It took nearly a year. A regulatory gauntlet that spanned multiple countries. An initial deal that was famously rejected, then revived, then scrutinized by antitrust authorities on three continents. But as of March 11, 2026, it's official: Google has closed its acquisition of Wiz, bringing what was the world's fastest-growing cloud security startup under the Alphabet umbrella.
When the $32 billion deal was first announced, my colleague Tom (who runs infrastructure at a mid-sized fintech) sent me a one-line message: "This changes everything for us." Yesterday, when the deal officially closed, he sent another message: "I was right, and I still don't know if that's good or bad."
I think a lot of cloud teams feel the same way right now.
Photo by Brett Sayles via Pexels
What Wiz Actually Is (And Why Google Wanted It This Badly)
For anyone who hasn't been tracking the cloud security space: Wiz isn't just another security vendor. Founded in 2020 by a team of former Microsoft cloud security engineers, Wiz built an agentless cloud security platform that scans your entire cloud environment — AWS, Azure, GCP, and increasingly multi-cloud setups — without installing anything on your workloads.
That "agentless" part is the secret sauce. Traditional cloud security tools require you to deploy agents on every server, container, and VM. Wiz connects to your cloud APIs and builds a complete security graph of your environment in minutes. No agents, no performance overhead, no "oops we forgot to install the agent on that one EC2 instance that just got compromised."
By the time Google came knocking, Wiz had hit $500 million in annual recurring revenue faster than almost any enterprise software company in history. Their client list read like a Fortune 500 directory.
A Year of Building While Waiting
What's remarkable is what Wiz did during the year-long acquisition process. Most companies in acquisition limbo go into a holding pattern — why invest in features that might get scrapped post-merger? Wiz did the opposite.
According to their announcement post, Wiz Research uncovered several major vulnerabilities during the waiting period:
CodeBreach — a critical supply chain vulnerability in AWS CodeBuild that could have compromised the AWS Console itself. Think about that for a second. A company being acquired by Google found and responsibly disclosed a vulnerability in Amazon's infrastructure.
RediShell — a 13-year-old critical RCE flaw in Redis (CVSS 10.0, the maximum severity score) that impacted over 75% of cloud environments. This bug had been sitting there since 2013. Thirteen years. Three presidential administrations. Wiz found it.
NVIDIAScape — a container escape vulnerability in NVIDIA's AI infrastructure that threatened shared GPU environments. Given that every company on the planet is now running AI workloads on shared NVIDIA hardware, the timing of this discovery was... let's say relevant.
My friend Rachel, who works in cloud security sales for a Wiz competitor, had an uncomfortable observation: "They found more critical vulnerabilities during their acquisition limbo than most security companies find in their entire existence. That's terrifying for the rest of us."
What This Means for Multi-Cloud Security
Here's where it gets complicated. Wiz's biggest selling point has always been its multi-cloud support. Organizations chose Wiz precisely because it could secure their AWS, Azure, AND GCP environments from a single pane of glass.
Now that Wiz is a Google company, the obvious question is: will AWS and Azure customers trust a Google-owned security tool to scan their infrastructure?
Wiz's announcement goes out of its way to address this, with CEO Assaf Rappaport stating that "our mission remains bold and unwavering: to help every organization protect everything they build and run." The subtext: we're still multi-cloud, don't panic.
But Tom isn't fully convinced. "I trust Wiz the independent company to be neutral," he told me yesterday. "I trust Wiz the Google subsidiary to be neutral until there's a quarter where Google Cloud needs a growth number. Then we'll see."
That's not cynicism — it's pattern recognition. When Splunk got acquired by Cisco, plenty of people said "nothing will change." Things changed. When VMware got absorbed by Broadcom... well, you know how that went.
The AI Security Angle Nobody Is Talking About Enough
Buried in the Wiz announcement is a line that I think deserves way more attention: "Generative AI is no longer experimental; it's becoming a core part of how modern organizations build, ship, and scale."
Translation: Wiz is pivoting hard toward AI security. They're not just scanning your cloud for misconfigurations anymore — they're building tools to secure AI pipelines, AI-generated code, and AI infrastructure.
This makes the Google acquisition suddenly much more strategic. Google isn't just buying a cloud security company. They're buying an AI security company, at a moment when every enterprise on earth is deploying AI workloads without a clear security model.
Consider what Wiz already found: a container escape in NVIDIA's AI infrastructure, systemic risks in AI-generated ("vibe coded") applications through their Lovable partnership, and supply chain attacks targeting AI development tools. These aren't theoretical threats. They're the security landscape of 2026.
And now Google has the team that found them.
What You Should Actually Do
If you're a Wiz customer, don't panic but do plan. Specifically:
Review your contract terms. Acquisition transitions sometimes mean license changes, pricing adjustments, or feature bundling. Know what your current contract guarantees before any changes are announced.
Evaluate your multi-cloud dependency. If you're using Wiz to secure non-Google cloud infrastructure, start identifying what your fallback would be. Not because you'll necessarily need one, but because responsible risk management means having options. Orca Security, Lacework (now Fortinet), and Prisma Cloud are the obvious alternatives.
Watch the integration timeline. Google has said Wiz will operate "as part of Google Cloud." How tight that integration gets will determine whether Wiz remains a neutral multi-cloud tool or becomes a GCP-first product with multi-cloud as an afterthought.
If you're on GCP, this is probably great news. Wiz's technology integrated natively into Google Cloud could be transformative. Imagine Google Cloud Security Command Center powered by Wiz's scanning engine and security graph. That's a genuinely compelling product.
The Bigger Picture
The Wiz acquisition is part of a larger consolidation wave in cloud security. Cisco bought Splunk. Palo Alto Networks has been on an acquisition spree. CrowdStrike keeps expanding. The "best of breed" era of cloud security — where you'd stitch together six different tools from six different vendors — is ending.
Whether that's good or bad depends on your perspective. Integrated platforms are simpler to manage but harder to leave. Vendor consolidation means fewer choices but deeper capabilities.
For now, though, one thing is clear: Google just made the single largest cybersecurity acquisition in history, and they did it because they believe cloud security is about to become AI security. If you're not thinking about what that means for your infrastructure, you're already behind.
Tom's final word on the subject: "At least now when I file a Wiz support ticket, maybe it'll actually get routed to someone in Google's timezone." Always the optimist, that Tom.