On March 11, 2026, Google wired $32 billion in cash and closed the most consequential deal in its 27-year history. The target: Wiz, a five-year-old cloud security company founded by four Israelis who’d already sold one startup to Microsoft, watched that product get buried inside a corporate org chart, and decided never again. This time, they held out for something bigger — and got it.
The story is partly about timing, partly about nerve. Google came calling first in 2024 at a reported $23 billion. Wiz turned it down flat, citing antitrust risk in Washington and a stubborn belief that the company could grow into a larger number on its own. That confidence wasn’t bluster — Wiz crossed $1 billion in annual recurring revenue in 2025. When the regulatory climate shifted and a second bid landed at $32 billion, the math finally made sense. The DOJ signed off in November 2025. Brussels cleared it in February. The wire went out on March 11.
“What has changed is the world around us. Now, we must do this at the speed of AI.” — Assaf Rappaport, Co-Founder & CEO, Wiz
The Paradox at the Heart of the Deal
Here is the detail that makes this acquisition genuinely strange: Wiz will keep operating on — and protecting — Amazon Web Services, Microsoft Azure, and Oracle Cloud. Google just paid $32 billion for a security company that will go right on serving its two biggest rivals. That’s not an oversight. It’s the entire pitch.
Google Cloud’s Thomas Kurian has been explicit about it: the value isn’t just what Wiz does for Google customers, it’s that enterprises running multi-cloud environments already trust Wiz. Tear out the AWS and Azure integrations and you destroy the thing you just bought. So Google made a cold-eyed choice — keep the product whole, absorb the competitive weirdness, and take the market credibility that comes with it.
Wiz brings real-time telemetry across every major cloud at exactly the moment AI-driven attacks are outpacing human response times. That context — code, cloud infrastructure, and runtime behavior visible in one place — is what Google needs to make threat intelligence actually predictive, not just retrospective.
The Agentic Identity Crisis Nobody’s Talking About
Here’s the thing security vendors rarely say in public: the fastest-growing attack surface in 2026 isn’t employees clicking phishing emails. It’s software. AI agents, CI/CD pipelines, service accounts, OAuth tokens, API keys — collectively called Non-Human Identities, or NHIs — now outnumber human users in enterprise cloud environments by somewhere between 10-to-1 and 45-to-1, depending on which CISO you ask. Most of them are over-permissioned. Many are forgotten. Nearly all of them are invisible to traditional identity tools built for humans.
The breach that took down a major financial services firm in late 2024 didn’t come through a human account. It came through a misconfigured service token with write access it should never have had, left dormant for eight months. Nobody noticed. That kind of gap is exactly where attackers now live, and it’s exactly what Wiz was built to find. Its security graph continuously maps every identity — human or machine — to the resources it can reach, and flags combinations that create exploitable paths. That capability, in a world deploying autonomous AI agents at enterprise scale, isn’t a nice-to-have. It’s the new perimeter.
Key NHI threat stats:
- 45× NHIs per human user in large enterprises
- 80% of cloud breaches trace back to credential misuse
- Less than 5% of NHIs are actively monitored by legacy IAM tools
Lists vs. Graphs: Why This Actually Matters
Most enterprise security tools are, at their core, list-makers. They generate alerts. Thousands of them. A misconfigured S3 bucket appears on a list. An exposed API key appears on another. A service account with admin privileges that hasn’t been used in six months sits somewhere in a third spreadsheet. What none of these tools do particularly well is connect the dots — show you that the exposed bucket sits two hops away from your AI training data, and the forgotten service account can reach both.
Wiz built a graph instead. Every resource, every identity, every network path, every permission in your cloud environment becomes a node. The edges between nodes are relationships. And Wiz’s query engine can answer questions like: “Show me every path an external attacker could take to reach production data” — not as a static snapshot but as a live, continuously updated map. That shift from list to graph sounds technical, but the business implication is significant: you stop chasing individual alerts and start understanding the actual blast radius.
Traditional CSPM tools give you: Alert: S3 bucket public. Alert: IAM key exposed. Alert: Port 22 open. Alert: Unused admin role. No context. No connection. No priority.
Wiz’s security graph shows you those same four signals as connected nodes with paths between them, with the blast radius at the center. Risks as attack paths, not isolated alerts.
The Mandiant + Wiz Telemetric Loop
Google has owned Mandiant since 2022. For most of that time, it’s been an excellent threat intelligence shop sitting somewhat awkwardly beside a cloud infrastructure business. The two never quite clicked — Mandiant knew a tremendous amount about how attackers behave, but it couldn’t always see the specific infrastructure weaknesses those attackers would exploit. Wiz, conversely, could see every crack in your cloud foundation but didn’t always know which ones active threat actors were already probing.
Combined, the two halves form what Google’s security team has started calling a telemetric loop: Mandiant maps the attacker’s behavior and intent; Wiz maps the infrastructure’s exposed surface. Feed one into the other, and you get something neither could build alone — a system that doesn’t just detect a breach in progress but predicts, and potentially auto-remediates, the vulnerabilities that make a breach possible in the first place. The ambition, as engineers inside Google Cloud describe it, is a self-healing cloud: infrastructure that identifies its own weaknesses faster than attackers can exploit them and patches them without waiting for a human to file a ticket.
The loop in plain terms:
- Mandiant sees: attacker tactics, active threat campaigns, adversary intent
- Wiz sees: misconfigs, exposed identities, exploitable paths, blast radius
- Combined output: predict, prioritize, auto-remediate — before the breach happens
Security as the New Infrastructure War
The timing of this deal reveals something about where the industry’s center of gravity is shifting. The cloud infrastructure race — compute, storage, networking — has basically been won, or at least reached an equilibrium nobody’s going to overturn. The question of the next decade isn’t who can run your workloads fastest. It’s who can guarantee the AI models, the proprietary training data, and the business-critical systems running on those clouds won’t be compromised by an adversary who is, increasingly, also using AI.
That puts Google in direct competition not just with AWS and Azure on infrastructure, but with Palo Alto Networks and CrowdStrike in the security layer. The combined entity — Mandiant’s threat intelligence, Gemini’s AI reasoning, and Wiz’s cloud-native platform — is something neither category has seen before. Not pure infrastructure vendor, not pure security vendor. Something new. Google is betting $32 billion that this in-between space becomes the most valuable real estate in enterprise technology.
“By bringing Wiz and Google Cloud together, we’re making it easier for organizations to innovate with confidence.” — Sundar Pichai, CEO, Google
The Human Side of a Historic Exit
Strip away the strategy, and the deal is also just a remarkable human story. Wiz’s 1,800 employees hold equity collectively worth roughly $3 billion. Google committed another $1.5 billion in retention bonuses — cash and stock for the people who stay. For Israel’s startup ecosystem, which has been building toward a moment like this for decades, the number is staggering: the largest exit of any Israeli-founded company ever, doubling Intel’s $15.3 billion Mobileye deal from 2017.
The four founders — Assaf Rappaport, Ami Luttwak, Yinon Costica, and Roy Reznik — built this company during a pandemic, scaled it through a brutal conflict at home, and turned down $23 billion because they thought they were worth more. They were right. That stubbornness, that combination of technical obsession and commercial aggression, is now Google’s to either preserve or gradually sand down into something safer and slower.
What Comes Next
The integration question is the one nobody has a clean answer to yet. Google’s acquisition track record isn’t uniformly bad — Mandiant has been handled reasonably well, kept mostly intact, and is now genuinely central to Google Cloud’s security story. But the list of high-profile acquisitions that lost their edge inside Google’s bureaucracy is long enough that caution is warranted.
Wiz gets to keep its brand, its cross-cloud mandate, and its leadership. Those are real structural protections. Whether they’re sufficient to maintain the speed of an independent startup inside a company with 180,000 employees and quarterly earnings calls is an open question. The retention bonuses buy two or three years of stability. After that, the cultural math gets harder.
For the broader market, the message landed clearly: the AI era has made security an existential priority at the board level, not just the CISO level, and the biggest players are willing to spend sums that would have seemed absurd five years ago to own the answer. One $32 billion line just got drawn through the middle of the cloud security industry. Every other vendor is now operating in that context, whether they like it or not.
Editor’s Note — An Open Question
The one thing this deal doesn’t resolve is the culture problem. Wiz was built by people who think in sprints, ship on instinct, and make decisions in rooms of four. Google thinks in quarters, ships in committees, and makes decisions in rooms of forty. The $1.5 billion in retention bonuses is an acknowledgment that this tension is real — you don’t pay that kind of money to keep people who are already excited to stay.
The founders have said the right things publicly. Rappaport’s note to staff was warm, confident, and forward-looking. But every founder who’s walked into an acquisition says the right things in week one. The real test comes around month eighteen, when the first roadmap conflict hits, when someone in Mountain View wants to deprioritize an AWS integration for competitive reasons, when the pace of shipping slows by 30% because legal needs another review cycle.
Israel’s startup culture has a word for what Wiz built: chutzpah institutionalized. The question Google needs to answer — and hasn’t yet — is whether $32 billion buys you that culture, or just its current output.
Related: Why Anthropic Is Suing the Pentagon Over an AI Blacklist
