AI applications are fundamentally different
AI applications are no longer single, limited systems. These are ecosystems of models, agents, tools, and cloud services that operate across multiple environments, often without clear boundaries that define where an “AI application” begins and ends.
This changes visibility in two basic ways.
AI systems evolve after deployment
Agents can dynamically expand their functionality over time. For example, you can discover and add new tools and skills without redeployment. That is, the system running tomorrow may not be the same as the system observed today.
AI behavior is permission dependent and non-deterministic
Depending on the context, an agent granted system access may choose an innocuous ls -l command or perform privileged sudo actions. This behavior cannot be fully inferred from the code alone.
For security teams, this creates a new reality.
To protect AI, organizations must be able to answer two fundamental questions:
Where is AI running in your environment?
What exactly is an AI application?
Visibility requires a new model
Traditional security visibility was built for predictable systems. Infrastructure can be inventoried, applications are relatively static, and behavior can be inferred from deployment or code.
AI changes that equation.
All traditional approaches capture only part of the picture, but none can account for complete AI applications.
Why traditional visibility is inadequate:
-
Cloud detection refers to infrastructure, not AI logic — Resources are identified, but not how models, agents, and tools are combined into an AI system.
-
Code analysis looks at intent, not execution context — Repositories reveal the usage of AI, but not the identities, permissions, and connected services that shape its actual behavior.
-
Runtime signals indicate activity, not functionality — Execution data reflects what happened, not potential access or architectural risks.
-
Traditional discovery relies on centralized deployment of AI rather than rapid and decentralized use. — AI adoption is happening across teams and AI services, from external model providers to co-pilots and beyond, creating blind spots that traditional detection approaches cannot uncover.
Each signal provides insight, but none answers the core question.
What is my AI application? How will it be built and work across my environment?
Visibility can no longer depend on a single vantage point, such as cloud infrastructure, repository scanning, or runtime logs. AI systems span managed platforms, custom agents in code, SaaS AI services, and dynamic workflows.
For a clear picture of AI, visibility needs to tie these signals together into a single, accurate inventory.
How Wiz delivers complete visibility into AI
AI visibility cannot rely on a single detection method. Each approach reveals only a partial view of the AI system.
Modern AI applications are assembled across code, cloud platforms, SaaS services, and dynamically evolving workflows. Understanding them requires multiple perspectives. Wiz approaches AI discovery by correlating multiple signals and building a unified understanding, regardless of how and where AI systems are deployed.
Rather than assuming a single architecture, Wiz combines complementary detection layers, each of which reveals a different part of an AI application.
Code level detection
Wiz analyzes repositories and application code to uncover built-in AI usage, including frameworks, model integration, agents, and connectivity tools. This allows custom-built AI applications to be viewed even if they are not viewed as dedicated cloud services.
Agentless cloud discovery
Managed AI services and AI-enabled infrastructure are decisively discovered directly from the cloud environment without runtime agents, providing visibility into deployment context and how AI systems are exposed and connected across accounts.
AI Workload Explainer — Intelligent translation layer
Custom AI applications are not standardized. Workload Explainer uses AI to discover and analyze how AI applications are built, turning custom implementations into distinct components that cannot be identified by deterministic scans alone.
Discovering models through call logs
Model call activities provide reliable execution signals. AI models act as natural chokepoints. Agents may be built in different languages, architectures, or environments, but when an agent interacts with an organizational model, that interaction is observable. By analyzing call logs, Wiz identifies active AI systems and dynamically assembled behavior that cannot be fully revealed through static analysis alone.
Runtime detection via network and motion signals
Network and behavioral signals can help surface shadow AI usage, newly connected services, and external AI interactions such as remote MCPs that are invisible to traditional detection methods.
By correlating these signals, Wiz provides implementation-agnostic visibility and operates consistently across environments including managed AI platforms (such as AWS Bedrock and Google Vertex AI), SaaS AI services (such as OpenAI), custom agents built into your code, and partner ecosystem integrations. Check out our documentation for more information on each platform.
The result is a continually updated understanding of what AI systems actually exist in all the environments in which they operate.
How is AI visualization achieved?
Wiz continuously discovers AI components and surfaces them in an integrated form. AI inventory, Give your team a clear view of where AI resides across your environment.
These components are also automatically grouped. service, By giving your team a clear view of AI products with ownership and accountability, you help security understand who is responsible for each AI system, rather than viewing disconnected assets.
Exploring AI inventory
AI Inventory organizes visibility into the core components that make up modern AI applications, helping teams understand adoption without having to manually track implementations across environments.
model
See all models used across managed platforms, SaaS integrations, and custom deployments. Understand where AI capabilities are deployed in your environment and how your models are used.
Agents, tools and MCP servers
understand how AI agent Learn how to do it and what tools or MCP-connected systems you can access. Wiz reveals capabilities and integrations so teams can see how their AI systems scale, connect, and take action.
guardrail
View effective protections and applied filters across your AI applications, along with any missing or misconfigured guardrails. This helps teams understand how AI behavior is managed across the environment.
identity
See which cloud and application identities power your AI systems and which identities in your environment can access them. This gives you visibility into how AI actions are approved and executed across your environment.
Introduction of AI tools (use by developers)
Understand which AI development tools and assistants are used across your team, from IDE CoPilot to CLI and application integration. By uncovering real-world developer AI usage, Wiz helps organizations identify emerging adoption patterns and discover potential shadow AI activity early.
Visibility is the foundation of AI security
Once AI systems are fully discovered and mapped, organizations will finally be able to understand how AI applications are built and where responsibilities and risks actually lie.
That visibility enables the next stage of AI security, revealing postural risks such as: Externally exposed AI agents with access to sensitive data; Detection of runtime threats such as Suspicious AI-driven database writes that may indicate misuse or compromise.
In the next post in this series, we’ll explore how teams can use this visibility to understand and mitigate AI risks while continuing to securely deploy AI across their environments.
