Since 2009, Grammarly has set the standard for AI assistance, supporting millions of users and thousands of organizations in brainstorming, composing, and enhancing communication that moves work forward. However, as the company transitioned from a consumer-focused platform to an enterprise-grade solution, Grammarly’s security framework needed to evolve.
Building trust with larger organizations meant scaling security strategies to meet stringent enterprise demands while maintaining the developer velocity that gives Grammarly its edge. “Our engineering teams are constantly building new services, which means keeping their systems secure is hard to do manually,” says Giles Douglas, Grammarly’s Chief Information Security Officer. “We needed to understand and analyze the infrastructure and architecture, and we needed a toolchain that could make this repeatable.”
This vision first led Grammarly to adopt Wiz, which transformed the company’s approach to cloud visibility, vulnerability detection, and secure-by-design workflows. But as operations expanded through acquisitions, heightened security complexity, and the need to automate routine tasks, Grammarly needed an additional layer of expertise.
Looking to scale past conventional processes and focus efforts on innovation, Grammarly leveraged the Model Context Protocol (MCP) Server for Wiz. MCP is an open standard introduced by Anthropic that creates connections between companies’ data sources and AI-powered tools. The Wiz MCP was released as part of Wiz's AI efforts, helping security teams harness large language models (LLMs) to work smarter and more efficiently.
On its journey from consumer products to a robust B2B offering, Grammarly implemented Wiz to gain unified visibility and actionable intelligence across cloud assets, vulnerabilities, and potential risks. But as the company continued to innovate, even these enhanced workflows required streamlining.
Like many security teams, Grammarly needed to balance increasing data and security challenges while providing its lean security engineering team with agile tools. To address these growing demands, Grammarly initially experimented with building an in-house MCP-powered solutions. While functional, this approach was resource-intensive and didn’t address broader needs.
When Grammarly’s security team evaluated the MCP Server for Wiz, however, it discovered new opportunities to go from reactive to proactive. By integrating MCP servers with LLMs using natural language queries and subsequently with Multi Agent Systems, Grammarly once again redefined its security strategy.
When adopting Wiz MCP, Grammarly followed a key best practice: Start with a high-impact, easy-to-automate problem. The team first focused on solving one of its core challenges — tier-1 incident triage — which allowed the team to test and optimize workflows without overcomplicating its initial deployment. This incremental and iterative approach became a blueprint for their success.
The team began using tools like Claude Desktop and the Wiz MCP servers with custom prompt templates to automate repeatable standard processes. With these prompts, a typical triage flow begins with a Jira ticket, which automatically retrieves issue details and analyzes the context using Wiz. The next step in their orchestration involved integrating the Wiz MCP into an AI agented workflow via the LangGraph framework, combined with other tools that access the internal knowledge base and communication systems, thereby fully orchestrating and automating the triage process.
When appropriate, the AI workflow proposed additional actions or steps, drastically reducing manual effort to triage security events. This streamlined process cut investigation time from 30-45 minutes to a maximum of four minutes per ticket, an efficiency boost of nearly 90%.
Grammarly then refined its AI workflows by feeding it real-world organizational data and fine-tuning prompts. Over time, the team expanded the system's role beyond incident triage to include threat hunting, detection engineering, and building threat intelligence and knowledge for agents. By tailoring LLMs for specific tasks, Grammarly optimized performance across use cases.
“Building AI workflows is a bit like training a new chef in the kitchen,” says Thijn Bukkems, Threat Hunting Lead at Grammarly. “At first, you might only let them make the pizza dough, while you handle shaping, topping, and baking it yourself. As they get better and you gain confidence in their abilities, you gradually delegate more—maybe next you let them shape the dough too, and you review the results. Over time, as your assistant continues to improve based on your feedback, you can trust them with more steps until eventually they can make the whole pizza on their own.”
Wiz’s natural language querying and contextual awareness also allow AI Workflows to assist in crafting detection logic for new vulnerabilities. Using MCP to map vulnerable paths and validate findings has paved the way for automation in areas traditionally reliant on manual inputs.
By integrating Wiz MCP into its security processes, Grammarly discovered new possibilities for automation and efficiency while enhancing the quality of its investigations. Beyond accelerating incident response workflows, the team uses Wiz MCP to automate repetitive tasks like cross-referencing resources and checking logs, giving engineers richer insights without missing out on key anomalies.
Security engineers now spend less time on routine monitoring, enabling them to focus on exploratory tasks and strategic planning. And as Grammarly scaled its business operations, these systems helped mitigate engineer overwhelm by reducing ticket volume. Instead of manually combing through countless tickets, even newer team members can rely on the AI workflows to provide quick, comprehensive context.
“AI workflows with Wiz MCP connectivity ensure our minimum level of triage is the same high standard our systems maintain consistently,” explains Igor Tarpan, Security Engineer at Grammarly. “It helps new engineers by gathering and synthesizing data in ways that save hours of manual work.”
By starting with focused use cases, iterating through real-world data, and embracing automation incrementally, Grammarly has set an example for how to scale security operations without sacrificing flexibility or precision. And this is just the beginning. With plans to expand into advanced threat hunting, offensive security, and knowledge-driven intelligence, Grammarly is staying proactive in its approach to AI-augmented security.
“We are no longer buried in operational toil,” Tarpan explains. “Wiz tools are enablers of strategic thinking, allowing our security engineers to focus on solving tomorrow’s challenges instead of yesterday’s incidents.”
As security threats continue to grow in sophistication, Grammarly has been quick to understand that automation is essential to longevity. Here are the core principles that helped Grammarly unlock a new era of efficiency, innovation, and resilience in cybersecurity:
Start small and iterate: Don't strive for end-to-end automation immediately. Begin with high-impact, easy-to-automate problems and continuously refine your approach using real-world data.
Prioritize expertise: Focus on problems where your team has existing subject matter expertise. This allows you to effectively guide the LLMs and ensure the quality of their output.
Embrace human-in-the-loop: Begin with human-guided processes and gradually increase automation. The goal is to move from manual effort to human-reviewed stages, where the LLM performs the analysis and a person makes the final decision.
Shift from tactical to strategic: By automating routine tasks, you can empower your team to move beyond daily "firefighting" and focus on strategic planning, threat hunting, and building better systems.
“When it comes to automating cybersecurity, don’t let perfection be the enemy of good,” Bukkems says. “You don’t need to automate every piece for it to deliver value. Even a single use case can drive major efficiency gains.”
Grammarly’s journey with the Wiz MCP Server shows how targeted automation can deliver outsized impact—cutting response times, boosting efficiency, and freeing teams to focus on high-value work. By starting small, iterating, and keeping humans in the loop, they’ve built a scalable approach to security that’s both practical and forward-looking. The MCP Server is currently available for Wiz customers in the integration portal, or the AWS marketplace. Details are accessible through our documentation.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。