Wiz AI-SPM
Overview
Product details compiled from public sources, each with a citation.
- Vendor
- Wiz2
- Description
- Agentless AI security posture management that discovers AI pipelines, models, and data across clouds, then surfaces misconfigurations and attack paths to AI services.2
- Deployment
- SaaS2
- Status
- Acquired1
- Acquisition
- Acquired by Google (Alphabet), announced 2026-03-11. It now operates as a standalone product.1
- Compliance
- SOC 2 Type II, SOC 3, ISO 27001, ISO 27017, ISO 27018, ISO 27701, PCI DSS v4.0.1, HIPAA 3
Matrix Coverage
Where this product defends, by asset class and NIST CSF function. The Coverage column shows whether each asset is Primary, Secondary, or Adjacent to what the product does. The table omits empty rows and columns.
| Asset class | Identify | Coverage | Source |
|---|---|---|---|
| AI-Workload Platforms | Identify: Covered | Primary | 2 |
| AI Model | Identify: Covered | Secondary | 2 |
| Runtime AI Data | Identify: Covered | Secondary | 2 |
Framework Relevance
These frameworks include controls relevant to the asset classes Wiz AI-SPM defends. This is an editorial inference from the AI Defense Matrix asset-level crossmap, not a statement that Wiz implements these controls or is certified against them.
Expand Collapse
| Framework | Asset class | Relevant controls |
|---|---|---|
| NIST IR 8596 | AI-Workload Platforms | Containers, microservices, and libraries (AI-specific subset); inference endpoints (platform side) |
| AI Model | Models; Algorithms (model configuration) | |
| Runtime AI Data | Prompts (runtime); inference data | |
| CSA AI Controls Matrix | AI-Workload Platforms | Infrastructure Security; Threat & Vulnerability Management |
| AI Model | Model Security; Governance, Risk and Compliance | |
| Runtime AI Data | Data Security and Privacy Lifecycle Management; Application and Interface Security | |
| ISO 42001 | AI-Workload Platforms | A.6 AI system life cycle; A.4 Resources for AI systems |
| AI Model | A.6 AI system life cycle; A.10 Third-party and customer relationships; A.5 Assessing impacts of AI systems | |
| Runtime AI Data | A.7 Data for AI systems; A.8 Information for interested parties | |
| Google SAIF | AI-Workload Platforms | Expand strong security foundations; secure and harden the AI deployment environment |
| AI Model | Protect the AI model; ensure model integrity, provenance, and weight security | |
| Runtime AI Data | Expand AI red-teaming; runtime input and output safety; prompt defense | |
| SANS Critical AI Security Guidelines | AI-Workload Platforms | Conventional Security Controls (host AI within the existing ISMS; authentication and access controls; encryption at rest); AI Supply Chain Management (local vs. SaaS hosting trade-offs; internal model garden) |
| AI Model | Conventional Security Controls (protect model parameters with least privilege, encryption at rest, runtime obfuscation, and trusted execution environments); Data/Model Engineering Controls (adversarial training; alignment and fine-tuning); AI Supply Chain Management (public-model caution; transfer-attack exposure) | |
| Runtime AI Data | Model I/O Handling (sanitize, validate, and filter inputs and outputs; segregate user and system prompts; multilayered prompt-injection defense); Conventional Security Controls (protect augmentation and RAG data with vector-store access controls and validation); Data Minimization and Obfuscation (limit sensitive prompt content; context-window management); Limit Model Behavior (AI guardrails) | |
| MITRE ATLAS | AI-Workload Platforms | AML.T0010 AI Supply Chain Compromise; AML.T0012 Valid Accounts (platform credential abuse); container and inference-server exploits |
| AI Model | AML.T0043 Craft Adversarial Data; AML.T0024 Exfiltration via AI Inference API (subtechniques: AML.T0024.001 Invert AI Model and AML.T0024.002 Extract AI Model); AML.T0018 Manipulate AI Model (integrity and backdoor) | |
| Runtime AI Data | AML.T0051 LLM Prompt Injection; AML.T0054 LLM Jailbreak; AML.T0056 Extract LLM System Prompt | |
| OWASP AI Exchange | AI-Workload Platforms | Development-time threats: supply chain attacks, model-platform CVEs, container escape |
| AI Model | Development-time and runtime model threats: model inversion, extraction, evasion, poisoning | |
| Runtime AI Data | Input threats: prompt injection, adversarial inputs, evasion; runtime threats: RAG poisoning, memory tampering | |
| OWASP LLM Top 10 | AI-Workload Platforms | LLM03 Supply Chain (compromised AI platform components); LLM04 Data and Model Poisoning (via platform) |
| AI Model | LLM03 Supply Chain; LLM04 Data and Model Poisoning; LLM09 Misinformation | |
| Runtime AI Data | LLM01 Prompt Injection; LLM02 Sensitive Information Disclosure; LLM08 Vector and Embedding Weaknesses; LLM05 Improper Output Handling | |
| OWASP Agentic Security Top 10 | AI-Workload Platforms | ASI04 Agentic Supply Chain Vulnerabilities (model and tool-platform components); ASI08 Cascading Failures (platform fault propagation) |
| AI Model | ASI04 Agentic Supply Chain Vulnerabilities (model provenance, weights, and dynamic loading) | |
| Runtime AI Data | ASI06 Memory & Context Poisoning; ASI01 Agent Goal Hijack (via prompt injection in runtime inputs) |
Provenance
Last sourced 2026-06-08.
Expand Collapse
Changelog
-
Added compliance attestations from the Wiz public trust center with a source.
-
Verified details and recorded the completed Google acquisition (March 2026).
Found an error? Corrections are welcome. Suggest an edit.
Product Strategy and Positioning
You can use the following frameworks to understand the product’s strategy and its competitive positioning. Performing this analysis is outside the scope of the AI Defense Matrix Catalog, but the following guidance can help you with such an assessment.
Expand Collapse
Product Strategy
Lenny Zeltser’s Guide to Creating Cybersecurity Products can help you understand key aspects of the product strategy. You can use your AI tool to gather the data and apply this framework.
- Market segment
- Who the product is built for: industry, size, and the persona who evaluates it.
- Go-to-market motion
- How it reaches buyers: top-down sales, bottom-up adoption, or open source.
- Pricing model
- How value is captured: per-seat, consumption, or outcome-based.
- Delivery and operations
- How it is deployed, configured, and maintained, including infrastructure-as-code and API coverage.
- Customer trust
- Certifications, transparency, and supply-chain security a buyer expects from the vendor.
- Ecosystem position
- A point solution, a platform others build on, or a component of a larger platform.
Strategy Defensibility
Ben Vierck’s rubric can help you assess the defensibility of the SaaS product’s strategy against competitive and other market forces. You can use it with your AI tool for a methodical analysis.
- Value delivery
- How much of the value is hard to replicate versus standard software a competitor could rebuild.
- Switching cost
- How costly it is to leave once deployed: integrations, data, workflow, and platform ties.
- Compliance moat
- Whether certifications or regulatory alignment are a durable advantage or table stakes for this buyer.
- Problem complexity
- How hard, adversarial, and fast-moving the underlying problem is to solve well.
- Buyer profile
- Who holds the budget, and how durable that demand is across the market.
- Layer
- Where the product operates: application, model, infrastructure, platform, or identity control plane.
- Proprietary data, content, or IP
- Whether it accumulates data, content, or IP that others would find difficult to replicate.