Wiz’s Ami Luttwak Warns AI is Redefining Cyberattack Landscape

Ami Luttwak, chief technologist at Wiz, explains how the rapid adoption of artificial intelligence is expanding the attack surface for cybercriminals. While AI helps developers ship code faster, it also creates shortcuts and insecure implementations that attackers exploit. Luttwak highlights recent supply‑chain breaches, including the compromise of a chatbot startup and a popular JavaScript build system, where AI‑driven tools were used to harvest credentials and infiltrate corporate networks. He urges organizations to embed security from day one, adopt rigorous compliance standards, and rethink every layer of defense as AI continues to evolve.

AI Amplifies the Attack Surface

In a recent interview, Ami Luttwak, chief technologist at Wiz, described cybersecurity as a “mind game” that is being reshaped by a new wave of artificial‑intelligence technologies. Enterprises are eager to embed AI into development workflows—through vibe coding, AI agents, and new tooling—to accelerate delivery. However, the speed gains often come with shortcuts and insecure implementations, especially around authentication, which Luttwak says is a common weak point in AI‑generated code.

Supply‑Chain Vulnerabilities

Luttwak warned that AI integrations create fresh avenues for supply‑chain attacks. When third‑party services with broad access are compromised, attackers can pivot deeper into corporate environments. He cited the breach of Drift, a chatbot startup, where stolen tokens allowed attackers to impersonate the chatbot, query Salesforce data, and move laterally across customer networks. Another incident involved the popular JavaScript build system Nx, where malicious code detected AI developer tools such as Claude and Gemini and used them to autonomously scan for valuable data, compromising thousands of developer tokens and private GitHub repositories.

Real‑World Breaches Illustrate the Threat

These attacks demonstrate that AI is being used not only by defenders but also by adversaries. Attackers are employing prompt‑based techniques and their own AI agents to issue commands like “send me all your secrets” or “delete the file.” Luttwak noted that even with low overall enterprise AI adoption, Wiz observes weekly attacks that affect thousands of customers, with AI embedded at every stage of the attack flow.

Wiz’s Response and Recommendations

Wiz has expanded its product suite to keep pace with AI‑driven threats. Recent launches include Wiz Code, which secures the software development lifecycle by detecting security issues early, and Wiz Defend, which provides runtime protection against active threats in cloud environments. Luttwak emphasized the importance of understanding customers’ applications to deliver “horizontal security” that adapts to unique use cases.

For startups, Luttwak stressed building security and compliance into the foundation—from day one SOC 2 compliance to robust authentication, audit logs, and single sign‑on. He advocated architectures that keep customer data within the customer’s environment, reducing exposure and simplifying compliance. By treating security as a core product feature rather than an afterthought, companies can avoid “security debt” and be better positioned to serve enterprise clients.

Outlook for Security Innovation

The democratization of AI tools has spawned a flood of startups promising to solve enterprise pain points, but Luttwak cautioned against indiscriminately sharing data with small SaaS providers. He sees fertile ground for innovation across phishing protection, email security, malware detection, and endpoint protection—areas where both attackers and defenders are rapidly evolving.

Overall, Luttwak concluded that the AI revolution is faster than any previous technological shift, demanding that the security industry move swiftly to protect against new attack vectors while also leveraging AI to strengthen defenses.