Security leaders must deploy offensive AI cyber tools into their systems before attackers attack, leveraging the benefits of natural defenders to gain an advantage and increase the likelihood of surviving a cyber attack.
Inon Kostica, co-founder of Google-owned Wiz, said: Speaking at Google Cloud Next in Las Vegas, he argued that defenders can use AI to defeat attackers by leveraging a less obvious advantage: context.
“The same AI model can produce significantly different results based on the context you feed it,” Kostka says. “While attackers want much less context about us, as defenders we have a lot more context about the environment that we can share with our models.
“If we as a defender take the first move and use the AI against us, we have a real chance of winning depending on the situation… but we need to act quickly,” he said.
“We need to start using AI against ourselves as much as possible: scanning the attack surface, scanning the code, scanning everything so we can see the results before anyone else, without waiting for the bad guys to do it before we do.”
As speed becomes increasingly important in cybersecurity, Kostica acknowledged that this is a challenge for defenders, but noted that tools to achieve this are rapidly becoming available. To help with this, Wiz announced three new AI agents (red, green, and blue) at Google Cloud Next. These agents are named after the human cyber teams they are designed to assist.
“What agents can do for us is actually reach the next level of acceleration. [and] It’s about automating security tasks,” Kostica said.
Red Agent is designed to aid Red Teams in their penetration testing efforts by digging deep into an owner’s IT assets to identify potential exposures such as application programming interfaces (APIs), end-of-life edge networking kits, and operational technology (OT) assets and perform penetration tests on them. Green agents automate triage processes that would take a long time for humans. Finally, the blue agent plays the role of a detective, performing investigative tasks that would be time-consuming for human teams.
“These three agents work together to form an autonomous and automated layer. It’s not revolutionary in that it’s closely aligned with the way security teams have worked for years, but it allows teams to automate their workflows,” Kostka said.
“From a security team’s perspective, this is like living in the future, because from the moment you discover a risk, you can automate the process of finding its owner, complete the code fix, and redeploy it to production.”
A little more than a month after the $32 billion acquisition of Wiz, Google’s largest acquisition to date, closed, both organizations have reaffirmed their commitment to delivering a unified security platform that helps customers detect, prevent, and respond faster to threats, especially emerging threats created using AI, while retaining the Wiz brand.
They also claim that their combined capabilities will accelerate the adoption of multicloud security and increase confidence in innovation around cloud and AI. Wiz’s products will continue to be available on other platforms including Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud. We also announced support for Databricks and agent studios such as AWS Agentcore, Microsoft Azure Copilot Studio, Salesforce Agentforce, and of course the Gemini Enterprise Agent Platform, continuing to support the security ecosystem with integrations with outer cloud layers such as Google Cloud Apigee, Cloudflare AI Security for Apps, and the Vercel platform.
Behind the scenes, Wiz has also updated how security detections from Wiz Defend integrate with Google Security Operations and Mandiant Threat Defense to make the work of human analysts easier.
And we announced new features to ensure AI-native adoption cycles. These include scanning for vibe-coded application issues. AI-generated code scanning and vulnerability remediation. Agent-based remediation allows teams to automate remediation workflows. AI Bill of Materials (AI-BOM) to stay on top of your shadow AI usage for coding.
