Full Report
How Wiz brings visibility, context, and continuous defense to the new era of intelligent automation.
Analysis Summary
# Tool/Technique: Wiz AI Security Posture Management (AI-SPM)
## Overview
Wiz AI-SPM is an extension of Wiz's agentless Cloud Native Application Protection Platform (CNAPP) foundation designed to bring visibility, context, and continuous defense to environments utilizing intelligent automation, specifically AI agents across the cloud. Its purpose is to help security teams manage the risks introduced by AI agents, including understanding their location, access permissions, capabilities, and compliance posture.
## Technical Details
- Type: Security Platform / Framework (Focused on Posture Management)
- Platform: Cloud environments (Major Clouds, self-hosted architectures), encompassing AI services, models, and integrations.
- Capabilities: Agentless discovery, inventory management (AI BOM), attack surface mapping, configuration validation, risk correlation via the Security Graph, and alignment with AI security best practices (e.g., OWASP LLM Top 10).
- First Seen: Context implies a contemporary solution addressing the new era of AI adoption (Date mentioned in article: November 4, 2025, reflective of ongoing product updates/publication context).
## MITRE ATT&CK Mapping
Since Wiz AI-SPM is a security solution designed to *defend* against risks and misconfigurations related to AI agents rather than being the attack tool itself, direct mapping to attack techniques ($T$). However, the posture checks address potential adversarial techniques:
- **[T1550 - Use Alternate Authentication Material]** (Addressed via analysis of agent identities/access)
- **[T1078 - Valid Accounts]** (Addressed via monitoring and validating agent access/permissions)
- **[T1562 - Impair Defenses]** (Guardrail verification related to configuration hardening)
## Functionality
### Core Capabilities
- **Visibility & Discovery:** Agentless identification of AI footprint (services, models, integrations), including Model Context Protocol (MCP) connections.
- **AI Bill of Materials (AI BOM):** Inventory of all AI software, SDKs, libraries, and dependencies.
- **Agent Inventory View:** Visualization of agents, models, tools, and associated data/capabilities.
- **Misconfiguration Enforcement:** Baseline validation for security configurations (identity/CIEM, logging) across AI platforms (e.g., Bedrock, Vertex AI, OpenAI).
- **Guardrail Verification:** Confirmation that provider-native protections (like AWS Bedrock Guardrails) are correctly enabled for inputs and outputs.
### Advanced Features
- **Attack Surface Mapping:** Uncovers external-facing AI endpoints, validates exposure, and maps them to workloads via the Wiz Security Graph.
- **Contextual Correlation (Security Graph):** Connects AI findings (agents, data, workloads) to reveal real attack paths.
- **DSPM for AI:** Extends Data Security Posture Management to AI training/inference pipelines to find unprotected datasets or over-permissive data access.
- **OWASP LLM Alignment:** Built-in policies addressing risks like prompt injection, data poisoning, and insecure output handling.
## Indicators of Compromise
*This summary focuses on the security posture management tool itself, not malware. Therefore, typical IoCs are not applicable for the defense tool.*
- File Hashes: N/A (Platform)
- File Names: N/A (Platform)
- Registry Keys: N/A (Platform)
- Network Indicators: N/A (Platform)
- Behavioral Indicators: N/A (Platform)
## Associated Threat Actors
The tool targets environments used by organizations deploying AI automation, thus defending against various threats that might exploit AI agents or their configurations. No specific threat actors are listed as *using* this defense tool.
## Detection Methods
As a security platform designed for detection and posture management, its "detection" methods are its core features based on scanning and analyzing cloud configurations and workloads.
- Signature-based detection: Applicable via configured policies matching known insecure configurations or deployed software versions.
- Behavioral detection: Achieved via mapping attack paths and correlating risks across the Security Graph.
- YARA rules if available: YARA rules would be used internally or by the platform to identify specific artifacts within the AI stack (e.g., malicious libraries detected via AI BOM scanning).
## Mitigation Strategies
The entire function of AI-SPM is mitigation through continuous assurance:
- **Prevention Measures:** Enforcing secure configuration baselines; verifying robust guardrails on AI platforms.
- **Hardening Recommendations:** Identifying and remediating misconfigurations related to identity, access management (CIEM), logging, and sensitive data exposure targeted by AI agents. Implementing fixes for prompt injection and data poisoning risks identified via OWASP LLM alignment.
## Related Tools/Techniques
- CNAPP (Cloud Native Application Protection Platform)
- DSPM (Data Security Posture Management)
- Model Context Protocol (MCP) Security
- Dynamic Scanning (Used to validate external exposure)