← Back to Library
Wikipedia Deep Dive

Wiz, Inc.

13 min read

Based on Wikipedia: Wiz, Inc.

On March 11, 2026, a deal closed that fundamentally altered the architecture of the internet's defense. For $32 billion in cold, hard cash, Alphabet Inc. absorbed Wiz, Inc., marking not only the largest cybersecurity acquisition in history but also the most expensive purchase Google has ever made across any sector. This was not merely a financial transaction; it was the culmination of a six-year sprint that saw four former colleagues transform from stealth-mode operators into the guardians of the world's cloud infrastructure. The acquisition, finalized under a landscape of shifting regulatory tides and an IPO market in disarray, confirmed what the industry had suspected for months: no amount of venture capital could outpace the speed at which Wiz moved, and no amount of independent ambition could match the gravity of Google's need to secure its own future.

Wiz was born in January 2020, a time when the global digital infrastructure was already fraying under the weight of rapid migration to the cloud. The founders—Assaf Rappaport, Yinon Costica, Roy Reznik, and Ami Luttwak—were not novices stumbling into the sector. They were veterans who had previously founded Adallom, a company that Microsoft acquired for $325 million in 2015. That exit did not lead to retirement; instead, it led to a realization of what came next. The cloud was no longer just an option; it was the only option. Yet, as corporations rushed to Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform, they left behind a trail of misconfigurations and invisible vulnerabilities that traditional security tools were ill-equipped to see.

The founding team brought a specific, almost surgical perspective to this chaos. Rappaport took the helm as CEO, while Costica assumed the role of VP of Product, Reznik became VP of Engineering, and Luttwak served as CTO. Their insight was deceptively simple yet profoundly difficult to execute: they needed to build a platform that could analyze computing infrastructure across every major provider simultaneously. Wiz's technology was designed to look at AWS, Azure, Google Cloud, Oracle Cloud Infrastructure, and Kubernetes not as isolated silos, but as a single, interconnected ecosystem. The goal was to identify combinations of risk factors—small errors that, when chained together, allowed malicious actors to gain control of cloud resources or exfiltrate valuable data.

The speed at which they executed this vision remains without precedent in the annals of technology startups. In August 2022, Wiz claimed a title that seems almost mythical in hindsight: the fastest startup ever to scale from $1 million to $100 million in annual recurring revenue (ARR). They achieved this staggering milestone between February 2021 and July 2022. It was not just speed; it was velocity. By February 2024, less than two years later, the company claimed an ARR of $350 million and boasted a 45% market share among Fortune 100 companies. This was not incremental growth; it was a seismic shift in how enterprise security was purchased and deployed.

The workforce that powered this machine reflected its global ambition and its Israeli roots. As of November 2024, Wiz employed approximately 1,995 people. The geography of the company told a story of its operational model: sales and marketing teams were scattered across North America and Europe to be near their clients, while the engineering heart beat in Tel Aviv, Israel. This separation allowed them to tap into the deep talent pool of Israeli cybersecurity expertise while maintaining a front door open to the world's largest markets.

Wiz's rise was not without its aggressive maneuvers. The company engaged in a series of acquisitions that signaled an intent to dominate every corner of the cloud security landscape. In December 2023, they acquired Raftt, a Tel Aviv-based developer collaboration platform, for $50 million, aiming to integrate security directly into the developer workflow. By April 2024, the stakes were higher; Wiz purchased Gem Security, a cloud detection and response startup, for around $350 million. That same month, rumors swirled that Wiz intended to purchase Lacework, a major competitor. The deal, however, fell through in May during due diligence, a reminder that even at this level of valuation, the complexities of merging distinct security cultures could stall progress.

Undeterred, they moved quickly. In November 2024, Wiz acquired Dazz, a startup specializing in security remediation and risk management, in a cash-and-share deal valued at $450 million. Each acquisition was a calculated move to close gaps in their platform, ensuring that once a vulnerability was identified by their scanners, the tools to fix it were already embedded within the same interface.

The narrative of Wiz's sale is as much about human connection and timing as it is about financial valuation. The path to the $32 billion exit began with a digital miss. In March 2024, Sundar Pichai, the CEO of Google and Alphabet, reached out directly to Assaf Rappaport via email, expressing interest in acquiring Wiz. For reasons that remain private, perhaps lost in the noise of a rapidly scaling startup, Rappaport missed this initial overture. It was not until May 2024 that the two executives finally met at the Googleplex in Mountain View, California, along with Thomas Kurian, the CEO of Google Cloud.

The meeting sparked an immediate offer: $23 billion. Wiz turned it down. The company was riding high on its momentum, and the initial instinct was to pursue an Initial Public Offering (IPO). They believed they could command a higher valuation in the public markets and maintain their independence. But the macroeconomic environment is a fickle partner. As 2024 progressed into 2025, the IPO market proved weak, fraught with volatility and investor caution. Simultaneously, the political landscape shifted; the arrival of a more mergers and acquisitions-friendly Trump administration in Washington created a permissive environment for large-scale consolidations.

The calculus changed. The allure of independence gave way to the certainty of a massive payday and the strategic advantage of joining Google's ecosystem. On March 18, 2025—nearly a year after the initial missed email and subsequent meeting—Google announced an all-cash acquisition of Wiz for $32 billion. This was not just an upgrade in price; it was a fundamental restructuring of the deal to accommodate the realities of the market. The announcement sent shockwaves through Silicon Valley, cementing Wiz's status as the most valuable private cybersecurity company in history before it even hit the public markets.

The road from that announcement to the final closing on March 11, 2026, was paved with regulatory scrutiny. In February 2026, the European Union's antitrust authorities granted unconditional approval for the transaction. This was a critical hurdle. The European Commission concluded that the acquisition would not substantially lessen competition in the cybersecurity and cloud computing markets. Their clearance allowed Wiz to integrate fully into Google Cloud within the European Economic Area without any conditions, removing the final major obstacle and validating the deal's legitimacy on a global scale. When the ink finally dried, it marked the largest technology acquisition involving an Israeli-founded company, a testament to the depth of talent emerging from that region's tech scene.

To understand why this acquisition was so inevitable, one must look at the product itself. Wiz did not just sell software; they sold visibility into the invisible. Cloud security is unique because the infrastructure is ephemeral. A server can be spun up in seconds and shut down a moment later. Traditional security tools, which rely on agents installed on servers or network perimeter defenses, are too slow for this environment. They see what happened yesterday; Wiz sees what is happening right now.

The company's reputation was built not just on sales decks but on the hard evidence of vulnerabilities they discovered and publicly disclosed. Their researchers acted as a public service, uncovering flaws that could have crippled major corporations had they fallen into the wrong hands. One of their most significant discoveries was "ChaosDB," a series of critical flaws in Microsoft Azure's Cosmos DB. This vulnerability allowed attackers to download, delete, or manipulate databases belonging to thousands of Azure customers. The implications were staggering: entire business operations could be wiped out with a single command.

They followed this with "OMIGOD," bugs found in Open Management Infrastructure, an agent embedded in many popular Azure services that was ubiquitous but poorly documented. This vulnerability allowed for unauthenticated remote code execution and privilege escalation, effectively handing the keys to the kingdom to anyone who knew how to look. Then came "NotLegit," which exposed insecure default behavior in the Azure App Service, leaking the source code of customer applications.

The list continued with surgical precision. "ExtraReplica" was a chain of critical vulnerabilities in the Azure Database for PostgreSQL Flexible Server that allowed privilege escalation and access to other customers' databases after bypassing authentication. "AttachMe" exposed a cloud isolation vulnerability in Oracle Cloud Infrastructure that could have let attackers modify other users' storage volumes without authorization. Perhaps most chilling was "Hell's Keychain," a first-of-its-kind supply-chain vulnerability in IBM Cloud Databases for PostgreSQL that allowed remote code execution in victim environments.

The discoveries did not stop at traditional infrastructure. In "BingBang," Wiz researchers found a misconfiguration in Azure Active Directory that allowed them to modify Bing.com search results, creating a vector for malicious actors to steal Office 365 credentials and access countless users' private emails and documents. Most recently, they exposed the "DeepSeek" vulnerability, revealing a trove of sensitive information in a key database from the artificial intelligence startup DeepSeek that had been inadvertently left open to the internet. Each disclosure was a stark reminder of how fragile the cloud ecosystem truly is when left unmonitored by tools like their own.

The capital behind Wiz's rise was as formidable as its engineering team. The company raised a total of $1.9 billion from a constellation of venture capital heavyweights and private investors, a testament to the confidence the market had in their trajectory. In December 2020, Wiz emerged from stealth with a Series A round of $100 million from Index Ventures, Sequoia Capital, Insight Partners, and Cyberstarts. The momentum was immediate.

By April and May 2021, they closed two back-to-back Series B rounds totaling $250 million on a $1.7 billion valuation, drawing in Greenoaks alongside their previous backers. The valuations continued to climb. In October 2021, the Series C round brought in $250 million at a $6 billion valuation, led by Greenoaks with participation from Salesforce Ventures and individual investors of note like Bernard Arnault, the chairman of LVMH, and Howard Schultz, the former CEO of Starbucks. The involvement of such high-profile individuals signaled that Wiz was not just a tech play but a foundational asset in the modern economy.

The Series D round in February 2023 raised $300 million at a $10 billion valuation, pushing them firmly into "decacorn" status. Lightspeed Venture Partners joined the fold, along with Arnault and Schultz again, doubling down on their belief in the team. The final private round before the acquisition was massive. In May 2024, Wiz raised $1 billion at a $12 billion valuation from Andreessen Horowitz, Thrive Capital, Greylock Partners, Wellington Management, and a long list of other top-tier firms. This capital allowed them to expand their engineering teams in Tel Aviv and their sales forces globally, fueling the growth engine that would eventually attract Google's attention.

The story of Wiz is also a story about the changing nature of corporate strategy. For decades, companies like Microsoft, Amazon, and Google built empires by acquiring competitors or complementary technologies. But the pace of innovation in cybersecurity accelerated to a point where building internally was no longer sufficient. The complexity of cloud environments demanded a level of specialization that only startups could provide. Wiz's ability to scan across multiple clouds simultaneously created a moat that was incredibly difficult for legacy players to cross from scratch.

Google's decision to acquire Wiz for $32 billion was an admission of this reality. By bringing Wiz into the Google Cloud fold, Alphabet secured not just a product line but the very best minds in cloud security. The integration promises to make Google's own infrastructure more resilient while offering its enterprise customers a world-class security tool that had already proven itself with half of the Fortune 100.

The acquisition also highlighted the unique position of Israel as a global hub for cybersecurity talent. From Adallom to Wiz, and now the integration into a US giant, the Israeli tech ecosystem continues to punch well above its weight in the global market. The founders' journey from Tel Aviv to the Googleplex illustrates a path that is increasingly common: build a world-class product, attract global capital, solve critical problems at scale, and eventually, become too valuable to remain independent.

As of March 2026, Wiz exists as a subsidiary of Alphabet, but its DNA remains distinct. The engineers in Tel Aviv continue to push the boundaries of what is possible in cloud analysis. The sales teams in New York and London continue to close deals with the world's largest corporations. The platform continues to scan for vulnerabilities that others cannot see. The $32 billion price tag was not a ceiling; it was a floor, reflecting the immense value of trust in an era where digital assets are the primary currency of modern life.

The deal represents more than just a merger of entities; it is a consolidation of responsibility. In a world where a single misconfiguration can lead to the theft of millions of records or the shutdown of critical infrastructure, having a unified, powerful security layer is no longer a luxury—it is a necessity. Wiz spent six years building that layer. Google spent $32 billion to ensure it became part of its foundation. The result is a landscape where cloud security is more integrated, more intelligent, and perhaps most importantly, more visible than ever before.

For the founders, Assaf Rappaport, Yinon Costica, Roy Reznik, and Ami Luttwak, the journey has come full circle. They started with Adallom, learned the lessons of a massive exit, returned to build something bigger and faster, and ultimately sold for a figure that redefined the industry's expectations. The story of Wiz is a testament to the power of focused innovation, the speed of execution, and the inevitable convergence of security and cloud infrastructure in the digital age. It is a story of how four people looked at a complex problem and decided not just to solve it, but to own it.

The events of 2026 will likely be studied for decades as a case study in hyper-growth and strategic acquisition. The speed from $1 million to $32 billion is a phenomenon that may never be repeated in quite the same way. But the lessons remain clear: in the cloud, visibility is power, and those who can see the unseen hold the keys to the future. Wiz found those keys, Google bought them, and the world of digital security was forever changed.

View original Wikipedia article →

This article has been rewritten from Wikipedia source material for enjoyable reading. Content may have been condensed, restructured, or simplified.

Related Articles

This deep dive was written in connection with these articles: