Google Acquires Wiz for $32 Billion as Cloud Threats Hit CVSS 10.0 and 75% of Environments Stay at Risk

GigaNectar Team

BusinessNews
Google Cloud and Wiz official acquisition announcement graphic marking the completion of the $32 billion deal on March 11 2026

On March 11, 2026, Google completed its $32 billion all-cash acquisition of Wiz — the largest purchase in Google’s history and one of the biggest deals ever recorded in the cybersecurity industry. Wiz, headquartered in New York, joins Google Cloud while keeping its brand and its commitment to protecting customers across all major cloud platforms.

The deal had been in the works since March 2025. Over that year, Wiz did not pause building — its research team disclosed major vulnerabilities, expanded its AI security platform, and hit a series of product milestones. Now, as a Google Cloud company, Wiz continues to serve customers on AWS, Microsoft Azure, Google Cloud Platform, and Oracle Cloud — all four, without restriction. For context on how AI infrastructure investments are moving globally, see our coverage of the TCS Gemini Experience Center in Michigan and the Oracle-OpenAI data center developments.

Breaking: March 11, 2026

It’s Official — Wiz Joins Google Cloud

Google’s $32 Billion Bet on Cloud Security Is Now Complete

Google’s largest acquisition ever · Wiz brand stays · All 4 major clouds still covered

Closed Today · March 11, 2026
$32B
All-cash deal — Google’s biggest acquisition ever
50%
Fortune 100 companies protected by Wiz
75%+
Cloud environments running Redis — hit by RediShell (CVSS 10.0)
4
Major clouds fully supported: AWS, Azure, GCP, OCI
Cloud security infrastructure — server racks and network connections representing multicloud environments
Cloud infrastructure underpins modern enterprise security — Wiz operates across all major cloud providers
How We Got Here

From First Announcement to Day One

Twelve months of building, researching, and regulatory approvals — the key moments

📣
March 2025
Deal Announced at $32 Billion
Google announced its intent to acquire Wiz in an all-cash transaction worth $32 billion — the highest price Google has ever paid for any company. Wiz had previously turned down a $23 billion offer from Alphabet in 2024 before agreeing to revised terms in early 2025.
🔬
May – October 2025
Wiz Research Kept Shipping
During the acquisition process, Wiz Research uncovered RediShell (CVE-2025-49844 — a 13-year-old CVSS 10.0 Redis RCE flaw affecting 75%+ of cloud environments, demonstrated at Pwn2Own Berlin in May 2025, publicly disclosed October 2025), NVIDIAScape (CVE-2025-23266 — CVSS 9.0 container escape in the NVIDIA Container Toolkit affecting ~37% of cloud environments), and CodeBreach (a CodeBuild misconfiguration threatening the AWS JavaScript SDK — the library powering the AWS Console — disclosed January 2026). Supply chain attacks including Shai-Hulud and NX were also tracked and disclosed.
⚔️
2025 — ZeroDay.cloud
First-of-its-Kind Hacking Competition
Wiz hosted ZeroDay.cloud, a hacking competition where top researchers uncovered a record number of CVEs in foundational cloud and AI tools. The event was linked to Wiz’s broader mission of securing open-source and multicloud infrastructure.
🤝
September – December 2025
Platform Expansion & Regulatory Clearance
Wiz launched AI Security Agents, Wiz Exposure Management (code to cloud to on-prem), and WizOS — hardened near-zero-CVE container base images. The U.S. Department of Justice cleared the deal in November 2025. The European Commission gave unconditional approval in February 2026. Wiz also published independent research into security risks in vibe-coded apps built on platforms like Lovable, finding 1 in 5 organizations inadvertently exposed themselves to risk through common misconfigurations.
March 11, 2026
Acquisition Officially Closed
Google completed the $32 billion acquisition. Wiz joined Google Cloud, retaining its brand and multicloud commitment. Products continue to operate across AWS, Azure, GCP, and Oracle Cloud Platform.
Cybersecurity operations centre — analysts monitoring threats across cloud environments
Security operations teams now have unified context across code, cloud, and runtime through the combined Google-Wiz platform
Security Stack

What’s in the Platform — Explored by Layer

Tap each tab to see what Google Cloud and Wiz each bring, and what the combined platform delivers

🔭
Wiz Exposure Management
A single, proactive view of risk — unifying vulnerability and attack surface management from code to cloud to on-prem. Teams can focus on exploitable risks that actually matter, rather than noise.
Wiz
🤖
AI Security Agents
Purpose-built agents that help security teams investigate, prioritize, and fix risks at machine speed — powered by deep context across code, cloud, and runtime environments.
Wiz
🛡️
WizOS
Hardened, near-zero-CVE container base images. Developers get a trusted, secure foundation from the very first commit — reducing vulnerability surface before code ever ships to production.
Wiz
🧠
AI Security Platform
Gives organizations visibility into AI application usage, prevents AI-native risks, and protects AI workloads at runtime. Built to address the specific threat landscape of the generative AI era.
Wiz
🌐
Google Threat Intelligence
Detailed, timely, and actionable threat intelligence that helps security teams understand adversarial behavior and determine the most effective response path.
Google
⚙️
Google Security Operations
Collects security telemetry, identifies high-priority threats using intelligence, and drives response through playbook automation, case management, and team collaboration tools.
Google
🔎
Mandiant Consulting
Frontline expertise from the team that responds to the world’s largest breaches. Helps organizations prepare for, detect, and recover from major cyber events.
Google
Gemini AI Integration
AI-enhanced threat hunting, remediation workflow generation, and audit documentation built into Google Security Operations and the Wiz platform — powered by Google’s Gemini model.
Google
🔗
Unified Security Platform
Wiz Cloud Security + Google Security Operations in one stack — securing cloud-native applications at every stage: development, build, and runtime. One context layer across all cloud environments.
Combined
AI Threat Detection
Detects threats created using AI models, protects against threats targeting AI systems, and uses AI models to help professionals hunt for threats faster and with greater precision.
Combined
📐
Consistent Controls Across Clouds
A uniform set of tools, processes, and policies across AWS, Azure, GCP, and OCI — from code to cloud to runtime. One platform for the full multicloud estate, with no gaps.
Combined
🏢
SMB to Enterprise Coverage
The combined platform is designed to protect small businesses with limited security resources as well as large enterprises, government agencies, and frontier AI labs.
Combined
🗄️
Moltbook — 1.5M API Tokens Exposed
Wiz found a misconfigured Supabase database in Moltbook — a viral social network for AI agents — exposing 1.5 million API authentication tokens, 35,000 email addresses, and private messages. Disclosed responsibly; patched within hours.
Research
🔓
RediShell — CVSS 10.0
CVE-2025-49844: a 13-year-old use-after-free flaw in Redis, rated CVSS 10.0 — the highest possible severity. Affects all Redis versions and was present in ~75% of cloud environments. Demonstrated at Pwn2Own Berlin; patched October 2025.
Research
📦
CodeBreach — AWS JavaScript SDK
A CodeBuild misconfiguration — just two missing regex characters — could have allowed unauthenticated attackers to take over the AWS JavaScript SDK, which powers the AWS Console and is present in ~66% of cloud environments. Disclosed August 2025; patched September 2025.
Research
🐳
NVIDIAScape — CVSS 9.0
CVE-2025-23266: a container escape flaw in the NVIDIA Container Toolkit, rated CVSS 9.0. Exploitable with a three-line Dockerfile. Affected ~37% of cloud environments running GPU-based AI workloads. Patched in NVIDIA Container Toolkit v1.17.8.
Research
Fact-verified: Moltbook exposure = 1.5M API authentication tokens (not “millions” generically). NVIDIAScape CVSS = 9.0, not 10.0. CodeBreach targeted the AWS JavaScript SDK (which powers the Console), not the AWS Console directly.
Security Findings

Key Vulnerabilities Wiz Disclosed in the Past Year

Every one of these was responsibly disclosed, with patches released before public announcement

🔴
RediShell · CVE-2025-49844
13-year-old use-after-free flaw in all Redis versions. Allows a post-auth attacker to send a crafted Lua script, escape the sandbox, and execute arbitrary code on the host. Over 330,000 Redis instances were exposed on the internet at the time of disclosure; ~60,000 had no authentication.
CVSS 10.0
🟠
NVIDIAScape · CVE-2025-23266
Container escape in NVIDIA Container Toolkit (all versions up to 1.17.7). A three-line Dockerfile is all that’s needed. Grants full root access to the host machine — critical for multi-tenant GPU infrastructure where different customers share hardware.
CVSS 9.0
📦
CodeBreach · AWS JavaScript SDK
Unanchored regex in AWS CodeBuild webhook filters let unauthenticated attackers trigger privileged builds and steal GitHub admin credentials. The SDK is present in ~66% of cloud environments and powers the AWS Console. Fixed within 48 hours of Wiz’s responsible disclosure in August 2025.
Supply Chain
🗄️
Moltbook Database Exposure
Misconfigured Supabase database in the viral AI-agent social network Moltbook left 1.5 million API authentication tokens, 35,000 email addresses, and thousands of private messages fully accessible — no authentication required. Wiz disclosed it on January 31, 2026; fully patched by February 1, 2026.
AI Platform
🧩
Vibe-Coded App Risks (Lovable Research)
Wiz independently investigated apps built on the Lovable vibe-coding platform and found that 1 in 5 organizations inadvertently expose themselves to risk through common misconfigurations — including hardcoded secrets, insecure database access policies, and publicly deployed internal tools without authentication.
Research
Global network connectivity visualisation — representing multicloud infrastructure spanning AWS, Azure, Google Cloud and Oracle Cloud
Wiz remains platform-neutral — fully operational across all four major cloud providers post-acquisition
Multicloud Commitment

Wiz Stays Platform-Neutral After Google Acquisition

Joining Google does not restrict coverage. All four major clouds remain fully supported — a core condition of the deal.

Amazon Web Services
CodeBreach disclosed to protect AWS ecosystem. Wiz earned “Deployed on AWS” status in 2025.
✓ Fully Supported
Microsoft Azure
Full platform visibility, exposure management, and runtime protection across Azure environments.
✓ Fully Supported
Google Cloud Platform
Inaugural Google Unified Security Recommended partner. Deepened integration with Gemini AI post-acquisition.
✓ Fully Supported
Oracle Cloud (OCI)
Packaged apps, SaaS, virtual machines, and on-prem workloads also covered alongside OCI environments.
✓ Fully Supported
Official Statements

In Their Own Words

Direct quotes from the official joint press release, March 11, 2026

“Keeping people safe online has always been part of Google’s mission. This job is increasingly important today, as more companies and governments move their work to the cloud and broadly use generative AI. By bringing Wiz and Google Cloud together, we’re making it easier for organizations to innovate with confidence.”

SP
Sundar Pichai
CEO, Google

“We want to make security a catalyst for innovation, not a barrier. With this acquisition, we will deliver a unified security platform that simplifies the complex task of protecting multicloud environments in the AI era, making a strong security posture accessible to more companies and governments.”

TK
Thomas Kurian
CEO, Google Cloud

“Joining Google Cloud allows us to scale our mission of protecting customers wherever they operate — at machine speed. We remain committed to our open approach, ensuring Wiz continues to support all major cloud and code environments. With Google’s AI leadership and resources, coupled with Wiz’s deep context and knowledge of cloud and code environments, we are in a stronger position to help our partners and customers prevent breaches before they happen.”

AR
Assaf Rappaport
Co-Founder & CEO, Wiz
What Was Covered

Closed at $32 Billion — Cloud Security’s New Chapter

This piece covered the completion of Google’s $32 billion acquisition of Wiz on March 11, 2026 — a deal that cleared U.S. antitrust review in November 2025 and received European Commission approval in February 2026. The Wiz brand, its multicloud product coverage, and its partner ecosystem were discussed as continuing unchanged. Official statements from Sundar Pichai, Thomas Kurian, and Assaf Rappaport from the Wiz blog and Google’s announcement were included.

Key security research milestones from the past year — including RediShell (CVSS 10.0), NVIDIAScape (CVSS 9.0), CodeBreach, and the Moltbook database exposure — were outlined based on Wiz’s own published disclosures. Product developments including WizOS, Wiz Exposure Management, and AI Security Agents were noted as part of the pre-acquisition build period. For related AI infrastructure coverage, see: TCS Gemini Experience Center · Oracle & OpenAI Data Center · Samsung Galaxy S26 Ultra.

↗ Google Cloud Blog ↗ Wiz Official Blog ↗ Google Blog → TCS & Google Cloud → Oracle & OpenAI → Galaxy S26 Ultra

Leave a comment

About Us

Subscribe

Contact Us

Powered By Karmactive

PRIVACY POLICY Adsense Disclaimer