How Wiz ‘Turns the Lights On’ to Secure Automated Code Fast

When an enterprise IT department believes it has everything locked down, it usually only takes a few minutes with Wiz to reveal the truth.

“When we plug in, we actually see hundreds of different AI technologies,” explains Alice Carlisle, Area Vice President for the UK and Ireland for Wiz, at Google Cloud Summit London.

“Organisations might think they’re only operating on specific guardrails but then we turn the lights on.”

Wiz – the cloud security company that was fully acquired by Google Cloud in March 2026 – shows the reality of Shadow AI, which is the unsanctioned use of AI tools or applications without approval or oversight of an IT department. 

According to Wiz’s data, 85% of their customers are already using AI coding agents in their live environments, often completely outside the purview of traditional centralised oversight.

The shadow AI explosion

The cloud transformation a few years ago allowed software engineering teams to move 10 times faster than ever before, effectively turning infrastructure into code. Today’s AI wave has amplified that velocity by orders of magnitude.

“Teams are moving a hundred times faster because they’re using code and copilots,” Alice notes. “But you also have vibe coding applications where someone in finance or marketing is building an app who have never been a developer. How do we help them secure that as well?”

This democratisation of software creation introduces visibility gaps. 

When non-technical employees assemble tools on the fly using frontier models, corporate data privacy can fall through the cracks. 

For Wiz, answering this challenge requires a return to foundational security pillars but adapted for an automated landscape: preparing the environment, deep scanning, prioritising risk via context and continuously monitoring the runtime.

To give security teams an accurate map of their architecture, Wiz developed its AI Application Protection Platform (AI APP), which tracks an organisation’s AI Bill of Materials to reveal exactly what frameworks, models and third-party extensions are active.

“AI risk is not defined by a single issue, but by how multiple conditions come together,” Alice adds. 

Fighting AI with AI

One of the steepest hurdles for modern CISOs is the shrinking zero-day clock. 

With attackers leveraging AI to uncover and exploit vulnerabilities at unprecedented speed, human engineering teams simply cannot triage the incoming noise fast enough.

The solution? Securing the agentic world with agents of your own.

“Winning AI with AI is what we talk about a lot,” Alice explains, “But we also have what we deem as the ‘homeground advantage”.

She continues: “As defenders, you have the context of the environment. You know what your crown-jewel applications are and you understand the business context. You have that head start to move even faster.”

To maximise this advantage, Wiz introduced a trio of specialised autonomous agents that work together as a continuous, internal security team:

• The Red Agent: Acts as an automated penetration tester, continuously probing the environment from the outside to see exactly what a malicious attacker would see
• The Blue Agent: Functions as an on-demand forensics expert, investigating live environment anomalies to determine what happened and where
• The Green Agent: Serves as the mediator and fixer, automatically generating remediation plans and including guardrails in developer workflows to fix vulnerabilities.

“Our red, blue and green agents work together as a continuous team,” Alice explains. “The red agent is like a pen testing team so it’s looking at the environment from the outside, what an attack would see. The things we found with our red agent, people couldn’t find before and it’s helping us string together different parts of the attack vector.

“Then the blue agent is like a forensics expert in your environment, really looking at what’s happened and where. And the green agent mediates.”

The business case for guardrails

For corporate boards and CFOs operating under -thin margins, justifying infrastructure investments before an AI project even launches can be difficult. However, the regulatory and operational risks of ignoring guardrails are increasingly costly.

Wiz addresses this by focusing on consolidation and time optimisation. Alice recalls an enterprise customer whose cloud security mapping was completely fractured:

“They thought they had a couple of hundred cloud accounts. They were manually calling up different teams in different countries around the world to understand what they were building. 

“Within three hours of connecting Wiz, they discovered they actually had over a thousand accounts. That’s how quickly you can turn the lights on.”

By mapping these disparate accounts, identities and vulnerabilities against real attack paths – such as checking if an exposed database contains personally identifiable information – Wiz aims to filter out false positives so developers can focus on fixing critical risks. 

By filtering out the noise, Wiz delivers high-fidelity data that engineers actually trust. That practical focus is why the platform’s user base has flipped.

According to Alice, over 50% of Wiz’s active users now sit within development and engineering teams rather than traditional security departments. 

Accelerating the transformation

Ultimately, robust security infrastructure is not designed to block corporate innovation, but to unleash it safely. 

Companies across the globe are identifying massive cost-saving AI use cases – from retailers optimising delivery routes to reduce emissions to financial institutions streamlining data processing.

But these initiatives stall out if leadership is terrified of prompt injections, model poisoning or compliance fines under strict frameworks like Europe’s AI Act or DORA.

“In order for businesses to feel confident putting AI into production, they need to know they can answer how they’re securing it,” Alice concludes. 

“Wiz underpins and accelerates these transformations. We help them move safely into production, rather than just talking about a concept they’re too unsure to launch.”