Sold by
WIZ Cloud Infrastructure Security Platform
Wiz provides an entirely new approach to cloud security that for the first time identifies the actual risks hidden in your cloud infrastructure.
Reviews (851)
Nicholas Louisma
Unified cloud views have simplified finding infrastructure vulnerabilities and identity risks
Reviewed on Jun 23, 2026
Review provided by PeerSpot
What is our primary use case?
What is most valuable?
The UI is what I appreciate most about Wiz; the interface is really easy and not clunky. You can create many dashboards and a personal page for all the vulnerabilities you are trying to find. When it comes to your systems, users, and applications, having all of those attachments to your different platforms and being able to have the scans go throughout the platforms while pulling those vulnerabilities is really helpful with a nice user interface.
Wiz brings great integration into GCP resources, which is crucial for my previous organizations that were very heavily GCP-based. Wiz has seamless integration into GCP, AWS, Azure, Okta, and other large cloud platforms and SaaS platforms.
Wiz allows you to consolidate tools, but not all tools. It does not handle the nuanced type of tools, but the major tools it does allow you to consolidate from my experience.
The main advantage of Wiz is its user interface. A good interface makes it easy for engineers to not get fatigued from working with so much data and ensures it is not clunky-looking, as it is hard to identify issues. You want something that is visually appealing to identify risk, and having a good UI presents a huge benefit.
What needs improvement?
I would want to see Wiz improve by connecting to other major platforms agnostically, with the ability to connect to other platforms without needing to do too much integration. It requires a lot of alignment with different platforms for it to function properly.
I am not sure if Wiz has reduced alert fatigue in my organization, as I have not really looked into that aspect.
Wiz is not agnostic compared to other competitors in the market. If you want to add a new integration to another platform, it does not have an easy plug-and-play option for whatever platform. It requires integration to the proper tooling, and that is only from my experience with it.
For how long have I used the solution?
My experience with Wiz began six months ago.
What do I think about the stability of the solution?
I have not had any crashes, downtimes, or performance issues with Wiz.
What do I think about the scalability of the solution?
I find Wiz scalable and have tried to scale it up and out.
How are customer service and support?
I evaluate the customer service and technical support of Wiz as pretty useful. At my last company, we were able to have weekly calls with Wiz to talk about new updates and remediate any issues that we had. I would rate the technical support an eight on a scale of one to ten.
Which solution did I use previously and why did I switch?
I have used Exonius, but that is not a cloud posture platform; it is more of a logging platform or monitoring platform. I probably have used others, but I do not remember their names.
How was the initial setup?
Onboarding with Wiz is straightforward. I find it easy to teach myself how to use it, and I was able to figure it out within a week or two of just exploring it inside of Wiz.
What about the implementation team?
I was not involved in the setup deployment of Wiz.
What other advice do I have?
I have not utilized Wiz Defend. I do not use Wiz Code in my operations. I have not used the AI Posture Management in Wiz, but I have used Posture Management, though I only used it for a few weeks in the beginning.
I find Wiz Posture Management pretty beneficial in my overall cloud security strategy, as everything is in the cloud. Many companies use cloud resources, so I think it is pretty beneficial.
I have not utilized Wiz Runtime Sensor, as I am more infrastructure, networking, and compute-related, so I have not been involved in application risk and have not really used the runtime features for Wiz.
Wiz has not helped my organization achieve zero criticals in its issue queues. There are many critical issues that come up regularly, and having to tackle them means sometimes those critical issues cannot be resolved because of architectural issues. If you resolve it, there will be an issue within the architecture, so I do not think I have ever seen the critical issues get down to zero.
Regarding the cloud security democratization aspect of Wiz, I have only used it here and there for infrastructure-related items and touched some other cloud-related items, but from my scope, I do not think I have seen the actual impact it has on our entire team or organization. When I used it, I was a level one engineer, so I did not get to see the entire scope of its impact.
I have not used Wiz recently, but from my memory of using it, I did appreciate the identity platform and think that they should expand more into the identity area and make it more seamless for items such as RBAC or non-human identities.
I am not entirely sure how my latest company purchased Wiz, but my first company that I used it with bought it through Google's Marketplace.
I was not using Wiz post-sales support services.
My overall rating for Wiz is an eight out of ten.
reviewer2860287
Comprehensive cloud security has improved visibility and enabled precise threat response
Reviewed on Jun 22, 2026
Review from a verified AWS customer
What is our primary use case?
My main use case for Wiz is cloud security, infrastructure as code, threat detection and response, and application security.
For example, if we have a cloud resource that has an Amazon GuardDuty alert, we will use Wiz to ingest the log, and we review it for security reasons and use that information in our alerting pipeline. Wiz is where we ingest all the information and logs.
My main use case is to scan cloud infrastructure for misconfigurations, issues, security threat intelligence, and more.
What is most valuable?
The best features Wiz offers include the scanning, the ability to map vulnerabilities to specific resources, the ability for GraphQL API integration, and their security graph when it comes to querying information, finding specific detections, and responding to them, and much more.
For example, we use many other automation tools that need to integrate with Wiz, and through the graph API or GraphQL API, we are able to call Wiz in a very specific way where if we want to automate anything, it is possible via their API.
There is a variety of features per team, such as cloud security, AI security, security operations center, and more.
Wiz has positively impacted my organization by stopping security incidents, giving us full visibility in our cloud environments, and providing us with the confidence that we can use the tool not just for security but also for operations tooling, DevOps, code scanning, and all of the above.
We have seen specific outcomes and information improve as a result, and we have definitely narrowed down more incidents that we might need to take care of with the tooling, which has given us wider visibility compared to when we did not have it.
Wiz allowed us to consolidate tools, and on the issues it gives us from the top level down—critical to informational—we are able to fully prioritize the things that are most important due to that capability.
What needs improvement?
Wiz's pricing model is very poor.
The pricing is out of control, but when it comes to the actual functionality of the tool, the tool is great.
On a scale of one to ten, I would rate Wiz an eight. I rate it an eight because internally, they have specific people who want to bulldoze you when it comes to signing agreements that are much higher priced than the value that you get. Wiz is great. Some people are great and some are not, so they are a little bit less willing to work with customers on their specific needs regarding things such as pricing versus other tools.
For how long have I used the solution?
I have been using Wiz for over four years.
What do I think about the stability of the solution?
Wiz is stable.
What do I think about the scalability of the solution?
Wiz's scalability is very good, and I have not had any issues yet.
How are customer service and support?
The customer support is fair; they are not great, nor bad.
Which solution did I use previously and why did I switch?
We started to use Wiz since their inception.
How was the initial setup?
Everything is very well set up; the UI is easy to use, and their API is great.
What about the implementation team?
We are just a customer without a business relationship with this vendor other than that.
What was our ROI?
I have definitely saved time, but money saved is still up in the air; there have been things that make us feel that is not the case. We also need fewer employees, partially.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing has been very poor.
Which other solutions did I evaluate?
What other advice do I have?
The extent to which the Wiz runtime sensor has helped in identifying active threats more effectively compared to previous solutions is pretty minimal.
My impression of the cloud security democratization aspect of the product is that it is one of the best sources of truth we have. It is extremely impactful on the organization, so it is definitely a tool we are going to use if the pricing is right.
We have gone through three technical account managers and have decided not to renew.
My advice to others looking into using Wiz is to make sure that you are working with the right account team, set up all of your integrations correctly, and take your time during your proof of value.
Wiz is a great tool, and we will continue to use it over time. I rate Wiz an eight out of ten overall.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Telecommunications
Wiz: My Go-To SuperApp for Security
Reviewed on Jun 21, 2026
Review provided by G2
What do you like best about the product?
Wiz has become my go-to SuperApp for security.
What do you dislike about the product?
I can’t keep up with all the new functionalities.
What problems is the product solving and how is that benefiting you?
As cloud infrastructure becomes more complex, small changes are very likely to have a ripple effect. Seeing the impact of these changes on the big picture all in one place makes things easier.
Information Technology and Services
Agentless Visibility and AI Agents That Cut Alert Noise and Save Time
Reviewed on Jun 18, 2026
Review provided by G2
What do you like best about the product?
What I like best about Wiz is its agentless visibility and how it eliminates alert noise. The Wiz AI Agents are also fantastic, they save our team massive amounts of time by autonomously fixing code vulnerabilities and accelerating our threat-hunting workflows.
What do you dislike about the product?
What I dislike most is the inability to manually input or upload a custom list of specific CVEs to test against our environment and generate an immediate findings review. Currently, we have to rely strictly on automated environment-wide scans rather than targeted, ad-hoc CVE queries.
What problems is the product solving and how is that benefiting you?
Wiz eliminates multi-cloud blind spots and stops alert fatigue by mapping how different risks connect into actual attack paths.
Financial Services
Security Graph Makes Cloud Triage and Quantitative Prioritization Easy
Reviewed on Jun 18, 2026
Review provided by G2
What do you like best about the product?
Security Graph are extremely helpful when triaging our cloud environment. Additionally, being able to prioritize issues based on quantitative assessments is highly effective for building consensus across our group companies.
What do you dislike about the product?
For services that run a large number of containers from the exact same image, we want to optimize our license usage by only scanning the shared image repository. However, even when we exclude those container scans, BUs (Billing Units) are still consumed because CSPM functions working, which defeats the purpose of trying to save licenses.
What problems is the product solving and how is that benefiting you?
Wiz has significantly accelerated our process of investigating vulnerability details (such as CVSS, EPSS, KEV, and PoC) to assess exploitability and determine the impact on our organization. Furthermore, it provides a shared context that allows us to communicate more efficiently and have well-aligned discussions with our product teams.
Karunesh Tripathi
Cloud security has become more prioritized and consolidated but still needs better context and bundling
Reviewed on Jun 17, 2026
Review provided by PeerSpot
What is our primary use case?
What is most valuable?
There are several resources deployed on the cloud, and we are monitoring those assets. Wiz has a very strong AI engine that can correlate these findings, and I believe that is the clearer differentiator from other products in the market. We are using Wiz to define the correlation, and it works perfectly by defining priority based on impact and likelihood. I feel this saves considerable rework from security engineers and the team, helping us to immediately act on these exposure issues and address high and critical vulnerabilities.
All other security tools I have seen mainly focus on impact and try to map directly with the CVSS. I think that context is outdated now because threats have changed and patterns have evolved. It clearly requires a different approach so that we can use it enterprise-wide, and security leaders should get clear visibility on the likelihood of these incidents and decide whether to spend resources on them.
Wiz is performing quite well with the existing CNAPP capability. However, Wiz has additional functionalities under Wiz Code, and there are other modules coming for AI security. That is definitely new, which Wiz offers, and it is completely different from existing solutions.
From a security tooling perspective, every enterprise is bombarded with thousands of tools and nobody knows how to consolidate them and what those different data points should be used for. That has been one of the nightmares, where most people simply spend their resources managing those tools and remediating the same issues on different platforms. Using Wiz Code and the other matching capability helps me eliminate the redundancy of tools in my infrastructure. That is a significant win, as I can see everything in a single pane of glass.
The response time has drastically increased, and the data we are getting is more focused. That is something truly required in security, as you need to respond as quickly as possible to breaches because they occur in fractions of seconds. Therefore, quick responsiveness is something Wiz has truly achieved.
What needs improvement?
As an extensive user of Wiz, I have noticed that one critical area Wiz is missing is context. It is performing well in terms of reporting issues and mapping to the environment, but many false positives are generated because it lacks context. I would appreciate Wiz ingesting customer context, understanding how I am using it and what my infrastructure looks like, so it can determine whether something is truly an issue for me. I do not want to keep dealing with thousands of vulnerabilities and marking them under ignore rules or wasting time assessing everything only to find they are false positives. This is an area where Wiz really needs to focus.
Secondly, regarding remediation, Wiz has playbooks, but it is not adding anything new. If I wanted to use Wiz with AI infrastructure, it could provide more guidance on best practices and how to implement them.
Currently, Wiz has three modules: Wiz, Wiz Code, and CNAPP. At some point, Wiz needs to rethink this and consider a bundled offering for more benefit to customers and product owners. If I buy CNAPP and later move to Wiz Code, there may be conflicting or overlapping features. People could be confused about why to use Wiz Code and what is different. It should look like a simple bundle, indicating what you are getting and when to use each. Currently, when to use what is missing, and while it is documented, as an enterprise decision maker, I do not want to spend time repeatedly on the same tools. I want a single comprehensive solution. Wiz Code should be the default offering as a simple, pay-as-you-go model without requiring separate deployments.
The lack of context is an issue. The tool is performing well, but without context, it generates many false positives, which every organization using Wiz struggles with. Secondly, the multiple offerings lead to confusion, as people may hesitate to use the next solution, such as Wiz Code. These two aspects are holding me back from giving a higher rating.
For how long have I used the solution?
I have been using Wiz for almost five years.
What other advice do I have?
As a security product manager and extensive user, I recommend that people explore Wiz. It simplifies their lives with many new features and capabilities. It allows for easy adoption in defining benchmarks and a minimum security baseline for organizations, something that is harder with other tools. Some solutions claim to have specific capabilities, but they do not deliver. Based on my hands-on experience, I can say that Wiz is a clear differentiator, and people should definitely consider it.
Wiz helped consolidate tools, but there were overlapping capabilities, and we still are not getting a complete view. To a certain extent, it helped with consolidation, but there is still room for improvement. I provided feedback suggesting that Wiz Code and other capabilities should be under the same bundle with a pay-as-you-go model, as it can be time-consuming to enable these capabilities later.
Overall, I believe Wiz is doing a great job, simplifying many aspects for security professionals and enterprises. The dashboard is quite nice, and with the introduction of the MCP, I am only concerned about remediation, context defining, and bundling of offerings. These are three areas I want Wiz to focus on to make their product even better. I would rate this product a seven out of ten.
Education Management
Cloud Security with Wiz!
Reviewed on Jun 16, 2026
Review provided by G2
What do you like best about the product?
A pleasant surprise has been the steady pace of new features and capabilities. Over the time we've been customers, the platform has kept expanding — deeper code-to-cloud correlation, broader coverage across our environment, and new capabilities that arrive without us having to re-architect anything. It's reassuring to invest in a tool that keeps getting more useful rather than standing still.
What do you dislike about the product?
that it isn't free! no complaints with the product
What problems is the product solving and how is that benefiting you?
Adopting Wiz has meaningfully changed how our team manages cloud risk. The single biggest differentiator for us is its ability to correlate environment context — the Security Graph stitches together misconfigurations, identities, network exposure, and sensitive data into a coherent picture, so instead of drowning in isolated alerts we see the actual attack paths that matter. That "so what" prioritization is unmatched by the competitors we evaluated; other tools surfaced findings, but none connected them into reachable, exploitable risk the way Wiz does.
Alasdair R.
Clear Cloud Risk Visibility and Actionable Insights with Wiz
Reviewed on Jun 16, 2026
Review provided by G2
What do you like best about the product?
From a CIO perspective, Wiz has helped us strengthen how we understand and manage cloud security risk. It provides clear visibility across complex cloud environments, helps teams prioritise the issues that matter most, and supports more effective collaboration between security, infrastructure, and engineering teams.
One of the things I value most is the way Wiz turns cloud security findings into actionable insight. It helps technical teams focus remediation effort where it has the greatest impact, while giving leadership a clearer view of risk and progress.
Overall, Wiz has been a strong enabler of better cloud governance, improved risk management, and more confident decision making. It has helped us move faster while maintaining the deep levels of security oversight we expect.
One of the things I value most is the way Wiz turns cloud security findings into actionable insight. It helps technical teams focus remediation effort where it has the greatest impact, while giving leadership a clearer view of risk and progress.
Overall, Wiz has been a strong enabler of better cloud governance, improved risk management, and more confident decision making. It has helped us move faster while maintaining the deep levels of security oversight we expect.
What do you dislike about the product?
I've not yet found any downsides, they're an excellent partner
What problems is the product solving and how is that benefiting you?
Cloud security in a massive and highly complex software engineering environment
Ruben F.
Excellent Cloud Risk Visibility and Fast Insights with Wiz
Reviewed on Jun 16, 2026
Review provided by G2
What do you like best about the product?
What I like most about Wiz is the visibility it provides across our cloud environment. It makes it much easier to understand where risks exist and how they relate to identities, workloads, exposed services, secrets, permissions, and more. It’s especially valuable that we now have clearer insight into which issues need to be handled immediately versus later.
The graph based approach is also a big plus because it doesn’t just show findings, it shows the context around them. On the integration side, we are able to ingest most of our data into Wiz. Overall, Wiz has definitely helped us identify and follow up on misconfigurations and exposure paths much faster than we could have done manually
In terms of performance, Wiz is quite speedy. The dashboard is great to work with, and most elements open quickly. It also seems to handle complex graphs and toxic combinations with ease
The ROI justifies the price for this product. An analyst might take days to find a toxic combination, while Wiz can surface it within hours of being rolled out. That has given us more time to focus on the things that matter right now
We haven’t needed to contact support much yet, which I take as a good sign. Most of the documentation is up to date, and onboarding was smooth. We were able to get full cloud visibility within hours.
With the rollout of new AI capabilities, it’s clear that Wiz is using AI extensively in the product. I’ve especially enjoyed Mika AI. This chatbot can help identify and diagnose issues, and it can even write complex security graph searches to get visibility quickly. With the new Wiz green, blue, and red agent, we have also seen a much faster TTR for some issues.
The graph based approach is also a big plus because it doesn’t just show findings, it shows the context around them. On the integration side, we are able to ingest most of our data into Wiz. Overall, Wiz has definitely helped us identify and follow up on misconfigurations and exposure paths much faster than we could have done manually
In terms of performance, Wiz is quite speedy. The dashboard is great to work with, and most elements open quickly. It also seems to handle complex graphs and toxic combinations with ease
The ROI justifies the price for this product. An analyst might take days to find a toxic combination, while Wiz can surface it within hours of being rolled out. That has given us more time to focus on the things that matter right now
We haven’t needed to contact support much yet, which I take as a good sign. Most of the documentation is up to date, and onboarding was smooth. We were able to get full cloud visibility within hours.
With the rollout of new AI capabilities, it’s clear that Wiz is using AI extensively in the product. I’ve especially enjoyed Mika AI. This chatbot can help identify and diagnose issues, and it can even write complex security graph searches to get visibility quickly. With the new Wiz green, blue, and red agent, we have also seen a much faster TTR for some issues.
What do you dislike about the product?
One area that could be improved is the SAST scanner. In our experience, it can generate a fair number of false positives, which means findings need manual validation before action is taken.
Another consequence of the agentless approach is that remediation feedback is not always instant. While agentless scanning has many advantages from an operational perspective, after fixing an issue it can sometimes take until the next scan cycle before it becomes clear whether the remediation was correct. In our case, this cycle is daily. This can slow down validation during active remediation work.
I would also like to see improvements to the Wiz IDE extension. It has required authentication more often than I expected, which can interrupt developer workflows when regularly using it during development. I’ve noticed our developers often rely on the Wiz PR comments instead.
Another consequence of the agentless approach is that remediation feedback is not always instant. While agentless scanning has many advantages from an operational perspective, after fixing an issue it can sometimes take until the next scan cycle before it becomes clear whether the remediation was correct. In our case, this cycle is daily. This can slow down validation during active remediation work.
I would also like to see improvements to the Wiz IDE extension. It has required authentication more often than I expected, which can interrupt developer workflows when regularly using it during development. I’ve noticed our developers often rely on the Wiz PR comments instead.
What problems is the product solving and how is that benefiting you?
Wiz helps us solve the problem of maintaining visibility and control across an ever-growing cloud environment. Without a platform like Wiz, it would be much harder to understand where we have exposed resources, risky permissions, secrets, misconfigurations or toxic combinations that increase risk.
The biggest benefit is prioritization. Instead of treating every finding as urgent, Wiz helps us understand which issues contain the most exposure and should be handled first. This saves time for our employees and helps us focus on remediation work, which has the highest impact.
Wiz’s shift-left mindset is also especially useful. Developers and infrastructure specialists can now see when they create a risky resource, instead of only discovering it after the fact. By incorporating security by design into our SDLC, we have noticed that fewer new issues are being created in Wiz. As a result, our overall list of issues is actually decreasing.
The biggest benefit is prioritization. Instead of treating every finding as urgent, Wiz helps us understand which issues contain the most exposure and should be handled first. This saves time for our employees and helps us focus on remediation work, which has the highest impact.
Wiz’s shift-left mindset is also especially useful. Developers and infrastructure specialists can now see when they create a risky resource, instead of only discovering it after the fact. By incorporating security by design into our SDLC, we have noticed that fewer new issues are being created in Wiz. As a result, our overall list of issues is actually decreasing.
Telecommunications
Powerful, Unified View of Our Cloud Security Posture
Reviewed on Jun 16, 2026
Review provided by G2
What do you like best about the product?
It’s a powerful platform that lets us view the security posture of all our cloud assets in one place.
What do you dislike about the product?
The licensing price is the most challenging part.
What problems is the product solving and how is that benefiting you?
It helps us discover vulnerabilities and clearly identify the exposures across our cloud resources.