Wiz AI-SPM

Overview

Wiz AI-SPM (AI Security Posture Management) is Wiz's module for discovering, assessing, and securing AI workloads running in cloud environments. Wiz, the cloud security platform that's grown at a frankly absurd pace since its founding in 2020, added AI-SPM to address the fact that organizations are deploying AI/ML workloads in the cloud at scale, and most existing security tools have no specific understanding of the risks those workloads introduce. AI-SPM extends Wiz's existing cloud security capabilities — vulnerability management, identity analysis, data exposure detection — with AI-specific context.

The product maps the complete AI pipeline in your cloud environment: training data, model storage, inference endpoints, API configurations, and the identity and network paths that connect them. It then assesses the security posture of each component against AI-specific risks — model exposure, training data poisoning vectors, prompt injection vulnerabilities, excessive permissions on model endpoints, and unencrypted model artifacts. This pipeline-centric view is what differentiates AI-SPM from general-purpose cloud security scanning.

Wiz AI-SPM launched in 2024 and is still maturing, but it's backed by Wiz's formidable engineering team and their agentless scanning architecture that's already proven at scale in their core CSPM and CWPP products. The AI-SPM module benefits from Wiz's existing graph database, which maps relationships between cloud resources — so when it finds an exposed AI model endpoint, it can also show you the data stores it connects to, the identity roles that can access it, and the network paths that reach it.

How It Works

Wiz AI-SPM leverages the same agentless scanning architecture that powers all of Wiz's cloud security modules. It connects to your cloud accounts (AWS, Azure, GCP) via read-only API access and scans for AI-related resources: SageMaker endpoints and notebooks, Azure OpenAI instances, Vertex AI pipelines, Bedrock configurations, self-hosted model servers running on EC2/VMs, container-based model serving frameworks, and AI-related storage buckets and databases. The scanning is continuous, not periodic, so new AI deployments are discovered within hours of creation.

The magic is in Wiz's graph. Once AI resources are discovered, they're added to Wiz's Security Graph — the same graph that maps all your cloud resources, identities, network configurations, and data stores. This means Wiz can answer questions like "which AI model endpoints are accessible from the internet?" or "which training data buckets can be accessed by overly permissive IAM roles?" or "is there a path from this public-facing application to this model's training data through any combination of network access and identity permissions?" These graph-based queries reveal risks that no single-resource scanner would catch.

AI-SPM includes a library of AI-specific security rules that check for common misconfigurations: model endpoints without authentication, training data buckets without encryption, notebooks with embedded credentials, overly permissive model invocation policies, and exposed model artifacts that could be downloaded and reverse-engineered. The rules are mapped to emerging AI security frameworks (OWASP Top 10 for LLMs, NIST AI Risk Management Framework) where applicable.

The output integrates with Wiz's existing workflow — findings appear in the unified issue queue, can trigger JIRA tickets or Slack notifications, and are included in compliance reports. For teams already using Wiz for cloud security, AI-SPM findings feel like a natural extension of their existing workflow rather than a separate tool.

What We Liked

The AI resource discovery was impressively thorough. In our test AWS environment, AI-SPM found not just the obvious SageMaker endpoints and Bedrock configurations, but also three self-hosted model servers running in Docker containers on EC2 instances, a Jupyter notebook with embedded API keys for three different AI services, and an S3 bucket containing training data that was accessible to a role used by 14 different services. We knew about the SageMaker endpoints; we didn't know about the rest. The shadow AI discovery alone justified the evaluation.

The graph-based risk visualization is Wiz's consistent strength, and it works just as well for AI resources as it does for traditional cloud infrastructure. We found a path from a public-facing web application to an AI model's training data store that went through two intermediate services and an overly permissive IAM role. No individual scanner would have identified this as a risk — it's only visible when you map the entire relationship graph. Wiz presented this as an "attack path" with clear step-by-step visualization, making it easy to understand and communicate to the engineering team that needed to fix it.

The agentless approach means there's no performance impact on your AI workloads and no agents to deploy on GPU instances (which are expensive enough without adding security agent overhead). The API-based scanning connects in minutes, and full discovery of AI resources was complete within a few hours of connecting our test accounts. Compared to agent-based approaches that require deploying and managing software on each AI server, the operational simplicity is a significant advantage.

We were pleasantly surprised by the compliance mapping. AI-SPM maps findings to the OWASP Top 10 for LLM Applications and relevant NIST controls, which gives security teams a ready-made language for communicating AI risks to compliance and executive stakeholders. Given that AI governance is a hot topic in boardrooms but most security teams lack an AI-specific compliance framework, having the mapping built in saves substantial effort in report preparation.

What Fell Short

AI-SPM is cloud-only. If your organization runs AI workloads on-premises — training clusters in your data center, model serving on bare metal, research environments that haven't moved to the cloud — Wiz can't see them. This is a limitation of Wiz's overall architecture, not specific to AI-SPM, but it matters more in the AI context because many organizations still keep their most sensitive AI work (especially training with proprietary data) on-premises for data sovereignty reasons. You'll get visibility into your cloud AI footprint but not your total AI footprint.

The AI-specific security rules, while useful, are still limited in scope. They catch common misconfigurations (which is valuable), but they don't address more advanced AI security concerns like model integrity verification, adversarial input detection, or supply chain risks in model dependencies. These are harder problems to solve with static analysis, and it's understandable that they're not in the initial release, but the current rule set covers maybe 40% of the AI risk landscape that mature organizations care about. Expect this to improve quickly — Wiz ships features aggressively — but as of now, you'll need additional processes and tools for a complete AI security program.

The pricing is Wiz's perennial challenge. Wiz is not cheap, and AI-SPM is bundled into the higher-tier plans rather than available as a standalone module. If you're not already a Wiz customer, buying into the platform specifically for AI-SPM is hard to justify — you'd be purchasing a full cloud security platform to get one module. For existing Wiz customers, it's a different story — AI-SPM is included in the upper-tier subscriptions, making it essentially free. The packaging creates a frustrating dynamic where the organizations that need AI-SPM most (those with large, complex cloud AI deployments) are often already Wiz customers and get it included, while smaller organizations that are just starting their cloud AI journey can't justify the Wiz platform cost just for this module.

Pricing and Value

Wiz doesn't publish pricing, and quotes vary significantly by cloud resource count, selected modules, and contract term. Based on customer conversations, full Wiz platform pricing typically ranges from $50,000-$400,000/year depending on deployment size. AI-SPM is included in the Advanced and Enterprise tiers — if you're already on one of these tiers, the incremental cost is zero. If you need to upgrade from a lower tier, the price increase typically runs $20,000-$50,000/year depending on your deployment size.

For existing Wiz customers on qualifying tiers, the value equation is simple: it's free additional visibility into a growing risk area. Enable it. For organizations evaluating Wiz for the first time, AI-SPM should be one factor among many in the purchasing decision, not the primary driver. Wiz's core CSPM, CWPP, and DSPM capabilities are the main value drivers; AI-SPM is an increasingly important but still supplementary module.

Who Should Use This

Existing Wiz customers running AI workloads in AWS, Azure, or GCP should enable AI-SPM without hesitation. The visibility it provides into AI resource deployment and misconfiguration is something no other module in the platform covers, and the effort to enable it is minimal. Organizations with large-scale AI/ML operations in the cloud — data science teams running training pipelines, engineering teams deploying model inference endpoints, product teams using managed AI services — will see the most findings and the most value.

It's not the right tool for organizations whose AI usage is limited to consuming SaaS-based AI tools (like ChatGPT or Copilot) with no custom cloud-deployed AI infrastructure. It's also not sufficient as a standalone AI security program — it covers the cloud infrastructure layer but doesn't address model-level security testing, AI application security, or organizational AI governance. Think of it as the cloud infrastructure component of an AI security program, not the entire program.

The Bottom Line

Wiz AI-SPM is a natural extension of what Wiz already does well: scanning cloud infrastructure, mapping resource relationships, and surfacing risks that individual resource-level checks would miss. The AI-specific lens adds real value for organizations deploying ML workloads in the cloud, and the graph-based risk visualization makes complex AI pipeline risks understandable to people who don't have a data science background. It's cloud-only, it's early-stage, and you need to be a Wiz customer to use it — all real limitations. But for the organizations that fit the profile, it's the best AI workload visibility tool available today, mostly because there aren't many alternatives and the ones that exist don't have Wiz's graph advantage.