Forrester has just published The Forrester Wave™: Cloud Native Application Protection Solutions, Q1 2026, an independent evaluation of 14 vendors in the CNAPP market. Wiz was named a Leader and received the highest score in the current offering category in this Wave.
It’s a recognition we believe reflects our commitment to accelerating organizations’ cloud security programs across the fast evolving space of cloud security, and we’re incredibly grateful to our team, our customers, and our extended ecosystem for collaborating with us to protect everything built and run in the cloud. We’re also equally excited about the opportunity ahead of us, and how capabilities recognized in this report lay the foundation for what we see as a major change moment in cloud and AI security.
Our approach to cloud security is to make it easy to see and understand your organization’s most important risks across your entire multicloud environment, so you can get ahead of a business-impacting threat. We’re proud that Forrester recognized Wiz with the highest possible scores in 10/12 Current Offering Criteria, including CSPM Capabilities, Infrastructure as Code (IaC) Security, and Agentic AI and copilots.
At the heart of our approach is the Wiz Security Graph, which provides security teams with a single, unified view of risk across multicloud environments so they understand not just what issues exist, but which matter most and why. This context helps organizations operationalize cloud security, focusing remediation on their most critical issues. Today, 50% of Wiz customers are in our Zero Criticals Club, a recognition of those teams with no outstanding critical cloud misconfigurations, compliance violations, or vulnerabilities across their production environment.
Since our founding, we’ve continued to increase visibility across an organization’s multicloud environment, and connected that insight back to the original code and CI/CD pipelines and through to its live production, runtime environment. Today more than 50% of active Wiz users are developers:
These teams are not security practitioners. They’re technical resources who need alerts and relevant insights they can proactively identify, prioritize, and remediate risks, without security’s intervention. Wiz has helped build credibility for risk remediation, because it has such a low level of false positives. I don’t think we’ve ever had a false positive for a critical or high risk. That’s not true for other CSPM solutions, even though they have access to the same data.
Alex Schuchman, CISO of Colgate-Palmolive
In the last year alone, we’ve continued to invest in the depth and breadth of our platform. We extended visibility and remediation capabilities across the cloud software lifecycle, many parts of which were recognized in this evaluation. We introduced features like:
- Expanded AI-powered investigation and remediation capabilities viaWiz AI Agents and the Wiz Security Graph, helping teams quickly investigate, understand risk context and blast radius, and remediate potential issues.
- New AI security capabilities viaWiz AI-SPM, extending visibility and protection to in-house AI applications and AI agents.
- Enhanced detection and response workflows viaWiz Defend, improving visibility into runtime activity and previously hard-to-see workloads as a part of a modern cloud threat detection and response program.
- Expanded attack surface visibility viaWiz Attack Surface Management (ASM), connecting external exposure with internal cloud risk context to help teams prioritize risk by evaluating the environment from an attacker’s outside-in point of view.
- Improvements to usability, scale, and coverage, including Wiz for Microsoft 365, supporting fast-moving multicloud and SaaS environments and the teams that secure them.
What’s next for WizIn the new world of AI innovation, we must continue to evolve. From AI-generated code to AI attacks that move more quickly and at fractionally lower costs to target your systems, the landscape is only growing more complex.
At Wizdom 2025, we shared our vision for how we’re building AI that acts as a force multiplier for security teams, and introduced our first two agents for SecOps and Remediation into public preview. As cloud environments become more dynamic, distributed, and application-centric, we can combine context with agentic AI innovations to make detection, investigation, and remediation faster and more pointed at the most business-impacting problems.
The Wiz Security Graph gives us a unique and powerful foundation of context that can help security teams protect at the pace of AI innovation, and better mitigate risk of AI attacks. It’s the same core Wiz approach, but now at AI scale.
There’s a lot more ahead, and we’re proud Wiz received the highest possible scores in the evaluation criteria for Innovation and Roadmap. Our community plays a critical role in helping to shape this future; as Forrester’s evaluation noted: “Wiz demonstrates a strong innovation strategy that builds upon processes for cocreating with customers and tech partners.” Thank you to our customers and partners who continue to partner with us to shape the future of cloud security.
Check out the full report here: The Forrester Wave™: Cloud Native Application Protection Solutions, Q1 2026.
Forrester does not endorse any company, product, brand, or service included in its research publications and does not advise any person to select the products or services of any company or brand based on the ratings included in such publications. Information is based on the best available resources. Opinions reflect judgment at the time and are subject to change. For more information, read about Forrester’s objectivity here .
