Expert Backend Engineer

Pillar and Wiz partner to expand AI attack surface visibility. Pillar Security announced a partnership with Wiz focused on improving visibility into artificial intelligence-related attack surfaces across enterprise environments. The integration connects Pillar's AI discovery and risk analysis capabilities with Wiz's cloud security platform. The goal is to help organizations identify where AI systems are deployed, understand associated risks and map potential attack paths across cloud infrastructure. The partnership leverages Wiz's AI workload discovery and potential security risks on the Wiz Security Graph, where Pillar Security then tests those AI endpoints with RedGraph to provide security results back to Wiz as enriched, evidence-based risk data. The integration provides complete AI asset inventory, automated AI attack surface mapping, continuous validation and enriched risk data. Pillar focuses on identifying and securing AI assets, including models, data pipelines and APIs, while Wiz provides cloud security posture management and risk detection. By combining these capabilities, the companies aim to give security teams a more comprehensive view of how AI workloads intersect with broader cloud environments. Posted by Pure AI Editors on 03/30/2026

SonarQube insights now available in Wiz: unified visibility from code to cloud. Jeff Clawson Head of Technology Partnerships March 18, 2026 In the fast-paced world of modern software delivery, engineering leaders and platform engineers face a growing dilemma: the "Engineering Productivity Paradox." While automated tools and AI assistants allow teams to ship code faster than ever, they also introduce a higher volume of security vulnerabilities and bugs. Tracking these risks often feels like a game of whack-a-mole, with security findings scattered across disparate tools and development cycles. As the industry prepares to gather in San Francisco next week for the RSA Conference, the conversation has shifted from simply "finding" bugs to "unifying" the defense. Today, SonarSource is thrilled to announce a new integration between Sonar and Wiz. By bringing SonarQube's Static Application Security Testing (SAST) findings directly into the Wiz platform, SonarSource is giving organizations the unified visibility they need to secure their software from the first line of code to the production environment. If you plan to attend RSAC, then you can see the integration in action at the Sonar booth (#S-1727) and at the Wiz House (661 Howard St). Why this integration matters. The "before" state for most organizations is defined by silos. Developers live in their CI/CD pipelines and IDEs, focused on code quality and immediate bug fixes, while security teams operate across multiple tools to monitor risks across code, cloud, and runtime. Without a bridge between these worlds, it is incredibly difficult to track code health at scale in a microservices environment. A critical vulnerability found in a code scan might lack the cloud context to be properly prioritized, and a runtime risk might be hard to trace back to the specific source code repository or owner. SonarQube insights in your cloud security inventory. The integration between Sonar and Wiz eliminates these silos by creating a "code-to-cloud" feedback loop. Using the new connector, SonarQube metrics and findings are ingested and displayed within the Inventory > SAST Findings page on the Wiz platform. This technical flow is designed to be seamless. SonarQube performs automated systematic code analysis during your CI/CD pipeline, conducting both Pull Request (PR) analysis (on new code) and branch analysis (on regular, long-lived branches). Wiz pulls in these branch analysis results - supporting any branch, not just the default - and maps them to the corresponding assets in your cloud inventory. By enriching Wiz's Security Graph with SonarQube's specialized SAST data, security teams can see a high-fidelity view of risk that combines code-level flaws with real-world cloud context, such as network exposure and identity permissions. Key benefits for users. * Centralized visibility: Consolidate your application-level findings from SonarQube alongside other cloud risks within a single pane of glass in Wiz, ensuring nothing falls through the cracks. * Prioritized remediation: By enriching existing cloud assets with SonarQube's SAST findings, teams can identify "toxic combinations" - where a code-level vulnerability exists on a publicly exposed or highly privileged container. * Streamlined developer workflows: SonarQube automatically tracks findings across multiple project branches, and this integration ensures that the right data reaches the right people without requiring developers to leave their existing CI/CD environments. * Unified security posture: Strengthen your overall security governance by aligning code-level evidence with infrastructure risk, helping engineering leaders meet compliance requirements and maintain high standards across the SDLC. The partnership between Sonar and Wiz is a significant step toward a future where code quality and cloud security are no longer separate concerns. By interweaving Sonar's deep code analysis into the Wiz platform, SonarSource is empowering development and security teams to collaborate more effectively and build software that is secure by design. SonarSource share a vision of reducing developer toil and providing the actionable insights needed to innovate with confidence in an increasingly complex cloud landscape. Want to see this integration in action? If you're attending RSAC, find SonarSource at booth #S-1727 and at the Wiz House all week long, to learn more. Book a meeting with the team!

Wiz investor breaks down Google's $32 billion acquisition. Published Date: 2026-03-15 Technology giant Google has officially finalized its acquisition of the cybersecurity firm Wiz for $32 billion. This transaction marks a monumental milestone, representing both the largest purchase in Google's corporate history and the highest-valued acquisition of a venture-backed startup to date. During a recent industry discussion, Shardul Shah, a partner at Index Ventures - the largest institutional shareholder in Wiz - shared insights into the historic agreement. Shah's professional relationship with the founding team predates Wiz itself. Approximately a decade ago, he served on the board of Adallom, an earlier venture established by Wiz co-founders Assaf Rappaport, Ami Luttwak, and Roy Reznik. That initial collaboration provided a foundation of trust that carried over into their current enterprise, with Shah joining the Wiz board during its seed funding round after receiving a timely birthday call from Rappaport. Capitalizing on market tailwinds. Shah emphasized that the magnitude of the acquisition is a direct reflection of the startup's strategic positioning. He noted that the company operates at the convergence of three major industry movements: artificial intelligence, cloud computing, and enterprise security expenditures. With modern infrastructure requiring robust protection in the era of artificial intelligence, securing cloud workloads has become an essential priority for global enterprises. While acknowledging the financial scale of the transaction - which he playfully suggested should be classified as the deal of the decade rather than just the month - Shah attributed the core value of the company to its leadership team. He described Rappaport as a leader with exceptional judgment and market intuition. The founding team's dynamic plays a crucial role, with Luttwak focusing on future innovations, co-founder Yinon Costica managing present operational realities, and Reznik driving execution. This collaborative environment enabled the firm to rapidly build a comprehensive platform and dominate an established market sector. Navigating acquisition offers and independence. The path to this historic exit was not without prior opportunities. The cybersecurity firm had famously declined an earlier acquisition proposal from Google. When asked about that decision, Shah explained that his confidence remained rooted in the founders' internal decision-making processes rather than external market validation. Drawing a parallel to an earlier investment philosophy centered on knowing when to decline offers - a concept he previously directed at the founders of Audible - he noted that trusting a leadership team means supporting their methodology regardless of the immediate outcome. Under the new corporate umbrella, the cybersecurity provider will leverage Google's extensive resources, including advanced artificial intelligence talent and global infrastructure. This integration is expected to enhance the startup's ability to protect cloud environments and production code. The firm currently serves a highly specialized client base focused on immediate threat prioritization, often referred to as a zero-critical environment. The acquisition structure aims to preserve the startup's internal culture of trust while utilizing the acquiring company's scale to expand its operational reach. Ecosystem impact and future innovation. Beyond the immediate corporate synergies, the $32 billion transaction is poised to have a lasting impact on the broader technology ecosystem. Large-scale liquidity events of this nature often serve as a catalyst for future industry growth. Shah highlighted the inspirational value of the deal, suggesting it expands the boundaries of what global entrepreneurs believe is achievable. The financial distribution resulting from the acquisition will likely generate significant wealth for early employees and investors, fundamentally altering the trajectory of numerous individuals. More importantly, the influx of capital and proven talent back into the market is expected to fuel a new generation of technological innovation. Observers and investors alike are now watching to see how the skills and aspirations of those involved will shape the next wave of startup creation.