Security leaders should be turning offensive AI cyber tools on their own systems before threat actors do, exploiting the innate defenders’ advantage to attain the high ground and increase their chances of withstanding a cyber attack.
So says Yinon Costica, co-founder of Google-owned Wiz, who, speaking at Google Cloud Next in Las Vegas, argued that defenders can win against attackers by using AI to exploit an advantage that may not appear obvious at first glance, that of context.
“The same AI model can obviously produce very different results based on the context that we feed into it,” said Costica. “Now, attackers hopefully have much less context about us while as defenders we do have a lot of context about our environments that we can share with the model.
“If, as defenders, we take the first movers’ advantage and we use the AI against ourselves, with the context we have, we actually stand a chance to win…. But we need to act fast,” he said.
“We need to start using AI against ourselves as much as possible, whether it’s to scan attack surfaces, scan code, scan anything, in order to be the first one to see the results and not to wait for the bad guys to do it before us.”
As speed becomes ever more of the essence in cyber security, Costica conceded that this would be a challenge for defenders – but noted that the tools to do this are rapidly becoming available. To try to help, Wiz unveiled three new AI agents at Google Cloud Next – red, green and blue – which are named for the human cyber teams they are designed to help.
“What agents allow us to do is really to get to the next level of acceleration [and] automation of security work,” said Costica.
The red agent is designed to assist red team penetration testing work by probing deep into its owners’ IT estate, identifying potential exposures, such as application programming interfaces (APIs), end-of-life edge networking kit or operational technology (OT) assets, and runs penetration tests on them. The green agent follows on by automating the triage process, something that can take ages for humans. Finally, the blue agent acts as a detective, doing the investigative work that can also be a lengthy process for human teams.
“These three agents together form a layer that is autonomous and automated. Its not revolutionary in that it aligns closely to how security teams have been working for many years, but now it allows each team to automate their workflows,” said Costica.
“It’s like living in the future in the eyes of security teams because it means that from the moment they find a risk, they can automate the process to find who owns it and deliver the code fix to complete and redeploy to production.”
A little over a month on from the closure of the $32bn acquisition of Wiz – Google’s largest purchase to date – the two organisations reaffirmed their commitment to providing a unified security platform, retaining Wiz’s brand, that will enhance the speed with which customers detect, prevent and respond to threats, especially emerging ones created using AI.
They duo also claim their combined capability will accelerate adoption of multicloud security and spur more confidence in innovation around cloud and AI. Wiz’s products are also to continue to be made available across other platforms, including Amazon Web Services (AWS), Microsoft Azure and Oracle Cloud. It also announced support for Databricks and agent studios like AWS Agentcore, Microsoft Azure Copilot Studio, and Salesforce Agentforce, as well as Gemini Enterprise Agent Platform of course, and continues to support security ecosystems with integrations to the outer layer of the cloud, including Google Cloud Apigee, Cloudflare AI Security for Apps, and the Vercel platform.
Behind the scenes, Wiz has also updated how it integrates security detections from Wiz Defend with Google Security Operations and Mandiant Threat Defence to make life easier for human analysts.
And it announced new capabilities to secure the AI-native deployment cycle. These include scanning vibe coded applications for issues; AI-generated code scanning and vulnerability remediation; agent-based remediation allowing teams to automate remediation workflows; and an AI bill of materials (AI-BOM) to keep on top of the use of shadow AI for coding.
