News
Ghost Approval: AI Coding Assistant Trust Boundary Flaw | Wiz Blog
3+ hour, 39+ min ago (1695+ words) Uncovering a category-level blind spot in modern AI coding assistants, and why the Human-in-the-Loop safety model fails against this classic threat The value of AI coding assistants is simple and straightforward: the agent proposes an action, then you approve. Before…...
Nipro Digital Technologies Europe case study | Wiz
1+ day, 18+ hour ago (852+ words) To scale its medical software securely on Microsoft Azure, Nipro Digital Technologies Europe replaced fragmented tools with the Wiz Go bundle. By unifying code-to-cloud visibility and eliminating alert noise, the Dev Ops team minimized operational overhead, streamlined healthcare compliance, and…...
Kubernetes Clusters: A Security Review | Wiz
1+ week, 1+ day ago (1555+ words) A Kubernetes cluster is a group of machines (a control plane plus worker nodes) that run containerized applications at scale Misconfigurations, unpatched images, and overly permissive RBAC are the most common paths attackers use to compromise clusters Runtime threats can…...
The Red Agent POV: Exploiting Broken Object-Level Authorization in an Airline Graph QL API | Wiz Blog
1+ week, 2+ day ago (625+ words) Part 2: How the Red Agent bypassed backend resolvers to expose an entire airline booking database in fifteen minutes Broken Object-Level Authorization occurs when an application fails to validate whether a user has the required permissions to access a specific object…...
Uncovering Hidden Attack Paths in Cloud Environments Using Runtime Signals | Wiz Blog
1+ week, 6+ day ago (767+ words) Wiz now layers runtime signals into the Security Graph, exposing hidden attack paths to give security teams a complete picture of risk. Getting comprehensive visibility into your cloud environment starts with agentless inventory and risk analysis. Wiz builds a complete…...
Apache 2. 0 License Guide For Cloud Security Teams | Wiz
3+ week, 5+ day ago (990+ words) Apache 2. 0 is fully commercial-friendly: no royalties, no copyleft, no obligation to open-source your code. The explicit patent grant and retaliation clause make it significantly safer for enterprise use than MIT. Automate your SBOM generation, SCA scanning, and license gates in…...
State of SDLC Security 2026 | Wiz
1+ mon, 1+ week ago (188+ words) How software reuse, automation, and AI are reshaping risk across the SDLC. Across ecosystems, dependency adoption follows a power-law distribution, where a relatively small set of packages appears across a disproportionate share of organizations. As a result, weaknesses in widely…...
State of SDLC Security 2026: How Risk Scales | Wiz Blog
1+ mon, 1+ week ago (465+ words) Insights from real-world environments into how code, developer tooling, automation, and AI are reshaping application security. In our 2026 State of SDLC Security report, we analyzed real-world development environments, public repositories, and production telemetry to understand how application risk is evolving…...
durabletask: Team PCP's Latest Py Pi Compromise | Wiz Blog
1+ mon, 2+ week ago (396+ words) Discover the latest on malicious versions of the pypi package durabletask, matching Team PCP tactics. The supply chain campaign linked to Team PCP continues with the compromise of durabletask v1. 4. 1, v1. 4. 2, and v1. 4. 3. Durable Task is the official Microsoft Python client for the…...
Introducing Runtime Threat Detection for Google Cloud Run | Wiz Blog
1+ mon, 2+ week ago (477+ words) Wiz Runtime Sensor support for Google Cloud Run Containers is now generally available, giving teams real-time threat detection and response for their serverless container workloads. Today, we're excited to announce that Wiz Runtime Sensor support for Google Cloud Run Containers…...