4+ hour, 17+ min ago   (953+ words) SREs combine software engineering with operations expertise to automate reliability, reduce manual toil, and respond quickly to incidents to minimize outage duration and customer impact. The SRE role differs from DevOps through its focus on measurable reliability targets like SLOs,…...

1+ day, 4+ hour ago   (414+ words) Wiz Research's AI Cyber Model Arena benchmarks offensive AI security on 257 real-world challenges (zero-days, CVEs, API/web, and cloud across AWS/Azure/GCP/K8s) demonstrating what AI models and agents can really do We are excited to launch the AI Cyber…...

1+ week, 2+ day ago   (105+ words) A Case Study of Vulnerabilities in AI Agents'wiz.io A Case Study of Vulnerabilities in AI Agents This talk will present Jack's original security research into vulnerabilities in AI agents. Spanning prompt injections, broken authentication, and more, this will feature…...

1+ week, 4+ day ago   (1119+ words) 1 exposed database. 35,000 emails. 1.5M API keys. And 17,000 humans behind the not-so-autonomous AI network. Moltbook, the weirdly futuristic social network, has quickly gone viral as a forum where AI agents post and chat. But what we discovered tells a different story - and…...

2+ week, 9+ hour ago   (632+ words) A look back at the cloud security investigations and vulnerabilities that defined the year, from AI breakthroughs to supply chain shifts. In 2025, the lines between cloud, AI, and software supply chains continued to blur. Wiz Research spent the year tracking…...

2+ week, 1+ day ago   (1295+ words) Wiz Research teamed up with Irregular, a frontier AI security lab, to settle this once and for all. Autonomous AI agents are increasingly being deployed for offensive security tasks. These models can scan codebases in seconds, identify misconfigurations at machine…...

2+ week, 4+ day ago   (1080+ words) UVM prioritizes vulnerabilities using exploitability and cloud context, not CVSS alone. A vulnerability becomes an exploitable exposure when an attacker can reach it (externally via the internet or internally via lateral movement) and the compromised workload has sufficient privileges or…...

2+ week, 4+ day ago   (1069+ words) Moving beyond simple checklists to visualize, map, and block attacks on production SDLC infrastructure. SITF is an open framework designed to protect the "producers" - the organizations creating software. It maps attacks across the five pillars of your SDLC infrastructure: Endpoint…...

4+ week, 1+ day ago   (1432+ words) Wiz Research discovered a critical supply chain vulnerability that abused a CodeBuild misconfiguration to take over key AWS GitHub repositories - including the JavaScript SDK powering the AWS Console. Wiz responsibly disclosed all findings to AWS, who promptly remediated the issue....

1+ mon, 6+ day ago   (1494+ words) In this article, we'll look at 14 open-source application security tools (listed in no particular order) "including SCA, secrets scanning, and application security testing tools "to help teams evaluate open-source options across common AppSec use cases. See how Wiz code unifies…...