Wiz founder: Hack your self with AI, earlier than the unhealthy guys do
Safety leaders ought to be turning offensive AI cyber instruments on their very own methods earlier than risk actors do, exploiting the innate defenders’ benefit to achieve the excessive floor and improve their probabilities of withstanding a cyber assault.
So says Yinon Costica, co-founder of Google-owned Wiz, who, talking at Google Cloud Subsequent in Las Vegas, argued that defenders can win in opposition to attackers by utilizing AI to use a bonus that will not seem apparent at first look, that of context.
“The identical AI mannequin can clearly produce very completely different outcomes primarily based on the context that we feed into it,” mentioned Costica. “Now, attackers hopefully have a lot much less context about us whereas as defenders we do have a whole lot of context about our environments that we are able to share with the mannequin.
“If, as defenders, we take the primary movers’ benefit and we use the AI in opposition to ourselves, with the context we’ve, we truly stand an opportunity to win…. However we have to act quick,” he mentioned.
“We have to begin utilizing AI in opposition to ourselves as a lot as doable, whether or not it’s to scan assault surfaces, scan code, scan something, as a way to be the primary one to see the outcomes and to not look ahead to the unhealthy guys to do it earlier than us.”
As velocity turns into ever extra of the essence in cyber safety, Costica conceded that this is able to be a problem for defenders – however famous that the instruments to do that are quickly changing into obtainable. To attempt to assist, Wiz unveiled three new AI brokers at Google Cloud Subsequent – pink, inexperienced and blue – that are named for the human cyber groups they’re designed to assist.
“What brokers permit us to do is absolutely to get to the subsequent stage of acceleration [and] automation of safety work,” mentioned Costica.
The pink agent is designed to help pink workforce penetration testing work by probing deep into its homeowners’ IT property, figuring out potential exposures, comparable to software programming interfaces (APIs), end-of-life edge networking package or operational expertise (OT) property, and runs penetration assessments on them. The inexperienced agent follows on by automating the triage course of, one thing that may take ages for people. Lastly, the blue agent acts as a detective, doing the investigative work that can be a prolonged course of for human groups.
“These three brokers collectively kind a layer that’s autonomous and automatic. Its not revolutionary in that it aligns carefully to how safety groups have been working for a few years, however now it permits every workforce to automate their workflows,” mentioned Costica.
“It’s like dwelling sooner or later within the eyes of safety groups as a result of it implies that from the second they discover a threat, they’ll automate the method to search out who owns it and ship the code repair to finish and redeploy to manufacturing.”
A bit over a month on from the closure of the $32bn acquisition of Wiz – Google’s largest buy thus far – the 2 organisations reaffirmed their dedication to offering a unified safety platform, retaining Wiz’s model, that may improve the velocity with which prospects detect, forestall and reply to threats, particularly rising ones created utilizing AI.
They duo additionally declare their mixed functionality will speed up adoption of multicloud safety and spur extra confidence in innovation round cloud and AI. Wiz’s merchandise are additionally to proceed to be made obtainable throughout different platforms, together with Amazon Net Companies (AWS), Microsoft Azure and Oracle Cloud. It additionally introduced help for Databricks and agent studios like AWS Agentcore, Microsoft Azure Copilot Studio, and Salesforce Agentforce, in addition to Gemini Enterprise Agent Platform in fact, and continues to help safety ecosystems with integrations to the outer layer of the cloud, together with Google Cloud Apigee, Cloudflare AI Safety for Apps, and the Vercel platform.
Behind the scenes, Wiz has additionally up to date the way it integrates safety detections from Wiz Defend with Google Safety Operations and Mandiant Menace Defence to make life simpler for human analysts.
And it introduced new capabilities to safe the AI-native deployment cycle. These embrace scanning vibe coded functions for points; AI-generated code scanning and vulnerability remediation; agent-based remediation permitting groups to automate remediation workflows; and an AI invoice of supplies (AI-BOM) to maintain on high of the usage of shadow AI for coding.
