Become a Client
 
Fernando Montenegro

Can Cloudflare and Wiz Close the AI Security Visibility Gap?

Can Cloudflare and Wiz Close the AI Security Visibility Gap?

Analyst(s): Fernando Montenegro
Publication Date: April 17, 2026

Cloudflare has announced a partnership with Wiz, now part of Google Cloud, to combine AI application security at the network edge with cloud-native risk mapping into a single operational view. The integration reflects a growing market need to connect AI endpoint discovery and protection as enterprises deploy AI-powered features faster than security teams can govern them.

What is Covered in This Article:

  • Cloudflare’s partnership with Wiz to unify AI application security
  • The shadow AI problem confronting enterprise security teams
  • How edge-level detection integrates with cloud risk graph mapping
  • Implications of Wiz’s operational independence under Google Cloud
  • Enterprise demand for integrated security over fragmented point tools

The News: Cloudflare, Inc. (NYSE: NET) announced on April 14, 2026, a partnership with Wiz, now part of Google Cloud, to integrate Cloudflare’s AI Security for Apps into the Wiz Security Graph. The integration is designed to give security teams a unified view of AI-powered applications across web properties, cloud infrastructure, and connected data sources, addressing the growing challenge of identifying and securing AI endpoints deployed without central oversight.

The joint offering enables Cloudflare’s service to inspect traffic to large language model (LLM) endpoints for vulnerabilities such as personally identifiable information (PII) leakage, prompt injection, and restricted topics, while Wiz maps AI applications, models, and data stores into its graph-based view of cloud assets. “AI is the most transformative technology we’ve seen in a generation, powering countless capabilities. But for a majority of businesses, it can be a black box,” said Tom Evans, Chief Partner Officer at Cloudflare. The integration does not require additional agents or custom workflows, with Cloudflare’s detections running inline on its global network.

Can Cloudflare and Wiz Close the AI Security Visibility Gap?

Analyst Take: The Cloudflare-Wiz partnership represents a structural response to the reality that AI application security requires both real-time traffic enforcement and deep infrastructure context, capabilities that no single vendor currently delivers alone.

By connecting edge-level detection with cloud-native risk mapping, the integration targets the operational gap that leaves security teams unable to see which AI endpoints exist, which are protected, and which have access to sensitive data. The approach is interesting because it positions Cloudflare AI security as a telemetry layer that operates across models and hosting platforms, rather than being tied to a specific LLM vendor or cloud provider.

This model-agnostic and host-agnostic stance is a deliberate architectural choice that aligns with the multi-cloud, multi-model reality most enterprises either now operate within or want to move towards. The question going forward is whether this integration can deliver actionable risk prioritization at scale, or whether it becomes another data source in an already crowded security operations environment.

Cloudflare’s Edge Position Creates a Natural AI Inspection Layer

Cloudflare occupies a privileged position in the application traffic path, with its global network sitting between users and the AI-powered services they interact with. This positioning allows Cloudflare to observe and inspect requests to LLM endpoints without requiring organizations to deploy additional agents or rearchitect their infrastructure.

The AI Security for Apps capability runs detections in parallel across Cloudflare’s network, analyzing traffic for real-time detection of prompt injection attempts, PII leakage, and custom-defined restricted topics. This inline approach means that security enforcement happens at the point of interaction rather than after the fact, reducing the window between an attack and a response. For organizations operating at scale, the absence of additional latency or architectural changes significantly lowers the barrier to adoption.

The implication is that Cloudflare’s existing network footprint gives it a structural advantage in becoming a key inspection layer for AI application traffic.

Wiz’s Operational Independence Adds Strategic Credibility

The partnership is also interesting in part because it signals that Wiz continues to operate independently following its acquisition by Google Cloud, maintaining integrations with vendors that compete directly with Google’s own security offerings. For enterprise buyers evaluating Wiz, this independence is a critical factor in determining whether the platform can serve as a neutral security graph across multi-cloud environments. The integration with Cloudflare, itself a competitor to Google Cloud in several infrastructure categories, reinforces the message that Wiz’s value proposition remains tied to the breadth of coverage rather than alignment with a single cloud provider. This matters because the common sentiment across enterprises is that they want to retain the freedom to deploy AI workloads across multiple cloud environments and model providers, making vendor neutrality a practical requirement rather than a philosophical preference. Wiz’s graph-based approach maps AI applications alongside the infrastructure, identities, and data stores that power them, creating a contextual view that isolated tools cannot replicate. A key consideration here is that Wiz’s ability to sustain cross-platform partnerships under Google Cloud ownership will be a defining test of whether the acquisition preserves or constrains the platform’s market position.

Integration Matches Enterprise Demand for Consolidated Security Workflows

The Cloudflare-Wiz integration directly addresses a pattern visible in enterprise security operations: teams have accumulated point products for code, cloud, identity, and data, but lack a coherent view of how AI applications connect those environments. By surfacing Cloudflare’s AI security rules, including detections for prompt injection, PII exposure, and unsafe content, within the Wiz Security Graph, the integration allows security teams to prioritize remediation based on exploitability rather than treating all alerts equally.

According to Futurum’s Cybersecurity DecisionMaker survey, API security and governance ranks as the top application security concern, closely followed by managing new security risks from AI, GenAI, or agentic flows and securing cloud-native and containerized applications. These priorities underscore the relevance of the Cloudflare-Wiz integration, which directly addresses the intersection of API-level AI endpoint protection and cloud-native application security.

Figure 1: Top 5 Key Challenges in Application Security

Can Cloudflare and Wiz Close the AI Security Visibility Gap

This risk-based prioritization is operationally significant because it converts detection data into actionable workflows without requiring security teams to correlate findings across separate dashboards. The integration also validates guardrail status, flagging AI deployments where Cloudflare protections may be missing or misconfigured and directing teams to remediate within the Cloudflare platform. This closed-loop approach, from discovery through verification to remediation, reflects a shift from monitoring-centric security to outcome-oriented risk management.

What to Watch:

  • Whether the integration drives measurable adoption among joint Cloudflare and Wiz customers, or remains a reference architecture without significant production deployment.
  • How Wiz’s continued operational independence under Google Cloud evolves, particularly as Google expands its own AI security capabilities.
  • How key security vendors, such as Palo Alto Networks, Cisco, Fortinet, CrowdStrike, and SentinelOne, among many others, respond with their approach to comparable AI endpoint discovery and protection capabilities.
  • How enterprise security teams balance the operational benefit of consolidated AI security views against the complexity of managing cross-vendor integrations.
  • Whether regulatory and governance frameworks for AI application security formalize the kind of endpoint discovery and guardrail verification this integration provides.

See the full press release on Cloudflare’s partnership with Wiz announcement on the company website.

Declaration of generative AI and AI-assisted technologies in the writing process: This content has been generated with the support of artificial intelligence technologies. Due to the fast pace of content creation and the continuous evolution of data and information, The Futurum Group and its analysts strive to ensure the accuracy and factual integrity of the information presented. However, the opinions and interpretations expressed in this content reflect those of the individual author/analyst. The Futurum Group makes no guarantees regarding the completeness, accuracy, or reliability of any information contained herein. Readers are encouraged to verify facts independently and consult relevant sources for further clarification.

Disclosure: Futurum is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of Futurum as a whole.

Other Insights from Futurum:

The AI ‘Tragedy of the Commons’ and the Future of Agentic Security

SentinelOne’s Identity Catch-Up Tests Its Endpoint-Led Platform Story

Fortinet’s FortiOS 8.0 Pushes Secure Networking Toward AI Governance

Author Information

Fernando Montenegro

Fernando Montenegro serves as the Vice President & Practice Lead for Cybersecurity & Resilience at The Futurum Group. In this role, he leads the development and execution of the Cybersecurity research agenda, working closely with the team to drive the practice's growth. His research focuses on addressing critical topics in modern cybersecurity. These include the multifaceted role of AI in cybersecurity, strategies for managing an ever-expanding attack surface, and the evolution of cybersecurity architectures toward more platform-oriented solutions.

Before joining The Futurum Group, Fernando held senior industry analyst roles at Omdia, S&P Global, and 451 Research. His career also includes diverse roles in customer support, security, IT operations, professional services, and sales engineering. He has worked with pioneering Internet Service Providers, established security vendors, and startups across North and South America.

Fernando holds a Bachelor’s degree in Computer Science from Universidade Federal do Rio Grande do Sul in Brazil and various industry certifications. Although he is originally from Brazil, he has been based in Toronto, Canada, for many years.

Related Insights
How Big A Role Will Commvault Play In Securing Agentic AI?
April 17, 2026
 

How Big A Role Will Commvault Play In Securing Agentic AI?

Fernando Montenegro and Brad Shimmin, VPs at Futurum, analyze Commvault's new offerings—Data Activate, AI Protect, and AI Studio—and their strategic role in securing enterprise agentic AI ecosystems against rising competition....
Fernando Montenegro
Brad Shimmin
 & 
Can Starburst's AIDA Crack the Enterprise AI Data Access Problem?
April 17, 2026
 

Can Starburst’s AIDA Crack the Enterprise AI Data Access Problem?

Starburst's AIDA represents a fundamental shift in how enterprises approach AI data access. Rather than centralizing data, agentic AI systems reason across distributed sources, addressing accuracy concerns and accelerating AI...
Brad Shimmin
Enterprise Procurement
April 15, 2026
 

GitHub Copilot’s Compliance Breakthrough: Enterprise Procurement Barriers Fall, Not Just Features Added

GitHub Copilot's US/EU data residency and FedRAMP Moderate compliance remove enterprise barriers, enabling adoption across government agencies and regulated industries while shifting focus to compliance infrastructure....
Mitch Ashley
AI Platform
April 15, 2026
 

Can AgentExchange Cement Salesforce’s Lead in the Agentic AI Platform Race?

Salesforce's AgentExchange relaunch unifies its marketplace strategy around agentic AI, signaling a major shift in how enterprises deploy AI agents and AI platforms....
Alex Smith
ClickHouse Builds a CLI to Make its Databases Agent-Native
April 15, 2026
 

ClickHouse Builds a CLI to Make its Databases Agent-Native

Brad Shimmin, VP and Practice Lead at Futurum, explores Cloudera’s latest hybrid data platform updates. He analyzes how the Hybrid Multi-Cloud Fabric and Iceberg REST Catalog are designed to reduce...
Brad Shimmin
Does Horiemon Ai's Simplicity Signal a New Minimalist Trend in Web AI?
April 15, 2026
 

Does Horiemon Ai’s Simplicity Signal a New Minimalist Trend in Web AI?

Horiemon Ai's deliberately minimal web application—displaying only 'Hello'—challenges the prevailing enterprise AI trend toward complexity. Futurum Group analyst explores what this simplicity signals about future design and adoption strategies....

Welcome to The Futurum Group

Login to The Futurum Group
Login to Futurum Intelligence Platform
Login to Futurum Labs Research Library

Book a Demo

Newsletter Sign-up Form

Get important insights straight to your inbox, receive first looks at eBooks, exclusive event invitations, custom content, and more. We promise not to spam you or sell your name to anyone. You can always unsubscribe at any time.

All fields are required






Thank you, we received your request, a member of our team will be in contact with you.