Wiz

Agentless cloud security platform that scans cloud environments for vulnerabilities, misconfigurations, and attack paths using a graph-based security model, with a GraphQL API for querying risk data.

Evaluated Mar 06, 2026 (0d ago) vcurrent
Homepage ↗ Security wiz cloud-security cspm vulnerability agentless risk posture
⚙ Agent Friendliness
56
/ 100
Can an agent use this?
🔒 Security
91
/ 100
Is it safe for agents?
⚡ Reliability
87
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
--
Documentation
78
Error Messages
75
Auth Simplicity
68
Rate Limits
72

🔒 Security

TLS Enforcement
100
Auth Strength
90
Scope Granularity
88
Dep. Hygiene
88
Secret Handling
88

Cloud security posture management (CSPM). Service account + client secret. Security platform credentials are high-value targets. Read-only for reporting vs admin for remediation — use minimal.

⚡ Reliability

Uptime/SLA
90
Version Stability
88
Breaking Changes
85
Error Recovery
85
AF Security Reliability

Best When

Your organization has significant cloud infrastructure and needs agentless, graph-based cloud security posture management with a queryable API for automation.

Avoid When

You're a small team, don't have cloud infrastructure, or need endpoint-focused security rather than cloud posture management.

Use Cases

  • Querying cloud security issues and vulnerabilities for automated remediation workflows
  • Pulling security findings into ticketing systems and SOAR platforms via API
  • Building custom dashboards from Wiz's risk scoring and issue data
  • Automating security posture reports for compliance and audit workflows
  • Correlating Wiz findings with CI/CD pipelines for shift-left security

Not For

  • Endpoint security (Wiz is cloud-native, not endpoint-focused)
  • Organizations without cloud infrastructure (AWS, GCP, Azure, etc.)
  • Small teams — pricing is enterprise-tier and requires sales engagement
  • Real-time threat detection requiring sub-second response (Wiz is periodic scanning)

Interface

REST API
No
GraphQL
Yes
gRPC
No
MCP Server
No
SDK
No
Webhooks
Yes

Authentication

Methods: oauth
OAuth: Yes Scopes: Yes

OAuth 2.0 client credentials flow. Service accounts created in Wiz portal with scoped permissions. Token endpoint varies by Wiz tenant region.

Pricing

Model: subscription
Free tier: No
Requires CC: No

Pricing is not public and requires a sales conversation. Often sold per cloud workload or resource count. No trial or free tier.

Agent Metadata

Pagination
cursor
Idempotent
Full
Retry Guidance
Not documented

Known Gotchas

  • API is GraphQL only — no REST alternative — agents must construct valid GraphQL queries
  • OAuth token endpoint URL varies by tenant data center — must be configured per deployment
  • Wiz data model uses a security graph — queries require understanding entity relationships
  • Finding data can be large — always paginate using cursor-based pagination and limit fields
  • Webhook payloads contain minimal data — must follow up with API call to get full issue details

Alternatives

{'id': 'crowdstrike-api', 'reason': 'Better for endpoint-centric detection and response alongside cloud security'} {'id': 'lacework-api', 'reason': 'ML-based anomaly detection with similar cloud posture capabilities at potentially different pricing'} {'id': 'orca-security-api', 'reason': 'Competing agentless CSPM platform with similar graph-based risk model'}

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for Wiz.

$99
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.

5215
Packages Evaluated
26151
Need Evaluation
173
Need Re-evaluation
Community Powered