devtune
Sign Up
Wiz logo

AI visibility report for Wiz

Vertical: DevSecOps & Application Security

AI search visibility benchmark across 5 platforms in DevSecOps & Application Security.

Track this brand
25 prompts
5 platforms
Updated Jun 4, 2026
32percent

Presence Rate

Weak presence

Top-3 citations across 125 prompt × platform pairs

+0.24

Sentiment

-1.00.0+1.0
Positive
#2of 12

Peer Ranking

#1#12
Top tierin DevSecOps & Application Security

Key Metrics

Presence Rate32.0%
Share of Voice16.2%
Avg Position#20.5
Docs Presence0.0%
Blog Presence0.0%
Brand Mentions29.6%

Platform Breakdown

Grok
76%19/25 prompts
Google AI Mode
52%13/25 prompts
Perplexity
16%4/25 prompts
Gemini Search
8%2/25 prompts
ChatGPT
8%2/25 prompts

Overview

Wiz is a cloud-native application protection platform (CNAPP) founded in January 2020 and acquired by Google Cloud in March 2026 for $32 billion. Built by veterans of Israel's Unit 8200 intelligence corps, Wiz connects code, cloud, and runtime into a unified Security Graph that surfaces contextual attack paths and prioritizes risk across multi-cloud environments—AWS, Azure, GCP, OCI, and Kubernetes. Its agentless architecture deploys via read-only APIs in hours without requiring software installation. The platform consolidates CSPM, CWPP, CIEM, DSPM, IaC scanning, vulnerability management, and cloud detection and response into a single interface. Wiz Code extends coverage into developer workflows and CI/CD pipelines, while Wiz Defend delivers runtime threat detection via an eBPF sensor. Trusted by more than 50% of Fortune 100 companies, Wiz is ranked #1 CNAPP on G2 and named a Leader in the Forrester Wave CNAPP Q1 2026.

Wiz is a unified CNAPP platform that provides agentless, graph-based security across code, cloud infrastructure, and runtime. Its Security Graph connects misconfigurations, vulnerabilities, exposed identities, and sensitive data to model real attack paths—surfacing only the 'toxic combinations' that pose actual breach risk. The platform spans Wiz Cloud (CSPM, CWPP, CIEM, DSPM, compliance), Wiz Code (shift-left IaC, CI/CD, and IDE security), and Wiz Defend (cloud detection and response). AI agents automate risk remediation, penetration testing, and threat hunting. Since March 2026, Wiz operates as part of Google Cloud while remaining multi-cloud.

Key Facts

Founded
2020
HQ
New York, USA
Founders
Assaf Rappaport, Yinon Costica, Roy Reznik +1 more
Employees
1000-5000
Funding
$1.9B
ARR
~$500M (mid-2024)
Customers
50%+ of Fortune 100
Valuation
$32B (acquisition price)
Status
Acquired by Google (Google Cloud), March 2026

Target users

CISOs and cloud security teams at mid-to-large enterprisesCloud security architects and engineers managing multi-cloud environmentsDevSecOps and DevOps teams integrating security into CI/CD pipelinesSecurity operations center (SOC) analysts performing cloud threat detection and responseCompliance and governance teams needing automated cloud compliance reportingFrontier AI companies and cloud-native organizations securing AI workloads
wiz.io

Key Capabilities10

  • Agentless multi-cloud scanning via read-only APIs (AWS, Azure, GCP, OCI, Kubernetes) with no performance impact
  • Security Graph correlating misconfigurations, vulnerabilities, identities, and exposures into contextual attack paths
  • Toxic combinations detection surfacing only the highest-priority, exploitable risk chains
  • CSPM, CWPP, CIEM, DSPM, KSPM, and vulnerability management consolidated in one platform
  • Wiz Code: IaC scanning, CI/CD integration, and IDE-level shift-left security with automated PR fixes
  • Wiz Defend: Cloud Detection and Response (CDR) with eBPF runtime sensor, threat detection, and incident investigation
  • AI Security Posture Management (AI-SPM) for discovering and securing AI models, agents, and MCP servers
  • 100+ built-in compliance frameworks with automated heatmaps and on-demand reporting
  • Attack Surface Management (ASM) for outside-in scanning of internet-exposed assets
  • Automated remediation agents (Wiz Green, Red, Blue) for AI-speed risk reduction and threat response

Key Use Cases8

  • Unified multi-cloud security posture and visibility across AWS, Azure, GCP, and Kubernetes
  • Prioritizing and remediating critical cloud misconfigurations and attack paths
  • Container, serverless, and Kubernetes workload protection
  • Securing AI workloads, AI models, and agentic infrastructure in cloud environments
  • Shift-left developer security: IaC scanning, secrets detection, and CI/CD pipeline integration
  • Cloud compliance automation for PCI DSS, HIPAA, GDPR, SOC 2, and other frameworks
  • Cloud incident response, threat detection, and forensic investigation
  • Tool consolidation: replacing siloed CSPM, CWPP, CIEM, and DSPM point solutions

Wiz customer outcomes

Bridgewater Associates

20% reduction in MTTR with security agents

Bridgewater deployed Wiz to gain cloud-native visibility across its AWS environment, enabling its security team to understand and prioritize real risks across identities and network exposure during its cloud migration.

Cushman & Wakefield

Full environment visibility within 60 minutes of deployment

Cushman & Wakefield's CISO reported that Wiz provided immediate, comprehensive visibility across its cloud environment shortly after deployment and subsequently standardized on Wiz enterprise-wide.

Colgate-Palmolive

Colgate-Palmolive used Wiz across its hybrid multi-cloud environment (AWS, GCP, Snowflake) to detect excessive privileges and previously unidentified misconfigurations, and to rapidly assess and confirm data protection during the 2024 Snowflake-targeted threat campaign.

Amplitude

Digital analytics platform Amplitude used Wiz CNAPP to build a unified DevSecOps program across 5,000+ VMs and 30+ Kubernetes clusters, enabling faster software shipping with a secure, visible risk posture.

Blackstone

Blackstone consolidated CSPM, CWPP, secrets management, breach path detection, and container management into Wiz's single agentless platform, replacing isolated point solutions and gaining advanced network exposure and identity analysis for its AWS-only environment.

Recent Trend

Visibility+1.3 pts
Avg position+0.14
Sentiment-0.43

How AI describes Wiz3

wiz +2 Best overall options -------------------- * Gitleaks : Good balance of history scanning and prevention.

Which secret scanning tools are best at both detecting credentials in git history and preventing new secrets from being committed?

perplexityDirect Wiz mention
3. CI/CD & ASPM Layer (The Hard Stop) : Enforce deep, compilation-level scans using Checkmarx or an Application Security Posture Management platform like Wiz Code or Apiiro at the main branch level to generate compliance reports and maintain full governance.

Which security scanning platforms handle availability well so a critical fix can still ship even if the scanning service goes down temporarily?

google-ai-modeDirect Wiz mention
Wiz (via Wiz Code) : Wiz combines its native SCA engine and cloud-aware SAST with the ability to ingest and normalize external scan reports.

Which DevSecOps platforms handle vulnerability prioritisation well when there are hundreds of findings across multiple repositories?

google-ai-modeDirect Wiz mention

Most cited sources8

Alternatives in DevSecOps & Application Security6

Wiz holds the #1 CNAPP and CSPM ranking on G2 for multiple consecutive quarters and was named a Leader with the highest Current Offering score in the Forrester Wave CNAPP Q1 2026.

  • Its core differentiator is the Security Graph—a contextual engine that correlates risks across code, cloud, identities, and runtime to surface 'toxic combinations' (attack-path-level risk chains) rather than flat vulnerability lists.
  • This graph-based, agentless architecture enables faster deployment and broader multi-cloud coverage than most peers.
  • Now part of Google Cloud since March 2026, Wiz is positioned as the 'code-to-cloud' security standard for enterprise, trusted by 50%+ of Fortune 100.
  • Against CNAPP peers like Aqua Security, Wiz competes on breadth and ease of consolidation; against AppSec-first tools like Snyk and Checkmarx, it competes on cloud infrastructure context; against platform players like CrowdStrike and Palo Alto Networks, it competes on agentless simplicity and cloud-native depth.
View category comparison hub

Reviews

4.7/5G2·776+4.7/5Gartner Peer Insights·94+

Praised

  • Agentless deployment and fast time-to-value (hours not days)
  • Comprehensive multi-cloud visibility across AWS, Azure, GCP, and Kubernetes
  • Security Graph and toxic combinations cutting alert noise
  • Contextual risk prioritization over raw CVE severity scores
  • Intuitive, visually clear UI accessible to non-security teams
  • Strong customer support and responsive technical account managers
  • Unified CNAPP consolidating CSPM, CWPP, CIEM, DSPM in one platform
  • Enabling collaboration between security and development teams

Criticized

  • High premium pricing, cost-prohibitive for smaller organizations
  • Limited native SAST and SCA code scanning depth versus dedicated AppSec tools
  • Reporting largely limited to CSV export formats
  • Alert noise and duplicate alerts in large-scale environments
  • No manual scan trigger for real-time, on-demand assessments
  • Fine-grained access control gaps in enterprise multi-team setups
  • Non-transparent pricing model requiring sales engagement for quotes
  • Limited professional and managed services offerings

Wiz earns strong ratings across major review platforms, scoring 4.7/5 on G2 (776 reviews) and 4.7/5 on Gartner Peer Insights (94 verified reviews as of December 2024), with a 95% willingness-to-recommend score in the Gartner report. Users consistently praise the agentless deployment speed, comprehensive multi-cloud visibility, and the Security Graph's ability to cut alert noise by surfacing only actionable attack paths. Reviewers highlight how the unified platform enables security and development teams to collaborate in a shared context. Criticisms center on premium pricing, limited native SAST/SCA depth, restricted reporting formats (CSV-only), and occasional alert noise in large-scale deployments. Wiz was named the G2 #1 Cloud Detection and Response (CDR) solution in Winter 2025 with a 98% satisfaction score, 8% higher than the next vendor.

Pricing

Wiz does not publish standard pricing; all contracts are custom-quoted based on cloud workload count, feature modules selected, and contract term. Third-party procurement data (Vendr) indicates contract values ranging from approximately $24,000 to $354,350 per year, with a median around $111,500. Entry-level coverage for ~100 workloads is estimated at ~$24,000/year. Add-on modules—container security, DSPM, CDR (Wiz Defend), and Wiz Code—are priced incrementally or bundled. Multi-year commitments and module bundling typically yield meaningful discounts. Wiz is also available via AWS Marketplace with custom private-offer pricing. Perceived by users as premium-tier; free trials and demos are available on request.

Limitations

  • Premium, workload-based pricing (estimated $24K–$354K/year) is cost-prohibitive for SMBs; no transparent public pricing is published.
  • Native SAST and full SCA code scanning capabilities are limited compared to dedicated AppSec tools such as Checkmarx or Snyk, leaving teams reliant on external tools for deeper application-layer coverage.
  • Reporting is largely confined to CSV export formats with limited executive summary templates.
  • Alert noise and duplicate alerts under different categories can surface in large environments.
  • Fine-grained access control and on-demand manual scan triggering have been cited as gaps by users.
  • Professional and managed services offerings are limited compared to broader platform vendors.
  • Coverage for on-premises and hybrid environments is minimal.
  • Some users note perceived innovation slowdown post-Google acquisition.

Frequently asked questions

Topic Coverage

Capability4/5DevEx5/5Integrations &Ecosystem5/5Performance &Reliability5/5Setup & First Run4/5

Prompt-Level Results

Brand citedCompetitor citedNot cited
PromptGemini SearchPerplexityChatGPTGoogle AI ModeGrok
Capability4/5 cited (80%)

Which SAST tools have the lowest real-world false positive rates and the best tooling for managing them at scale?

What tools cover SAST, DAST, and SCA in one platform — and which do teams use to cover all three vulnerability types without tool sprawl?

Which secret scanning tools are best at both detecting credentials in git history and preventing new secrets from being committed?

Which application security platforms go beyond known CVEs to detect logic-level vulnerabilities and misconfigurations?

Which software supply chain security tools detect malicious packages, not just known vulnerable versions?

Developer Experience5/5 cited (100%)

Which DevSecOps platforms handle vulnerability prioritisation well when there are hundreds of findings across multiple repositories?

Which security scanning tools are best at reducing noise so developers actually act on alerts instead of ignoring them?

Which application security tools offer the best IDE-native experience vs. CI-only scanning — and what are the tradeoffs for developer adoption?

What security tooling do teams typically use for managing findings across dozens of repositories from a single security engineer workflow?

Which application security platforms are best at communicating vulnerabilities to developers in an actionable way rather than just generating noise?

Integrations & Ecosystem5/5 cited (100%)

Which application security tools integrate natively into the pull request workflow so findings can block or warn on merges?

Which DevSecOps tools integrate best with SIEM platforms for correlating app security findings with infrastructure events?

Which DevSecOps platforms have the best two-way integration with ticketing systems for tracking vulnerability remediation end to end?

Which security scanning platforms have the best support for SBOM generation workflows for compliance and audit requirements?

What cloud security posture management tools integrate well with container and orchestration platform security scanning?

Performance & Reliability5/5 cited (100%)

Which security vendors update their vulnerability databases fastest after major CVE disclosures like Log4Shell?

Which security scanning platforms handle availability well so a critical fix can still ship even if the scanning service goes down temporarily?

Which runtime application security tools have the lowest production overhead and are safe to run on high-traffic services?

Which application security scanning tools are fastest at scale and least likely to slow down PR pipelines as the codebase grows?

Which enterprise application security platforms scale best when scanning thousands of repositories across multiple teams?

Setup & First Run4/5 cited (80%)

What secrets management tools are best for a small startup team to ensure developers never commit credentials to the repo?

I'm rolling out a software composition analysis tool across an engineering org — which platforms have the smoothest onboarding for large teams?

Which SAST tools integrate into an existing CI pipeline without slowing down developer velocity?

What are the best software supply chain security tools for a polyglot monorepo with Node.js, Python, and Go services?

What are the best container image scanning tools that catch vulnerabilities before images are pushed to production?

Strengths5

  • Which SAST tools integrate into an existing CI pipeline without slowing down developer velocity?

    Avg # 2.0 · 1 platform

  • What are the best container image scanning tools that catch vulnerabilities before images are pushed to production?

    Avg # 3.7 · 3 platforms

  • Which runtime application security tools have the lowest production overhead and are safe to run on high-traffic services?

    Avg # 4.0 · 1 platform

  • Which secret scanning tools are best at both detecting credentials in git history and preventing new secrets from being committed?

    Avg # 4.0 · 1 platform

  • Which security scanning platforms have the best support for SBOM generation workflows for compliance and audit requirements?

    Avg # 4.7 · 3 platforms

Gaps5

  • Which DevSecOps platforms handle vulnerability prioritisation well when there are hundreds of findings across multiple repositories?

    Competitors on 4 platforms

  • Which software supply chain security tools detect malicious packages, not just known vulnerable versions?

    Competitors on 3 platforms

  • Which SAST tools have the lowest real-world false positive rates and the best tooling for managing them at scale?

    Competitors on 2 platforms

  • Which security scanning tools are best at reducing noise so developers actually act on alerts instead of ignoring them?

    Competitors on 2 platforms

  • Which DevSecOps platforms have the best two-way integration with ticketing systems for tracking vulnerability remediation end to end?

    Competitors on 2 platforms

Vertical Ranking

#BrandPres.SoVDocsBlogMent.PosSentiment
1Endor Labs36.0%20.8%0.0%35.2%31.2%#19.6+0.28
2Wiz32.0%16.2%0.0%0.0%29.6%#20.5+0.24
3Checkmarx28.0%17.3%2.4%2.4%27.2%#24.0+0.28
4Snyk24.0%15.8%5.6%9.6%22.4%#31.4+0.24
5Jit18.4%6.3%0.0%0.0%16.0%#15.5+0.21
6Veracode12.0%8.3%1.6%6.4%12.0%#27.2+0.27
7Semgrep10.4%7.0%3.2%4.0%9.6%#45.6+0.33
8SonarSource6.4%2.6%0.0%0.8%6.4%#24.8+0.19
9Aqua Security5.6%1.8%0.0%0.0%4.8%#32.8+0.23
10GitGuardian4.8%3.7%0.8%4.0%3.2%#24.4+0.10
11Socket0.8%0.2%0.0%0.0%0.8%#20.0+0.00
12Chainguard0.0%0.0%0.0%0.0%0.0%

Turn this into your team dashboard

Sign up to unlock project-level analytics, daily tracking, actionable insights, custom prompt configurations, adoption tracking, AI traffic analytics and more.

Get started free