Full-Time
Updated on 3/14/2025
Cloud security platform for businesses
No salary listed
Senior
San Francisco, CA, USA
The ideal candidate will be based in the SF Bay Area.
Wiz.io provides cloud security solutions tailored for businesses utilizing cloud services. Their platform functions as a unified security command center, allowing companies to secure their applications and infrastructure throughout the development and operational phases. It integrates into existing development workflows, helping teams identify vulnerabilities and misconfigurations in their code, containers, and virtual machines. Wiz.io stands out from competitors by focusing on a self-service model that aligns with the fast-paced nature of cloud development, and it serves a significant portion of Fortune 100 companies. The goal of Wiz.io is to enable businesses to operate securely in the cloud while maintaining compliance with industry regulations and preventing data breaches.
Company Size
1,001-5,000
Company Stage
Series E
Total Funding
$1.9B
Headquarters
New York City, New York
Founded
2020
Help us improve and share your feedback! Did you find this helpful?
Professional Development Budget
Slack and Wiz are introducing a bi-directional Slack app that empowers security teams to manage Wiz Issues and Threats directly within Slack.
Wiz was named the leader in the Winter 2025 CDR Grid Report, based on independent customer reviews.
Anthropic, the AI startup founded by former OpenAI engineers, is in talks to raise up to $2 billion for a valuation of $60 billion. The latest round would more than triple the artificial intelligence startup’s valuation from a year ago. Leading the round is Lightspeed Venture Partners. If it comes to pass, the fundraise would make Anthropic the fifth most valuable U.S. startup, following SpaceX, OpenAI, Stripe and Databricks, according to CB Insights. It would be the seventh most valuable globally after SpaceX, ByteDance, OpenAI, Stripe, Shein and Databricks
"By correlating Cisco's renowned network security capabilities with Wiz's cutting-edge Security Graph engine - which provides straightforward, context-driven insights into critical exposure - enterprises gain deeper visibility and better risk prioritization.
New York-based cloud security startup Wiz, announced that it has identified a publicly accessible ClickHouse database belonging to DeepSeek, granting full control over database operations, including access to internal data. This exposure contains over a million lines of log streams with sensitive information, such as chat histories, secret keys, and backend details. The Wiz Research team responsibly disclosed this issue to DeepSeek, which promptly took action to secure the exposed data.Developed by Yandex, ClickHouse is an open-source, columnar database management system designed for fast analytical queries on large datasets. It is used for real-time data processing, log storage, and big data analytics, making it a valuable and sensitive tool.Based out of Hangzhou, China, DeepSeek is an AI company that has launched the DeepSeek-R1 reasoning model, rivalling OpenAI’s o1 in performance and cost-efficiency.Wiz uncovered ClickHouse databaseDuring the external security posture assessment of DeepSeek, the US company claims to have found a publicly accessible ClickHouse database linked completely open and unauthenticated, exposing sensitive data.“It was hosted at oauth2callback.deepseek.com:9000 and dev.deepseek.com:9000,” says Wiz in its blog. This database contained a significant volume of chat history, backend data and sensitive information, including log streams, API Secrets, and operational details. According to Wiz, the exposure provided complete control over the database and the possibility of privilege escalation within the DeepSeek environment, with no authentication or protective measures against outside threats. Wiz began their reconnaissance by examining the publicly available domains of DeepSeek. Utilising both passive and active techniques, they identified approximately 30 internet-facing subdomains. Most subdomains appeared harmless, including the chatbot interface, status page, and API documentation.However, when they expanded their search beyond standard HTTP ports (80 and 443), they discovered two unusual open ports (8123 and 9000) on the following hosts:– http://oauth2callback.deepseek.com:8123 – http://dev.deepseek.com:8123 – http://oauth2callback.deepseek.com:9000 – http://dev.deepseek.com:9000 “This level of access posed a critical risk to DeepSeek’s own security and for its end-users. Not only an attacker could retrieve sensitive logs and actual plain-text chat messages, but they could also potentially exfiltrate plaintext passwords and local files along propriety information directly from the server using queries like: SELECT * FROM file(‘filename’) depending on their ClickHouse configuration,” says the company