Analyst(s): Fernando Montenegro
Publication Date: November 11, 2025
What is Covered in this Article:
- Wiz’s inaugural Wizdom event took place last week, featuring new product announcements, such as Attack Surface Management, M365 integration, and generative AI agents for remediation and SecOps.
- Wiz’s core platform strategy is evolving, with the Security Graph growing into an open “knowledge-layer” using the Model Context Protocol (MCP) to provide context for AI.
- Wiz’s roadmap is built on its “Horizontal Security” vision, expanding its “all-around” view from code to runtime, and it appears to resonate with enthusiastic customers, with testimonials mentioning a significant reduction in vulnerability backlogs.
The Event – Major Themes & Vendor Moves: Wiz held its inaugural Wizdom event in New York City, framing it as a focused gathering of approximately 300 customers and partners. The event took place against the significant external backdrop of its pending $32 billion acquisition by Google; just before the event, U.S. regulators had granted an “early termination” of their antitrust probe, clearing a major (though not final) hurdle for the deal. This context, however, was not mentioned on stage.
Wiz co-founder and CTO Ami Luttwak kicked off the main stage, reinforcing the company’s core vision of expanding its Security Graph. He framed the day’s theme as harnessing the “wisdom of the crowd”—drawing on the collective experience of its customer community to shape the platform’s evolution. Luttwak was followed by New York State’s Chief Cybersecurity Officer, Colin Ahern, who set the market context by describing a “convergence” of threat actors where AI serves as an “accelerator.” A subsequent session on innovation featured Sequoia Capital’s Doug Leone and Check Point’s new CEO, Nadav Zafrir. Leone predicted the “violent” AI shift will “redo the cyber market”, while Zafrir reinforced his company’s ongoing “best of breed” partnership with Wiz.
The core product announcements were delivered in a joint “Wiz Platform Keynote”. The main “trick” was the launch of a new Attack Surface Management (ASM) offering, designed to provide an “outside-in” view that scans on-prem, SaaS, and cloud assets and connects those external findings back to the internal graph. Other platform expansions included an integration with Microsoft 365, new AI SDLC capabilities to secure AI models, and agentless workload detection. The expanded graph now powers the launch of Wiz’s first generative AI assistants, the “Wiz Issues” agent (for remediation) and the “Wiz SecOps” agent (for investigations).
These new offerings were showcased in a live demo led by Jiong Liu, VP of Product Marketing. Known for its irreverent branding, the demo was centered on a fictional “CISOtopia” store selling “Labubu” dolls. The day was heavily structured around customer presentations, and it concluded with a forward-looking keynote from CMO & VP Product Strategy, Raaz Herzberg, who conjured a roadmap focused on building more AI agents for code, compliance, and cloud use cases.
At Wizdom 2025, Wiz Presents a Broader Vision of Cloud Security
Analyst Take: The inaugural Wizdom event held a consistent theme of articulating Wiz’s broader vision, while supported by numerous customer testimonials on stage. From its inception, the company’s “magic” has been its Security Graph—the idea that deep, correlated context is the key to managing cloud risk effectively. Our main takeaway from the day is that Wiz is not pivoting or reacting to the AI hype; it is systematically executing its original vision. The new announcements are logical extensions of that graph, designed to enable what the company calls “Horizontal security”—a move away from siloed, “Vertical” security teams for Dev, Sec, and Ops toward a shared context plane for all.
The Graph Becomes a “Knowledge Layer” via MCP
For the past few years, the concept of “context” in cloud security has meant prioritization. It’s the “so what” that tells you a vulnerability is critical because it’s public-facing, has high permissions, and touches sensitive data. What we saw at Wizdom was the pivot from this context-for-prioritization to context-as-a-knowledge-layer.
This isn’t just a high-level concept; it’s a concrete, productized strategy. The foundation for Wiz’s AI play is its Wiz MCP Server. This offering is Wiz’s implementation of the Model Context Protocol (MCP), an open standard first introduced by Anthropic. This is a significant move. Instead of building a proprietary, black-box AI, Wiz is building what one speaker called a “USB-C port for AI applications”. This standardized protocol allows any MCP-compatible AI agent (whether it’s Wiz’s, a developer’s custom bot, or one from a partner) to query the Wiz Security Graph for “instant context (one API, everything)”.
The new “Wiz Issues” and “Wiz SecOps” agents, which were demonstrated live, are essentially the first applications built on this. Customers validated this approach on stage. In a session on “Modernizing the SOC,” a security leader from a large cloud-native company described AI’s real potential as compressing the timeline for an analyst’s orientation. This task is entirely dependent on context.
From “Inside-Out” to “All-Around”: The Roadmap
Wiz initially achieved success in the market with its agentless, “inside-out” approach. The closing keynote provided a visually detailed roadmap to offer an “all-around” view. The new Attack Surface Management (ASM) offering is the “outside-in” piece, but the “Deeper into…” section of the closing session revealed the full picture. The strategy is to add deep context across multiple domains:
- Code: Moving deeper into SAST, “Code flows” for reachability analysis, and a new “Code agent”.
- Infrastructure: Expanding scans to SaaS, Private Cloud, and on-prem assets alongside public cloud.
- Application: Focusing on Network and API context and understanding app-level exposures.
- Data: Tackling “Shadow data,” using AI for classification, and “enabling data ownership democratization”.
This “scan everything, connect everything” mandate was further reinforced by announcements of an integration with Microsoft 365 and agentless workload detection for virtual appliances, which were previously opaque to the graph.
The “Democratization” of Security, in Practice
“Democratizing security” has been a vendor cliché for a decade, but we saw evidence of that on stage. A CISO from a large insurance and risk management firm was blunt, stating this is a people problem first. Her key move was to eliminate the dedicated “cloud security” team, a significant cultural shift that forces cloud to become a core proficiency for all security functions.
This is where the platform seems to act as a crucial enabler. A product security leader from a global financial services company shared powerful metrics, including a “reduction of false positives by 75%” and an “86% decrease” in their vulnerability backlog. These results, they claimed, “drastically improved” the relationship between security and developers. The team now integrates Wiz findings directly into Jira tickets with AI-generated remediation guidance, making security an easier part of the developer workflow, as an example of the “Horizontal security” model in practice.
The “Best of Breed” Bet and the Google Question
The entire event was, of course, shadowed by the (unspoken) Google acquisition. The day felt like a “business as usual” push, demonstrating platform momentum. The on-stage presence of Check Point’s CEO was a powerful signal, endorsing an “open platform” and “best of breed” model.
This “open” strategy was the day’s loudest theme, visually represented by the “WIN” (Wiz Integration Network) partner program. The session was also reinforced by the fact that it put competing hyperscalers (AWS and Google) on the same stage, and, most importantly, the strategic adoption of the open-standard Model Context Protocol. Wiz is deliberately positioning itself as the “Switzerland” of cloud security—the essential, neutral, “best of breed” context layer. This leaves us with the central question: Has Wiz worked its magic? Can it maintain this neutral identity and momentum inside the Google hyperscaler machine?
What to Watch:
Wiz’s “Horizontal security” and “open platform” bet is a clear strategic move as it prepares for a (likely) future inside Google. This strategy, especially its rapid expansion into new domains, leads to important topics to follow around its execution and the market’s reaction:
- How will Wiz maintain its “Switzerland” status and “best of breed” identity, including its “WIN” partnerships, once it is a formal part of the Google Cloud organization?
- As Wiz expands “Deeper into…” new areas like Code, Data, and Runtime, how will its core knowledge graph and ontology evolve to absorb these new, disparate data types without just becoming a “data lake”?
- Will Wiz’s “context-aware” offerings in areas like SAST and DSPM prove more valuable to customers than best-in-class, specialist tools, even if the pure-play offerings have deeper features?
- Wiz’s “Horizontal Security” model is compelling, but its success depends on customers breaking down their own internal silos. How many organizations are culturally ready to eliminate their “cloud security” team, as one customer speaker did, and truly democratize security?
Wiz has released more information about releases on its website.
Declaration of Generative AI and AI-assisted Technologies in the Writing Process: While preparing this work, the author used AI capabilities from both Google Gemini and Futurum’s Intelligence Platform to summarize source material and assist with general editing. After using these capabilities, the author reviewed and edited the content as needed. The author takes full responsibility for the publication’s content.
Disclosure: Futurum is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of Futurum as a whole.
Other insights from Futurum:
Alphabet’s Proposed Acquisition of Wiz Shifts Cloud Security Landscape
The Urgency of Securing the Software Supply Chain – Report Summary
Security Summer Camp: Black Hat 2025, Def Con, And Others
Image Credit: Wiz
Author Information
Fernando Montenegro serves as the Vice President & Practice Lead for Cybersecurity & Resilience at The Futurum Group. In this role, he leads the development and execution of the Cybersecurity research agenda, working closely with the team to drive the practice's growth. His research focuses on addressing critical topics in modern cybersecurity. These include the multifaceted role of AI in cybersecurity, strategies for managing an ever-expanding attack surface, and the evolution of cybersecurity architectures toward more platform-oriented solutions.
Before joining The Futurum Group, Fernando held senior industry analyst roles at Omdia, S&P Global, and 451 Research. His career also includes diverse roles in customer support, security, IT operations, professional services, and sales engineering. He has worked with pioneering Internet Service Providers, established security vendors, and startups across North and South America.
Fernando holds a Bachelor’s degree in Computer Science from Universidade Federal do Rio Grande do Sul in Brazil and various industry certifications. Although he is originally from Brazil, he has been based in Toronto, Canada, for many years.
