AI Applications Are Fundamentally Different
AI applications are no longer single, bounded systems. They are assembled ecosystems of models, agents, tools, and cloud services operating across multiple environments — often without a clear boundary defining where an “AI application” begins or ends.
This changes visibility in two fundamental ways.
AI systems evolve after deployment
Agents can dynamically expand their capabilities over time — for example, discovering and attaching new tools or skills without redeployment — meaning the system running tomorrow may not be the same system observed today.
AI behavior is permission-bound and non-deterministic
An agent granted system access may choose a harmless ls -l command or execute a privileged sudo action depending on context — behavior that cannot be fully inferred from code alone.
For security teams, this creates a new reality:
Before organizations can secure AI, they must be able to answer two foundational questions:
Where is AI running across my environment?
What exactly is the AI application?
Visibility Needs a New Model
Traditional security visibility was built for predictable systems. Infrastructure could be inventoried, applications were relatively static, and behavior could be inferred from deployment or code.
AI changes that equation.
Traditional approaches each capture only part of the picture — but none can describe the full AI application.
Why traditional visibility falls short:
Cloud discovery sees infrastructure, not AI logic — it identifies resources, but not how models, agents, and tools combine into an AI system.
Code analysis sees intent, not execution context — repositories reveal AI usage, but not identities, permissions, or connected services shaping real behavior.
Runtime signals show activity, not capability — execution data reflects what happened, not latent access or architectural risk.
Traditional discovery assumes centralized adoption, not rapid and decentralized AI usage — AI adoption is happening across teams and across AI services, from external model providers to copilots and more, creating blind spots traditional discovery approaches were never designed to uncover.
Each signal provides insight, but none answer the core question:
What are my AI applications, and how are they built and operating across my environment?
Visibility can no longer rely on a single vantage point — not just cloud infrastructure, not just repository scans, and not just runtime logs. AI systems span managed platforms, custom agents in code, SaaS AI services, and dynamic workflows.
To see AI clearly, visibility must connect these signals into a single, accurate inventory.
How Wiz Delivers Complete AI Visibility
AI visibility cannot rely on a single detection method —each approach reveals only a partial view of an AI system.
Modern AI applications are assembled across code, cloud platforms, SaaS services, and dynamically evolving workflows. Understanding them requires more than one perspective. Wiz approaches AI discovery by correlating multiple signals together, building a unified understanding of AI systems regardless of how or where they are deployed.
Instead of assuming a single architecture, Wiz combines complementary discovery layers — each revealing a different part of the AI application.
Code-level detection
Wiz analyzes repositories and application code to uncover embedded AI usage, including frameworks, model integrations, agents, and connected tools. This makes custom-built AI applications visible even when they don’t appear as dedicated cloud services.
Agentless cloud detection
Managed AI services and AI-enabled infrastructure are deterministically discovered directly from cloud environments — without runtime agents — providing deployment context and visibility into how AI systems are exposed and connected across accounts.
AI Workload Explainer — intelligent translation layer
Custom AI applications aren’t standardized. The Workload Explainer uses AI to detect and analyze how your AI applications are built, translating custom implementations into clear components that deterministic scanning alone cannot identify.
Model discovery through invocation logs
Model invocation activity provides a reliable execution signal. AI models act as a natural choke point — agents may be built in different languages, architectures, or environments, but if they interact with organizational models, those interactions are observable. By analyzing invocation logs, Wiz identifies active AI systems and dynamically assembled behaviors that static analysis alone cannot fully reveal.
Runtime discovery through network and behavioral signals
Network and behavioral signals help surface shadow AI usage, newly connected services, and external AI interactions such as remote MCP that may otherwise remain invisible to traditional discovery methods.
By correlating these signals together, Wiz delivers implementation-agnostic visibility — working consistently across environments such as managed AI platforms (like AWS Bedrock or Google Vertex AI), SaaS AI services (such as OpenAI), custom agents built in code, and partner ecosystem integrations. For details on each platform learn more in our docs.
The result is a continuously updated understanding of what AI systems actually exist — across every environment where they operate.
How AI Visibility Comes Together
Wiz continuously discovers AI components and surfaces them in a unified AI Inventory, giving teams a clear view of where AI exists across their environment.
These components are also automatically grouped into Services, giving teams a clear view of AI offerings along with ownership and accountability — helping security understand who is responsible for each AI system rather than seeing disconnected assets.
Exploring AI Inventory
AI Inventory organizes visibility around the core components that make up modern AI applications, allowing teams to understand adoption without manually tracing implementations across environments.
Models
See every model in use across managed platforms, SaaS integrations, and custom deployments. Understand where AI capability enters your environment and how models are being used.
Agents, Tools, and MCP Servers
Understand how AI agents operate and what tools or MCP-connected systems they can access. Wiz surfaces capabilities and integrations so teams can see how AI systems extend, connect, and take action.
Guardrails
View enabled protections and applied filters across AI applications, along with missing or misconfigured guardrails. This helps teams understand how AI behavior is governed across environments.
Identities
See which cloud and application identities power AI systems — and which identities in your environment can access them. This provides visibility into how AI actions are authorized and executed across environments.
AI Tool Adoption (Developer Usage)
Understand which AI development tools and assistants are being used across teams — from IDE copilots to CLI and application integrations. By surfacing real-world developer AI usage, Wiz helps organizations identify emerging adoption patterns and uncover potential shadow AI activity early.
Visibility Is the Foundation for AI Security
Once AI systems are fully discovered and mapped, organizations can finally understand how AI applications are constructed and where responsibility and exposure actually exist.
That visibility enables the next stages of AI security — uncovering posture risks like an externally exposed AI agent with access to sensitive data, and detecting runtime threats such as suspicious AI-driven database writes that may signal misuse or compromise.
In the next post in this series, we’ll explore how teams use this visibility to understand and reduce AI risk while continuing to safely adopt AI across their environments.
