Wiz

Agentless CNAPP and CSPM solution that uses an AI-powered unified risk graph to correlate vulnerabilities, misconfigurations, exposed secrets, and identity risks across AWS, Azure, GCP, Kubernetes, and Snowflake. Prioritizes risks based on actual exploitability and blast-radius analysis rather than theoretical severity, enabling teams to remediate the 1% of issues that matter.

Operate Observe Secure

Visit website

Last reviewedMay 15, 2026

How we review

Overview

Wiz is an agentless cloud native application protection platform. SideScanning reads cloud configuration and workload disk state through provider APIs and snapshot mechanisms — no agents required — across AWS, Azure, GCP, Kubernetes, and Snowflake. From this data, Wiz builds a unified risk graph correlating vulnerabilities, misconfigurations, exposed secrets, and identity risks.

The differentiator is blast-radius prioritization: the risk graph identifies which findings are reachable via viable multi-step attack paths through the cloud estate, reducing large finding volumes to the small set with actual exploitability. The graph models relationships between cloud resources, network exposure, IAM permissions, and running workloads.

GenAI-powered investigation explains attack paths and remediation steps in natural language. Sales-only; no free tier.

Key Features

Agentless CNAPP: reads cloud configuration and workload disk state via provider APIs and snapshot mechanisms with no agents deployed and no impact on running workloads

Unified risk graph: correlates vulnerabilities, misconfigurations, exposed secrets, and identity risks into a single model mapping relationships between cloud resources, network exposure, and IAM permissions

Attack path analysis: identifies which findings are reachable via viable multi-step attack paths from the internet, reducing large finding volumes to the small set with actual exploitability

GenAI investigation: explains specific attack paths, contributing factors, and remediation steps in natural language; supports natural-language queries about the cloud estate

Cloud entitlement analysis (CIEM): maps IAM and cloud identity permissions to actual resource access to identify over-permissioned identities and potential lateral movement paths

Multi-cloud and Kubernetes coverage: AWS, Azure, GCP, Kubernetes clusters, and Snowflake in a unified risk model with cross-environment attack path correlation

Integrations

10 total

scm

GitHubGitLab

orchestration

Kubernetes

monitoring

Datadog

incident

PagerDuty

messaging

Slack

ci / cd

Terraform

cloud

AWSGCPAzure

Pricing

1 tier

Enterprise

Contact sales

Workload-based pricing; full CNAPP stack (CSPM + CWPP + CIEM + DSPM), agentless scanning, AI risk graph

Compare with similar tools

2 comparisons

Compliance

6 / 6 attested

SOC 2

HIPAA

GDPR

FedRAMP

PCI DSS

ISO 27001

Freshness

Heartbeatverified · 4d ago

Listings are re-verified on a recurring sweep. If the website 200s and pricing hasn't shifted since the last check, the heartbeat stays green.

UpdatedJun 18, 2026

What does AI Enhanced mean?

AI maturity is an independent editorial rating assigned by infraplz.dev — not a vendor self-claim. We assess how meaningfully each tool actually uses AI in production workflows, cutting through marketing copy.

AI NativeAI is the core product — the tool wouldn't exist without it.
AI EnhancedAI is a first-class feature that materially changes the workflow.
AI AdjacentAI features exist but are superficial or bolt-on additions.
AI MinimalNo meaningful AI features; listed as a critical platform engineering tool.

AboutSubmit a tool