On March 19, 2026, Google Cloud finalized the $32 billion acquisition of **Wiz**, the fastest-growing software company in history. This milestone marks the end of the "Agent Era" in cloud security and the beginning of a unified, AI-driven defense paradigm. By integrating Wiz's revolutionary **Security Graph** with Google's planetary-scale infrastructure, the combined entity is set to redefine how enterprises protect their multi-cloud workloads.
Wiz's primary technical advantage has always been its **agentless scanning** technology. Traditional security tools require installing an agent (a piece of software) on every virtual machine (VM) or container. This is a management nightmare and introduces performance overhead. Wiz solved this by utilizing **cloud-native snapshots** via API.
The system connects to the cloud environment (AWS, Azure, GCP, or OCI) and takes out-of-band snapshots of the storage volumes. It then scans these snapshots for vulnerabilities, malware, and misconfigurations without ever touching the running workload. This ensures 100% coverage from day one, with zero impact on application performance.
With the acquisition closed, Google is integrating this agentless engine directly into the **Google Cloud Fabric**. This means that every new project created on Google Cloud will be automatically "Wiz-protected" at the hypervisor level, providing immediate visibility into the security posture without a single line of configuration from the developer.
The centerpiece of the integration is the transformation of Google Cloud Security Command Center into **SCC+**. This new platform is built on top of the **Wiz Security Graph**. The Graph doesn't just list vulnerabilities; it maps the relationships between assets, identities, and network paths.
For example, a high-severity vulnerability in a database is just a "finding" in a list. But the Wiz Graph can show that this database is connected to an internet-facing web server and has an overly permissive IAM role. This creates a **Critical Attack Path**. SCC+ will prioritize these paths over thousands of isolated vulnerabilities, allowing security teams to focus on the 1% of risks that actually matter.
Technical benchmarks from early integration pilots show that SCC+ reduces the number of "actionable" alerts by **85%** while increasing the detection of complex multi-step breaches by **40%**.
Performance and capability improvements following the integration of Wiz into Google Cloud.
The most forward-looking part of this acquisition is the fusion of Wiz's data with Google's **Security AI Workbench**. Google's **Gemini** models are being trained on the Wiz Security Graph to provide "Predictive Threat Modeling."
Instead of waiting for a breach, a security architect can ask Gemini: "What are the most likely attack paths if we deploy this new Kubernetes cluster in the US-East region?" Gemini will analyze the proposed configuration against the existing Security Graph and generate a risk report with specific terraform-based remediation steps. This **Security-as-Code** approach is expected to reduce the time spent on manual audits by 70%.
Map Multi-Cloud Identities: Ensure that your AWS and Azure IAM roles are properly federated with Google Cloud to allow SCC+ to build a complete cross-cloud Security Graph.
Deprecate Legacy Agents: Begin a phased retirement of resource-intensive security agents in favor of the SCC+ agentless scanning engine to improve VM performance by 5-10%.
Adopt Remediation-as-Code: Integrate the SCC+ API into your CI/CD pipelines to automatically block deployments that create new critical attack paths.
Google's $32 billion bet on Wiz is a bet on the end of fragmented security tools. By bringing CNAPP, CSPM, and CWPP under one roof and powering it with planetary-scale AI, Google has created the first true "Cloud Operating System for Security." For enterprises, the message is clear: the barrier between cloud infrastructure and cloud security has permanently dissolved.
Existing Google Cloud customers can expect an automatic opt-in to SCC+ Free Tier starting in April, with the full enterprise suite rolling out throughout Q2 2026.
For more on the infrastructure supporting these high-scale security workloads, check out our report on **Google's $20 Billion AI Infrastructure Bond**.
Join 50,000+ engineers getting daily deep dives into AI, Security, and Architecture.