AI hasn’t just changed how we build — it has fundamentally changed how risk emerges.

AI applications are dynamic, interconnected systems — combining models, agents, tools, data, and infrastructure across code, cloud, and runtime.

To unlock the full value of these systems, organizations are connecting them to production environments, granting access to sensitive data, and enabling them to take action across their systems.This is where risk is introduced.

Most approaches still analyze infrastructure, identity, and applications in isolation — leaving teams without the context needed to identify real risk. 

Today, we’re introducing the Wiz AI Application Protection Platform (AI-APP) — designed to secure AI applications end-to-end, with the context needed to understand real risk and act on it.

The Context Gap in AI Security

Security teams are left trying to answer:

• Where AI applications are running across my environment?

• What are their capabilities - what can they actually do? 

• Which of these actually represent real, exploitable risk?

• Can I detect and respond to threats across these AI applications in time?

Because AI risk doesn’t live in a single layer.

It emerges when systems interact — across models, agents, tools, infrastructure, and data.

Consider a customer-facing AI chatbot connected to internal tools and data systems.

An attacker discovers an authentication bypass vulnerability — a common issue in rapidly built, “vibe-coded” applications — and uses it to inject a prompt, manipulating the agent into taking unintended action.

From there, the system behaves exactly as designed — but with unintended consequences.

Each part of this activity, on its own, can appear expected:

• the prompt is processed as a normal model interaction

• the agent executes code to retrieve sensitive data — a capability it was designed to perform

• the resulting access and data movement appear as valid cloud activity

It’s only when these are connected that the full AI attack path becomes clear.

Introducing Wiz AI-APP

The Wiz AI Application Protection Platform (AI-APP) brings together visibility, risk analysis, and runtime protection into a single, graph-powered platform — allowing teams to understand and secure AI systems as they actually operate. It is the natural evolution of the Cloud-Native Application Protection Platform (CNAPP) as organizations increasingly build AI-native applications.

This allows teams to move from understanding how AI systems are built, to identifying cross-layer risk, to detecting and responding to threats in real time — all in one place.

1. Visibility — Build a Complete AI Inventory

AI adoption spans managed services, SaaS platforms, and custom-built applications — creating blind spots across environments.

Wiz builds a complete inventory of AI applications using multiple detection methods across all of them:

• Managed platforms — deep integrations with services like AWS Bedrock, Azure AI, and Google Vertex AI

• SaaS AI ecosystems — visibility into platforms like OpenAI and tools such as Microsoft Copilot Studio

• Custom and self-hosted AI — code and workload analysis to identify frameworks, agents, and services running in your environment

A key part of this is the Wiz Workload Explainer — which uses AI to detect and analyze how your AI applications are built, translating custom implementations into clear components that deterministic scanning alone cannot identify.

This enables Wiz to map AI systems end-to-end regardless of their architecture — including models, agents, tools, and data flows. Our goal is to let teams build AI applications in the way that works best for them, while providing consistent security across all of it.

In the chatbot example, this means identifying the agent service, underlying model, connected tools, and the infrastructure it runs on — even when they are not explicitly defined.

👉 Explore more in our visibility deep dive.

2. Risk — Understand How Risk Emerges Across Layers

AI risk is not defined by a single issue — but by how multiple conditions come together.

Wiz connects signals across the layers that make up an AI application.

In the chatbot risk example, these include:

• Infra & Access — the AI agent is exposed through a public endpoint with an authentication bypass.

• Model & Guardrails — the agent runs on an AI Model hosted in a PaaS with misconfigured guardrails

• Data — the model was trained on sensitive data 

• Application —  the agent has tools that allow it to read and expose the sensitive data.

Individually, each layer may appear benign. Together, they define whether an attack is possible. 

A key part of this understanding is how deeply Wiz analyzes AI components. For example, Wiz identifies and classifies the tools an agent can use — such as:

• reading or exposing data

• executing code

• interacting with APIs

• modifying infrastructure

This is one example of how Wiz continuously deepens its understanding of AI-native risk over time. By correlating signals across layers, Wiz maps real, exploitable attack paths.

Wiz also maps AI risks to frameworks like the OWASP Top 10 for LLM Applications — helping teams prioritize issues in the context of real-world standards and compliance requirements.

👉 Explore more in our risk deep dive.

3. Runtime — Detect and Respond to AI Threats

AI systems are dynamic — and attacks unfold in real time.

Wiz provides threat detection across three complementary layers:

• Model activity — monitoring inputs, outputs, and prompt behavior

• Workload execution — tracking agent execution, tool usage, and system activity

• Cloud layer — observing identity usage, API calls, and infrastructure changes

In the chatbot scenario, this means:

• identifying the manipulated prompt at the model layer

• detecting code execution and behavior on the host container

• and tracking credential usage and downstream activity in the cloud

Because this telemetry is connected back to the full application context, teams can: detect threats earlier, understand whether activity represents real exploitation and prioritize response based on actual impact

👉 Explore more in our runtime deep dive

Extending AI Security beyond the Wiz platform

To extend this even further, Wiz integrates with leading WIN AI partners, bringing the intelligence of the AI security ecosystem into Wiz:

• Cloudflare and Wiz integrate to surface which AI application endpoints are protected by Cloudflare’s AI Security for Apps, highlighting what remains exposed so teams can reduce risk from prompt injection, PII leakage, and shadow AI.

• TrojAI and Wiz integrate to bring AI red teaming findings from TrojAI into Wiz, revealing vulnerabilities like jailbreaks, prompt injection exploits, and data leakage from your AI Endpoints. Wiz enriches these Findings with cloud context to surface attack paths to your AI application, helping teams prioritize exploitable risks.

• Pillar Security and Wiz integrate to bring black-box agentic red team assessments from Pillar into Wiz, highlighting vulnerabilities at public-facing AI endpoints. By correlating these findings with existing risks across the environment, teams gain visibility into exploitable paths and can focus remediation on high-impact issues.

From Insight to Action

Understanding risk is only part of the challenge.

Security teams need to operationalize it — turning insight into action across engineering, security, and platform teams.

Wiz enables teams to:

• prioritize real risk based on full context

• route issues to the right owners

• and drive remediation with clear, actionable guidance

This is powered by Wiz Agents — acting as force multipliers across the lifecycle:

• Red Agent identifies complex exploitable risk by reasoning like an attacker

• Green Agent determines what to fix and who owns it

• Blue Agent investigates threats and validates real impact

We are also extending this "insight to action" philosophy directly into the AI-SDLC. By injecting Security Graph context into AI development workflows, we enable agents to move beyond generic suggestions. Instead, they can automatically identify misconfigurations, prioritize fixes based on cloud-layer risk, and even perform real-time remediation before code is ever committed.

Secure AI at the Speed of AI

AI is changing how systems are built — and how attackers operate.

Security must evolve to match.

Wiz AI-APP is built for this new reality:

• cross-layer context to understand how AI risk actually emerges

• implementation-agnostic coverage across managed services, SaaS platforms, and custom-built applications

• and end-to-end visibility from code to runtime

Wiz AI-APP connects code, cloud, and runtime into a single platform — giving teams the context they need to understand and secure AI systems end-to-end.

Secure AI applications — from code to runtime.