Full Report
The new AI-powered remediation 2.0 combines the power of GenAI with the Wiz Research Team’s expertise in identifying cloud-native attack paths.
Analysis Summary
# Tool/Technique: AI-powered remediation 2.0 (Wiz Platform Feature)
## Overview
AI-powered remediation 2.0 is an enhancement to the Wiz cloud security platform designed to provide customers with granular, contextual, and strategy-specific instructions to actively remove identified risks (toxic combinations) in their cloud environments, significantly reducing Mean Time To Remediate (MTTR).
## Technical Details
- Type: Tool (Cloud Security Platform Feature)
- Platform: Cloud environments (AWS mentioned specifically, implying multi-cloud support)
- Capabilities: Leverages Generative AI (GenAI) combined with specialized security expertise (Wiz Research Team knowledge) to generate customized remediation guidance based on the user's chosen remediation strategy for complex risks.
- First Seen: Introduced in the context of this article (following the first version released earlier in the year).
## MITRE ATT&CK Mapping
This feature primarily relates to **Defensive** capabilities focused on mitigating threats rather than offensive TTPs used by adversaries, however, the underlying risks being addressed map to the defense tactics:
- **TA0001 - Initial Access** (Mapping to mitigating external exposure risks)
- **TA0006 - Credential Access** (Mapping to mitigating overly permissive principals)
- **TA0007 - Discovery**
- **TA0008 - Lateral Movement** (Mapping to mitigating toxic combinations that enable lateral movement)
- **TA0009 - Collection** (Mapping to mitigating access to sensitive data)
- **TA0011 - Command and Control**
*Note: As this is a defensive tool enhancement, direct offensive TTP mappings are context-dependent on the specific vulnerability/misconfiguration being remediated.*
## Functionality
### Core Capabilities
- **Contextual Guidance Generation:** Uses GenAI informed by the specific Wiz Issue context (risk factors constituting a toxic combination) and user-selected remediation strategy.
- **Toxic Combination Deconstruction:** Breaks down complex security issues (toxic combinations—e.g., vulnerable host + sensitive data access + external exposure) into discrete, actionable remediation steps targeting individual risk factors.
- **Strategy Selection:** Allows users to choose a remediation strategy (e.g., patch, scope down permissions) before instruction generation.
### Advanced Features
- **Expert Integration:** Integrates specialized knowledge from the Wiz Research Team into the GenAI prompt structure, ensuring high-quality, context-aware instructions tailored for cloud-native risks.
- **Multi-Format Output:** Can generate guidance as CLI commands, Infrastructure as Code (IaC) templates, or console instructions.
- **Risk Factor Specific Remediation:** Provides tailored guidance for distinct risk components like Vulnerabilities (e.g., patching via SSM agent), Unprotected Data Access, External Exposure removal, and Principal permission reduction.
## Indicators of Compromise
This feature is a risk remediation platform enhancement and does not generate traditional IoCs associated with active malware. Its output (remediation steps) aims to *remove* the potential for compromise.
- File Hashes: N/A
- File Names: N/A
- Registry Keys: N/A
- Network Indicators: N/A
- Behavioral Indicators: N/A
## Associated Threat Actors
This tool is used by security/cloud teams to *defend* against all threat actors seeking to exploit cloud vulnerabilities and misconfigurations.
## Detection Methods
This feature is a detection/remediation *tool*, not a technique to be detected. Its effectiveness is measured by the speed of remediation.
## Mitigation Strategies
The core purpose of the tool is mitigation/remediation:
- Prioritizing and resolving risk factors that form "toxic combinations."
- Choosing and executing specific remediation strategies (e.g., patching vulnerabilities, reducing effective permissions, restricting network exposure).
## Related Tools/Techniques
- AI-powered remediation (First version)
- General Cloud Security Posture Management (CSPM) tools that identify vulnerabilities and misconfigurations.
- Cloud Native Application Protection Platforms (CNAPP) features focused on Attack Path Analysis.