Security leaders should be turning offensive artificial intelligence (AI) cyber tools on their own systems before threat actors do, exploiting the innate defenders’ advantage to attain the high ground and increase their chances of withstanding a cyber attack.
So says Yinon Costica, co-founder of Google-owned Wiz, who, speaking at Google Cloud Next in Las Vegas, argued that defenders can win against attackers by using AI to exploit an advantage that may not appear obvious at first glance, that of context.
“The same AI model can obviously produce very different results based on the context that we feed into it,” he said. “Now, attackers hopefully have much less context about us, while as defenders we do have a lot of context about our environments that we can share with the model.
“If, as defenders, we take the first movers’ advantage and we use the AI against ourselves, with the context we have, we actually stand a chance to win … But we need to act fast,” said Costica.
“We need to start using AI against ourselves as much as possible, whether it’s to scan attack surfaces, scan code, scan anything, in order to be the first one to see the results and not to wait for the bad guys to do it before us.”
The defenders' contextual advantage
Costica’s argument hinges on a fundamental asymmetry in cybersecurity: defenders possess deep, granular knowledge of their own infrastructure, applications, and workflows. Attackers, by contrast, operate with limited visibility, often relying on reconnaissance techniques that can be thwarted if defenders proactively expose and remediate weaknesses. By feeding AI models with rich contextual data from internal systems, security teams can simulate attack scenarios that are far more realistic than generic penetration tests. This approach not only uncovers hidden vulnerabilities but also predicts how emerging threats might materialize in specific environments.
The pace of modern cyberattacks has accelerated dramatically, driven by AI-powered tools that can automate scanning, exploit generation, and lateral movement. Costica acknowledged that defenders must match or exceed that speed. “As speed becomes ever more of the essence in cyber security, Costica conceded that this would be a challenge for defenders – but noted that the tools to do this are rapidly becoming available,” the original article reported.
Wiz's new AI agents: Red, Green, Blue
To help organizations implement this proactive strategy, Wiz unveiled three AI agents at Google Cloud Next, each named after the traditional human cyber teams they support. The red agent is designed to assist red team penetration testing by probing deep into its owners’ IT estate, identifying potential exposures such as application programming interfaces, end-of-life edge networking equipment, or operational technology assets. It then runs automated penetration tests against those findings, simulating attacker behavior with machine speed.
The green agent follows by automating the triage process, which often consumes significant human effort when prioritizing and categorizing vulnerabilities. By correlating findings with asset criticality and exploitability, the green agent reduces the time from discovery to action. Finally, the blue agent acts as a detective, performing investigative work that can be tedious and slow for human teams. It correlates logs, alerts, and network telemetry to piece together attack chains and identify root causes.
“These three agents together form a layer that is autonomous and automated,” said Costica. “It’s not revolutionary in that it aligns closely to how security teams have been working for many years, but now it allows each team to automate their workflows.
“It’s like living in the future in the eyes of security teams because it means that from the moment they find a risk, they can automate the process to find who owns it and deliver the code fix to complete and redeploy to production.”
Context of the Google acquisition
The announcement comes just over a month after Google closed its $32 billion acquisition of Wiz, the largest purchase in Google’s history. The two organizations have reaffirmed their commitment to providing a unified security platform that retains Wiz’s brand while enhancing the speed with which customers detect, prevent, and respond to threats, especially those generated using AI. The combined capability aims to accelerate multi-cloud security adoption and foster greater confidence in cloud and AI innovation.
Wiz’s products continue to be available on other cloud platforms, including Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud. The company also announced support for Databricks and agent studios such as AWS Agentcore, Microsoft Azure Copilot Studio, and Salesforce Agentforce, as well as the Gemini Enterprise Agent Platform. It continues to support security ecosystems with integrations to outer cloud layers, including Google Cloud Apigee, Cloudflare AI Security for Apps, and the Vercel platform.
Integration with Google Security Operations
Behind the scenes, Wiz has updated how it integrates security detections from Wiz Defend with Google Security Operations and Mandiant Threat Defence to streamline workflows for human analysts. This integration ensures that when the AI agents identify a risk, the relevant threat intelligence and incident response capabilities are automatically invoked, reducing manual handoffs and improving response times.
Securing the AI-native deployment cycle
Wiz also announced new capabilities to secure the AI-native deployment cycle. These include scanning vibe-coded applications for vulnerabilities, AI-generated code scanning and remediation, agent-based remediation workflows, and an AI bill of materials to track the use of shadow AI in coding. As organizations rapidly adopt AI tools for development, the attack surface expands in ways that traditional security tools may miss. The AI bill of materials provides transparency into which AI models, libraries, and dependencies are in use, helping teams maintain governance over AI-generated code.
Historical context and industry trends
The concept of using offensive tools defensively is not new—penetration testing and red teaming have been cornerstones of cybersecurity for decades. However, the scale and speed enabled by AI represent a paradigm shift. Early examples of automated red teaming tools, such as those from Cymulate or AttackIQ, have paved the way for more sophisticated AI-driven platforms. Wiz's approach goes further by embedding contextual awareness directly into the AI agents, allowing them to adapt to each unique environment rather than relying on predefined attack scripts.
Moreover, the emphasis on multi-cloud support reflects the reality of modern enterprise IT. A single organization may run workloads across multiple public clouds, each with its own security posture and configuration nuances. Wiz's platform is designed to unify visibility and response across these disparate environments, a capability that becomes increasingly critical as threat actors exploit misconfigurations and shadow assets.
Yinon Costica co-founded Wiz in 2020 with a vision to simplify cloud security. The company rapidly gained traction, securing major customers and raising substantial venture capital before being acquired by Google. His background as a former security engineer and product leader informed the design of the new AI agents, which aim to democratize advanced security operations.
At Google Cloud Next, other speakers echoed Costica's sentiment. Attendees overwhelmingly backed AI integration, but also stressed the need for governance and clear use cases. As AI permeates every layer of technology, the distinction between defensive and offensive operations blurs. Wiz's message is clear: the best defense is a proactive, AI-enabled offense—applied internally before attackers can act.
Source: ComputerWeekly.com News