In the AI era, answering the basic questions behind a security finding becomes incredibly challenging. Is this a legitimate activity, a security test, or a malicious attack? What is the blast radius? Manually piecing together those answers across sprawling cloud environments can take hours. To keep up with attackers in the cloud and AI era, SecOps teams need AI-driven incident response—but that only works if the AI has the right context.
Wiz already brings that context together through the Security Graph, code-to-cloud visibility, and runtime signals. To turn that into action, today we’re announcing the Wiz Blue Agent is now generally available for all Wiz Defend customers. Building on the foundation we introduced at Wizdom NYC, the Blue Agent now features deeper investigation capabilities and workflow automation to accelerate incident response.
Investigation with full context
To truly validate a threat, you need to see how everything is connected. The Blue Agent goes beyond surface-level triage- it brings that expansive cloud context together and builds an investigation in the way a trained incident responder would.
Specialized sub-agents help deepen the investigation and increase verdict fidelity:
Forensics: When the Wiz Sensor automatically collects a forensics package at the time of detection—capturing scripts, binaries, and artifacts— the Blue Agent instantly analyzes that evidence to uncover the root cause of suspicious machine activity and better inform its investigation.
Code Analysis: To understand if a behavior is malicious, you must understand what the application was built to do. The Blue Agent correlates runtime activity directly back to source code, identifying related pull requests, code changes, and code owners. This allows the Blue Agent to distinguish between a legitimate (but unusual) application action and a genuine attack.
From triage to action
The goal is simple- reduce response time and help teams act with confidence.
The Blue Agent provides a transparent investigation process, so analysts can see the questions asked, the data retrieved, and how each signal shaped the final verdict. No black boxes, just clear, explainable reasoning.
With Wiz Workflows, teams can turn those verdicts into action. Based on verdict and confidence level, they can automatically escalate incidents, notify response teams, or trigger containment playbooks.
Customers are already seeing the impact of this AI-driven context, and using the Blue Agent to decrease investigation times and hand threats off with accuracy
Start automating investigations
It’s time to move at the speed of AI. The Blue Agent is now generally available. Go to your Wiz portal today to explore the new capabilities, or learn more in the Wiz Docs.
