好,我需要帮用户总结这篇文章的内容,控制在100字以内。首先,文章讲的是Wiz公司(现在属于Google Cloud)在RSAC 2026上宣布了AI Application Protection Platform(AI-APP)。这个平台的目标是保护日益复杂的AI模型、AI代理和数据。 接下来,文章提到传统安全工具通常是孤立地分析基础设施、身份和应用程序,而Wiz的新平台将AI视为动态的、相互关联的系统。这解决了快速AI采用带来的“盲点”问题,这是CISO们的主要担忧。 然后,文章介绍了AI-APP如何构建跨所有环境的全面清单,并提到了一个核心功能:Wiz Workload Explainer,利用AI扫描和翻译自定义实现,识别传统扫描常常忽略的代理和数据流。 平台的核心理念是AI风险很少是由单一漏洞引起的,而是多个条件叠加的结果。通过跨应用堆栈的相关信号,Wiz可以绘制出实际可利用的攻击路径。 此外,平台引入了三层威胁检测策略:模型活动、工作负载执行和云层。还集成了关键合作伙伴的数据,提供统一的安全视图。最后,Wiz还推出了Red Agent,作为AI驱动的攻击者模拟器。 总结起来,文章主要介绍了Wiz推出的新平台AI-APP及其功能和理念。我需要将这些内容浓缩到100字以内,并且不使用“文章内容总结”之类的开头。 最终总结应该是:Wiz推出AI Application Protection Platform(AI-APP),旨在保护复杂的AI模型、代理和数据。该平台采用动态系统方法解决快速AI采用带来的安全盲点,并通过三层威胁检测策略和集成合作伙伴数据提供全面的安全解决方案。 </think> Wiz推出AI Application Protection Platform(AI-APP),旨在保护复杂的AI模型、代理和数据。该平台采用动态系统方法解决快速AI采用带来的安全盲点,并通过三层威胁检测策略和集成合作伙伴数据提供全面的安全解决方案。 2026-3-23 14:44:52 Author: securityboulevard.com(查看原文) 阅读量:7 收藏
SAN FRANCISCO – Security specialist Wiz (now part of Google Cloud) on Monday announced the AI Application Protection Platform (AI-APP), a solution designed to secure the increasingly complex web of models, AI agents, and data that define artificial intelligence (AI)-native development.
The move, announced at RSAC 2026, marks a significant evolution in the Cloud-Native Application Protection Platform (CNAPP) market. While traditional security tools often analyze infrastructure, identities, and applications in silos, Wiz’s new platform treats AI as a dynamic, interconnected system.
According to Wiz, the “blind spots” created by rapid AI adoption are a primary concern for CISOs. Organizations are currently juggling managed services like AWS Bedrock, SaaS ecosystems like Microsoft Copilot, and custom self-hosted frameworks.
The AI-APP addresses this by building a comprehensive inventory across all environments. A central feature, the Wiz Workload Explainer, leverages AI to scan and translate custom implementations into clear components—identifying agents and data flows that traditional deterministic scanning often misses.
The core philosophy of the new platform is that AI risk is rarely the result of a single vulnerability. Instead, risk emerges when benign conditions across different layers overlap.
“AI risk is not defined by a single issue, but by how multiple conditions come together,” the company said in a blog post. By correlating signals across the application stack, Wiz can map real, exploitable attack paths. For example, the platform can identify if an AI agent has the permissions to execute code or modify infrastructure—actions that, if manipulated, could lead to catastrophic breaches.
To help teams prioritize these threats, Wiz maps identified risks against the OWASP Top 10 for LLM Applications, ensuring security teams focus on vulnerabilities like prompt injection and data leakage within a recognized compliance framework.
The platform introduces a triple-layer threat detection strategy: Model Activity, for monitoring inputs/outputs and prompt behavior; Workload Execution, to track agent activity and tool usage; and Cloud Layer, which observes API calls and identity changes.
To bolster this defense, Wiz has integrated with key partners in the Wiz Integration Network (WIN). Collaborations with Cloudflare, TrojAI, and Pillar Security allow the platform to ingest external red-teaming findings and endpoint security data, providing a “single pane of glass” for AI security.
Separately, Wiz unveiled Red Agent, an AI-powered attacker that acts as a sophisticated security researcher, but with AI speed and scale.
The Red Agent joins Wiz’s Green and Blue Agents to power agentic workflows that allow teams to operate how AI operates within their environment.
Recent Articles By Author
如有侵权请联系:admin#unsafe.sh