- AI-powered agents automate threat detection and remediation at machine speed.
- Non-technical teams are increasingly building AI applications, expanding the scope of necessary security.
- Multi-cloud, multi-tool platform empowers developers to build securely across diverse environments.
At Google Cloud Next, Wiz and Google Cloud introduced a transformative approach to AI security, moving beyond traditional "shift left" paradigms to empower developers with integrated, AI-driven protection.
In a compelling session at Google Cloud Next, Salman Ladha from Wiz, alongside Ankur Kotwal of Google Cloud, detailed how their collaboration is tackling the escalating challenges of AI security. Wiz, a leading cloud security platform, is now deeply integrated with Google Cloud, offering solutions that protect everything organizations build and run in cloud and AI environments. The core mission is to empower every engineering team to innovate rapidly with AI, while ensuring security is intrinsically woven into the development lifecycle through innovative Wiz Code plugins that scan for vulnerabilities before code is even committed.
The discussion highlighted a pivotal shift from the often-contentious "shift left" approach to a new philosophy dubbed "shifting down." This strategy abstracts the responsibility of security directly into AI agents, allowing developers to focus on core development tasks without being burdened by constant security alerts. This is particularly crucial as AI accelerates code generation beyond the review capacity of human security teams. The speakers emphasized that AI not only unlocks unprecedented scale but also provides the context necessary to build trust and confidence in security findings, a critical factor for effective developer adoption.
The session included a live demonstration featuring a fictitious AI application, DataBot, to illustrate Wiz's capabilities. The demo showcased the Wiz Security Graph, a living map of application logic and potential risks, and introduced Wiz's three platform-wide AI agents: the Red Agent (an AI-powered attacker that proactively finds exploits), the Green Agent (an AI-powered defender and fixer that generates remediation plans and even GitHub pull requests at machine speed), and the Blue Agent (an AI-powered defender that actively monitors for live threats). This integrated system creates a "virtuous loop" of continuous security, from proactive exploitation to automated remediation and real-time defense.
Furthermore, the conversation touched upon the surprising trend of traditionally non-technical teams, such as HR and finance, increasingly building AI applications. This expansion of the "builder" demographic underscores the need for a security platform that is pervasive and intuitive, securing AI creations regardless of the developer's background. Developers were encouraged to explore the Wiz plugin for their AI-native IDEs and engage their security organizations to integrate Wiz Code for a faster, more secure AI development future.
“AI unlocks scale and context unlocks that trust and confidence in what you're seeing. So this is a long-winded answer, Ankur. You asked is this just shift left? I prefer to think of it as shifting down.”
- Ankur Kotwal, Global DevRel Lead, Google Cloud
