See it in action: Explore Red Agent and the Import Security Reports Skill to operationalize external penetration testing.

Security Leadership: Understand compliance coverage

Security leaders can identify framework gaps, recommend missing controls, and accelerate audit preparation without manual analysis.

đź’¬ Example prompt

"Compare our internal security framework against existing Wiz policy coverage, identify the gaps, recommend custom rules to close them, and produce an auditable coverage summary."

Behind the scenes

  • Maps compliance controls to existing Wiz policies

  • Identifies uncovered requirements and recommends custom rules

  • Generates an auditable framework coverage summary

  • Publishes results to your documentation tool for review

See it in action: Explore the Custom Compliance Mapping Skill and learn how Infosys uses Wiz MCP to automate recurring security workflows, including AI-generated weekly posture briefs that deliver prioritized security insights before teams even start their day.

These examples are just the beginning. Whether you're extending an AI assistant, building a custom agent, or creating entirely new security workflows. Wiz MCP provides the trusted context, AI expertise, and reusable Skills to help you build with confidence. Stay tuned as we continue to share more real-world examples and best practices from teams building with Wiz.

Continue reading

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management