Wiz is a
cloud security startup headquartered in
New York City.[2][1] The company was founded in January 2020 by Assaf Rappaport, Yinon Costica, Roy Reznik, and Ami Luttwak, all of whom previously founded
Adallom.[3][4] Rappaport is CEO, Costica is VP of Product, Reznik is VP of Engineering, and Luttwak is CTO. The company's platform analyzes computing infrastructure hosted in
AWS,
Azure,
GCP,
OCI, and
Kubernetes for combinations of risk factors that could allow malicious actors to gain control of cloud resources and/or exfiltrate valuable data.
As of February 2024, Wiz employed about 900 people, with most sales and marketing personnel scattered across North America and Europe while most engineering personnel are based in
Tel Aviv,
Israel.[5][6][7] In August 2022, Wiz claimed to be the fastest startup ever to scale from $1 million to $100 million in
annual recurring revenue (ARR), from February 2021 to approximately July 2022.[8] In February 2023, following its series D round of funding, Wiz claimed to be the largest cyber
unicorn in the world and the fastest
Software-as-a-Service company to reach a $10 billion valuation.[9] In February 2024, the company claimed to have reached $350M in ARR, with a 40% market share of Fortune 100 companies.[1][10]
Funding
Wiz has raised a total of $1.9 billion from a combination of venture capital funds and private investors:
Series B — In April and May 2021, Wiz raised $130 million and $120 million (respectively) on a $1.7 valuation from Index Ventures,
Sequoia Capital,
Insight Partners, and Cyberstarts.[12]
Series E — In May 2024, Wiz raised $1 billion on a $12 billion valuation[17] from Andreessen Horowitz, Lightspeed Venture Partners, Thrive Capital, Greylock Partners, Wellington Management, Cyberstarts, Greenoaks, Index Ventures, Salesforce Ventures, Sequoia Capital and Howard Schultz.
Acquisitions
Wiz has acquired two companies:
Raftt — A cloud-based developer collaboration platform, purchased in December 2023
Gem — A real-time Cloud Detection and Response (CDR) solution that shortens the time to investigate and contain cloud-native threats, purchased in April 2024
In April 2024, reports indicated that Wiz intended to purchase Lacework, but in May the deal fell through during the due diligence process.[18]
Research
Wiz researchers have discovered and responsibly disclosed numerous cloud vulnerabilities that garnered significant media coverage:
ChaosDB – A series of flaws in
Microsoft Azure's
Cosmos DB that made it possible to download, delete, or manipulate databases belonging to thousands of Azure customers.[19][20]
OMIGOD – Bugs in
Open Management Infrastructure (OMI), a ubiquitous but poorly documented agent embedded in many popular Azure services, that allowed for unauthenticated remote code execution and privilege escalation.[21]
NotLegit – Insecure default behavior in the Azure App Service that exposed the source code of some customer applications.[22]
ExtraReplica – A chain of critical vulnerabilities found in the Azure Database for
PostgreSQL Flexible Server that could let malicious users escalate privileges and gain access to other customers' databases after bypassing authentication.[23][24]
AttachMe – A cloud isolation vulnerability that, before it was patched by OCI, could have allowed attackers to access and modify other users' OCI storage volumes without authorization.[25]
Hell's Keychain – A first-of-its-kind cloud service provider supply-chain vulnerability in IBM Cloud Databases for PostgreSQL that, before it was patched, could have allowed malicious actors to remotely execute code in victims' environments.[26]
BingBang – A misconfiguration in Azure Active Directory (AAD) that allowed Wiz researchers to modify Bing.com search results in a way that malicious actors could use to steal Office 365 credentials granting access to countless users' private emails and documents.[27]
Wiz is a
cloud security startup headquartered in
New York City.[2][1] The company was founded in January 2020 by Assaf Rappaport, Yinon Costica, Roy Reznik, and Ami Luttwak, all of whom previously founded
Adallom.[3][4] Rappaport is CEO, Costica is VP of Product, Reznik is VP of Engineering, and Luttwak is CTO. The company's platform analyzes computing infrastructure hosted in
AWS,
Azure,
GCP,
OCI, and
Kubernetes for combinations of risk factors that could allow malicious actors to gain control of cloud resources and/or exfiltrate valuable data.
As of February 2024, Wiz employed about 900 people, with most sales and marketing personnel scattered across North America and Europe while most engineering personnel are based in
Tel Aviv,
Israel.[5][6][7] In August 2022, Wiz claimed to be the fastest startup ever to scale from $1 million to $100 million in
annual recurring revenue (ARR), from February 2021 to approximately July 2022.[8] In February 2023, following its series D round of funding, Wiz claimed to be the largest cyber
unicorn in the world and the fastest
Software-as-a-Service company to reach a $10 billion valuation.[9] In February 2024, the company claimed to have reached $350M in ARR, with a 40% market share of Fortune 100 companies.[1][10]
Funding
Wiz has raised a total of $1.9 billion from a combination of venture capital funds and private investors:
Series B — In April and May 2021, Wiz raised $130 million and $120 million (respectively) on a $1.7 valuation from Index Ventures,
Sequoia Capital,
Insight Partners, and Cyberstarts.[12]
Series E — In May 2024, Wiz raised $1 billion on a $12 billion valuation[17] from Andreessen Horowitz, Lightspeed Venture Partners, Thrive Capital, Greylock Partners, Wellington Management, Cyberstarts, Greenoaks, Index Ventures, Salesforce Ventures, Sequoia Capital and Howard Schultz.
Acquisitions
Wiz has acquired two companies:
Raftt — A cloud-based developer collaboration platform, purchased in December 2023
Gem — A real-time Cloud Detection and Response (CDR) solution that shortens the time to investigate and contain cloud-native threats, purchased in April 2024
In April 2024, reports indicated that Wiz intended to purchase Lacework, but in May the deal fell through during the due diligence process.[18]
Research
Wiz researchers have discovered and responsibly disclosed numerous cloud vulnerabilities that garnered significant media coverage:
ChaosDB – A series of flaws in
Microsoft Azure's
Cosmos DB that made it possible to download, delete, or manipulate databases belonging to thousands of Azure customers.[19][20]
OMIGOD – Bugs in
Open Management Infrastructure (OMI), a ubiquitous but poorly documented agent embedded in many popular Azure services, that allowed for unauthenticated remote code execution and privilege escalation.[21]
NotLegit – Insecure default behavior in the Azure App Service that exposed the source code of some customer applications.[22]
ExtraReplica – A chain of critical vulnerabilities found in the Azure Database for
PostgreSQL Flexible Server that could let malicious users escalate privileges and gain access to other customers' databases after bypassing authentication.[23][24]
AttachMe – A cloud isolation vulnerability that, before it was patched by OCI, could have allowed attackers to access and modify other users' OCI storage volumes without authorization.[25]
Hell's Keychain – A first-of-its-kind cloud service provider supply-chain vulnerability in IBM Cloud Databases for PostgreSQL that, before it was patched, could have allowed malicious actors to remotely execute code in victims' environments.[26]
BingBang – A misconfiguration in Azure Active Directory (AAD) that allowed Wiz researchers to modify Bing.com search results in a way that malicious actors could use to steal Office 365 credentials granting access to countless users' private emails and documents.[27]