Wiz published an AI threat readiness framework on May 8 built around a premise that is already measurable: AI models can now autonomously discover zero-day vulnerabilities, generate working exploits, and chain multiple weaknesses together. The company’s own Red Agent, an autonomous AI-powered attacker launched in public preview in March, provides the proof.

The Numbers

Red Agent scans more than 150,000 production web applications and APIs weekly, processing over 100 billion tokens across hundreds of enterprise environments. The agent has matured from identifying basic structural vulnerabilities to consistently uncovering more than 3,000 high and critical exploitable logic flaws weekly, according to Wiz’s framework blog post. These are the “un-findable” risks that manual and traditional scanning methods routinely miss.

The agent continuously learns and refines its adversarial capabilities, analyzing application logic to optimize multi-step attack patterns. It complements Wiz’s existing Blue Agent (threat investigation) and preview-phase Green Agent, according to SC Media.

Exposure Data

Wiz’s internal data quantifies the risk landscape. Thirty percent of cloud environments have at least one high-impact machine running externally exposed software. Only 2% of organizations have exposed software on machines that also host sensitive data directly. But 19% have exposed software on systems with IAM privileges granting access to sensitive internal assets. In 6% of organizations, exposed software sits on machines with paths to administrative privileges, meaning a single vulnerability could give attackers full control of the environment.

The gap between discovery and exploitation is shrinking. Wiz argues that even software not exploitable today will become exploitable as AI-driven vulnerability discovery accelerates, citing research including its own Cyber Model Arena benchmarks. Mozilla’s Firefox team fixed more security bugs in April than in the entire previous year after scanning with Wiz’s Mythos tool, per the framework post.

The Four-Pillar Framework

Wiz’s readiness model centers on two factors: speed of action and breadth of visibility. The four pillars are:

  1. Eliminate critical risk and reduce exposure. Sensitive assets should not be reachable from the internet regardless of patch status. Scan every exposure with AI, not just traditional ASM.
  2. Use AI-driven risk analysis. Validate which exposures are actually exploitable, not just reachable. Simulate attacker behavior across application and infrastructure layers.
  3. Establish remediation processes. Define playbooks so critical issues are routed and resolved before the next vulnerability appears.
  4. Continuously monitor agent activity. As agents gain more autonomy, runtime visibility into agent behavior becomes as critical as perimeter security.

The Defensive Arms Race

The framework reflects a broader industry shift. Security is moving from static compliance to continuous, AI-driven validation. Organizations that treat vulnerability management as a quarterly exercise are operating on a timeline that AI attackers have already compressed to hours.

For teams building and deploying AI agents, the takeaway is architectural. Agents need runtime monitoring, behavioral analysis, and identity governance. The same autonomous capabilities that make agents useful for legitimate work make them dangerous attack surfaces. Wiz is betting that the security industry’s next growth phase comes from defending against the very autonomous systems it helped create.