Introducing the Wiz Red Agent- AI-Powered Attacker
Red Agent is an AI-powered, context-aware attacker that uncovers complex exploitable risks across your entire attack surface, continuously and at scale.
Gal Nagli
Head of Threat Exposure
Gal Nagli の投稿
Hacking Moltbook: The AI Social Network Any Human Can Control
1 exposed database. 35,000 emails. 1.5M API keys. And 17,000 humans behind the not-so-autonomous AI network.
AI Agents vs Humans: Who Wins at Web Hacking in 2026?
Wiz Research teamed up with Irregular, a frontier AI security lab, to settle this once and for all.
Protecting Against Zero-Day Vulnerabilities with SOC-Level ASM Alert
Outpacing React2Shell using pre-breach alerts from Wiz ASM to eliminate exploitable risk before attackers find them
Introducing Wiz ASM: Context-Driven Attack Surface Management
Wiz launches Attack Surface Scanner to bring context, ownership, and prioritization to every exposure, anywhere.
Wiz Research Discovers One in Five Organizations Exposed to Systemic Risks in Vibe-Coded Applications - Here's How to Secure Them
New research reveals four common security risks systematically affecting vibe-coded applications - with remediation strategies curated together with Lovable.
Wiz Research Uncovers Critical Vulnerability in AI Vibe Coding platform Base44 Allowing Unauthorized Access to Private Applications
New discovery underscores security implications of AI-powered development and the rise of Vibe Coding Platforms
Securing Cloud Databases: Best Practices with ClickHouse and Wiz
How to protect sensitive data in cloud-hosted databases with built-in security controls, best practices, and continuous risk monitoring.
GitHub Action tj-actions/changed-files supply chain attack: everything you need to know
A supply chain attack on popular GitHub Action tj-actions/changed-files caused many repositories to leak their secrets. Discover how it unfolded and the steps to mitigate the risk.
Wiz ResearchがDeepSeekの公開データベースを発見、チャット履歴を含む機密情報が流出
DeepSeekが所有する公開アクセス可能なデータベースにより、データベース操作を完全に制御できる状態になっており、内部データへのアクセスも可能でした。この漏えいには、100万行以上のログストリームが含まれており、極めて機密性の高い情報が含まれています。
Wiz Research Identifies Exploitation in the Wild of Aviatrix Controller RCE (CVE-2024-50603)
The Wiz Incident Response team is currently responding to multiple incidents involving CVE-2024-50603, an Aviatrix Controller unauthenticated RCE vulnerability, that can lead to privileges escalation in the AWS control plane. Organizations should patch urgently.
Supply chain attack on lottie-player: everything you need to know
Supply chain attack in popular lottie-player library compromises websites with malicious Web3 wallet prompts – update or revert the library to avoid the compromised versions.