Security leaders must adopt a proactive stance by deploying offensive artificial intelligence (AI) tools against their own infrastructure before malicious actors can exploit them. This approach exploits the natural advantage defenders hold—context—by feeding AI models a wealth of internal knowledge that attackers lack. So says Yinon Costica, co-founder of Google-owned Wiz, who delivered a clarion call at Google Cloud Next in Las Vegas.
“The same AI model can obviously produce very different results based on the context that we feed into it,” Costica told attendees. “Now, attackers hopefully have much less context about us, while as defenders we do have a lot of context about our environments that we can share with the model.” He argued that this disparity gives defenders a unique window of opportunity to preemptively discover and fix vulnerabilities. “If, as defenders, we take the first movers’ advantage and we use the AI against ourselves, with the context we have, we actually stand a chance to win … But we need to act fast.”
The urgency stems from the accelerating speed of AI-driven attacks. Costica emphasized that time is of the essence: “We need to start using AI against ourselves as much as possible, whether it’s to scan attack surfaces, scan code, scan anything, in order to be the first one to see the results and not to wait for the bad guys to do it before us.” This mantra reflects a growing consensus among cybersecurity veterans that traditional reactive defenses are no longer adequate in an era where machine-speed attacks can bypass human-centric security controls.
The defender’s advantage: context and automation
Wiz, which was acquired by Google for $32 billion in March 2026 (the largest acquisition in Google’s history), is positioning itself as a unified security platform that can help enterprises stay ahead of threats. The company’s core argument is that defenders inherently possess more information about their own environments—such as network topology, application dependencies, user behavior patterns, and historical incident data—than any external attacker could gather. By feeding this rich contextual data into AI models, security teams can simulate attacks, identify weaknesses, and automate remediation workflows.
To operationalize this vision, Wiz unveiled three new AI agents at Google Cloud Next: red, green, and blue, named after the traditional human security teams they are designed to augment. These agents form an automated, autonomous layer that works around the clock, dramatically reducing the time between risk discovery and resolution.
The red agent: autonomous penetration testing
The red agent takes on the role of an offensive security specialist. It probes deep into the organization’s IT estate, scanning for potential exposures such as misconfigured application programming interfaces (APIs), end-of-life edge networking equipment, operational technology (OT) assets, and other attack vectors that might be overlooked by manual assessments. Once a target is identified, the agent runs penetration tests to verify exploitability and prioritize risk. This capability is particularly valuable for large, complex environments where continuous testing by human red teams would be cost-prohibitive or logistically impractical.
The green agent: automated triage and remediation
The green agent focuses on the triage process—a step that often consumes hours or days when performed by humans. It ingests findings from the red agent and other security tools, correlates them with threat intelligence, and automatically assigns severity scores and ownership. But green goes further: it can generate code fixes and deliver them to the appropriate development teams, even triggering redeployment pipelines. “It’s like living in the future in the eyes of security teams,” Costica remarked, “because it means that from the moment they find a risk, they can automate the process to find who owns it and deliver the code fix to complete and redeploy to production.”
The blue agent: continuous investigation
The blue agent acts as a detective, constantly investigating alerts and events across the environment. It correlates data from multiple sources—cloud logs, endpoint telemetry, network flows—to uncover suspicious patterns, verify incidents, and reduce false positives. By automating the investigative workload, the blue agent frees human analysts to focus on the most critical threats that require creative problem-solving or strategic decision-making. Together, the three agents create a closed-loop system where threats are discovered, analyzed, and neutralized with minimal human intervention.
Background: Wiz and the Google acquisition
The unveiling of these agents comes just over a month after Google finalized its $32 billion acquisition of Wiz, a deal that sent shockwaves through the cybersecurity industry. Wiz had already established itself as a leading cloud security posture management (CSPM) platform, known for its agentless scanning technology that provides visibility across multi-cloud environments including AWS, Microsoft Azure, Google Cloud Platform, and Oracle Cloud. The acquisition is intended to combine Wiz’s cloud-native security capabilities with Google’s AI expertise and global infrastructure, creating a unified security platform that can detect, prevent, and respond to emerging threats—especially those generated by AI.
“Stop worrying about evil AI and start using AI to defend,” is a recurring theme in Costica’s presentations. He believes that the same generative AI models that empower attackers can be turned into powerful defensive tools when wielded by security professionals who understand their own environments intimately. The key, he asserts, is acting first: “Hack yourself with AI before the bad guys do.”
Industry context: the rise of AI in cybersecurity
The cybersecurity industry is currently experiencing a paradigm shift driven by the rapid adoption of generative AI. Attackers are using AI to craft hyper-personalized phishing emails, generate polymorphic malware, and automate reconnaissance at scale. At the same time, defenders are scrambling to integrate AI into their tools to keep pace. According to recent research from Gartner, by 2027, 75% of enterprises will have adopted AI-based security tools, up from just 15% in 2024. The challenge, however, is that many of these tools remain siloed and lack the contextual awareness that Costica emphasizes.
Wiz’s approach is distinctive because it leverages the platform’s deep integration with a customer’s cloud environment. Instead of treating AI as a black box, Wiz’s agents are designed to work with the existing security operations workflows of red, green, and blue teams. This aligns with the industry trend toward “security as code” and “agentic security,” where AI agents take on specific roles and collaborate to achieve security outcomes. Wiz is not alone in this space—companies like CrowdStrike, Palo Alto Networks, and SentinelOne are also developing AI agents—but Wiz’s cloud-centric focus and Google’s backing give it unique advantages in data integration and compute scale.
Expanded capabilities beyond the agents
In addition to the three AI agents, Wiz announced several other enhancements that reinforce its commitment to securing the AI-native development lifecycle. Among them are tools for scanning “vibe coded” applications—applications built by AI-suggested code snippets—for security flaws. As developers increasingly rely on AI code assistants, the risk of introducing vulnerabilities grows. Wiz’s AI code scanning automatically detects issues in generated code and suggests remediations.
Another capability is the AI Bill of Materials (AI BOM), which tracks the use of shadow AI components, such as open-source models and third-party AI services, that developers might incorporate without formal approval. This extends the concept of a software bill of materials (SBOM) to the AI supply chain. Additionally, Wiz has updated its integration with Google Security Operations and Mandiant Threat Defense, providing human analysts with enriched threat intelligence and automated correlation.
On the platform side, Wiz continues to support multi-cloud environments, including AWS, Azure, and Oracle Cloud, and now also supports Databricks, AWS Agentcore, Microsoft Azure Copilot Studio, Salesforce Agentforce, and the Gemini Enterprise Agent Platform. It also maintains integrations with external security ecosystems such as Google Cloud Apigee, Cloudflare AI Security for Apps, and the Vercel platform. This broad compatibility ensures that enterprises can adopt Wiz’s AI agents without disrupting existing investments.
Challenges and the path forward
Despite the promise of AI-driven defense, Costica acknowledged that speed remains a significant challenge. “As speed becomes ever more of the essence in cyber security, this would be a challenge for defenders,” he said. However, he expressed confidence that the tools to achieve this speed are rapidly becoming available. The key is for organizations to move quickly from experimentation to operationalization. “We need to act fast,” he repeated.
The cybersecurity community is watching closely to see how Wiz’s AI agents perform in real-world deployments. Early adopters report that the red agent alone has reduced the time to discover critical vulnerabilities by over 80%, while the green agent has slashed mean time to remediate (MTTR) from weeks to hours. The blue agent, meanwhile, has cut false-positive rates by nearly half through its continuous learning algorithms. These metrics, if sustained, could redefine industry benchmarks for security operations.
The implications extend beyond individual organizations. If more defenders embrace the “hack yourself first” philosophy, the overall cost and impact of cyberattacks could decrease. Attackers, once accustomed to exploiting low-hanging fruit, would find their targets hardening at machine speed. This could force a recalibration of the cybercriminal economy, making attacks more expensive and less profitable.
Ultimately, Wiz’s message at Google Cloud Next is one of empowerment. By combining the contextual advantage that defenders inherently possess with the power of generative AI, security teams can transform from reactive firefighters into proactive architects of resilience. The three new agents are a tangible step toward that future, but the real work lies in changing organizational mindsets. As Costica succinctly put it, “Hack yourself with AI, before the bad guys do.”
Source: ComputerWeekly.com News