Wiz’s chief technologist highlights that AI is transforming cybersecurity into a strategic 'mind game,' presenting both new threats and opportunities across areas like phishing, malware, and endpoint protection, urging the industry to rethink existing security approaches.

Luttwak describes the current era as an exciting time for cybersecurity innovation, emphasizing that AI-driven cyberattacks offer vast opportunities for proactive, security-first strategies to safeguard digital assets.

Despite only about 1% of enterprises fully adopting AI, Wiz reports weekly AI-driven attacks impacting thousands of organizations, underscoring the urgent need for innovative AI cybersecurity solutions.

The integration of AI into enterprise workflows expands the attack surface, often creating vulnerabilities like insecure authentication in vibe coded applications, which attackers exploit using AI tools.

Recent attacks involved using vibe coding to generate attack code, gaining access to customer data by exploiting tokens and impersonating chatbots.

Malware hijacked AI developer tools in an attack on Nx, allowing access to sensitive data.

Security from the start is crucial for startups, with early adoption of security practices like SOC2 and designing architectures that minimize data exposure, exemplified by Wiz’s early security certifications.

Attackers are now leveraging AI and prompt-based techniques to conduct sophisticated exploits, including hacking third-party AI tools and supply chain attacks, exemplified by the recent breach of the startup Drift which exposed Salesforce data.

These AI-driven attacks involve instructing AI to reveal secrets or delete files, with attackers using AI tools like vibe coding and prompt techniques to craft exploits more efficiently.

Offensive AI use includes conducting supply chain attacks by compromising third-party AI tools and employing AI agents to streamline exploit development.

Security experts emphasize that startups must adopt a security-first mindset from day one, especially when working with enterprise clients, to avoid accumulating security debt and meet rigorous standards.

Google-acquired Wiz, valued at $32 billion, has identified insecure coding practices as often driven by developers prioritizing speed over security, and has developed solutions like Wiz Code and Wiz Defend to secure the software lifecycle and cloud environments against AI-related threats.