Wiz Cloud Demo — Executive Summary

Source: Wiz Cloud Security Demo (~14 min, 1080p) Date analyzed: 2026-04-03 Detailed analyses: UX/UI Analysis | Integration Strategy Local research artifacts: research/wiz-cloud-demo/ (video, 166 frames, audio)

What Wiz Is

Wiz is the dominant cloud security platform (CNAPP). 240+ integrations (ElectroIQ stats), agentless scanning across all major clouds, expanding into code scanning and runtime detection. Their hero feature is the Security Graph — a unified graph database correlating identities, workloads, data, network configs, vulnerabilities, and attack paths.

They have a new NHI dashboard (launched 2025) but it's cloud-only and partnership-dependent (Saviynt for lifecycle, Entro for DSPM). 42% of organizations have an NHI with high privileges, internet exposure, AND a vulnerability (Wiz's own data).

Top UX Patterns to Steal

1. Grouped Node Expansion (P1)

Wiz's graph collapses related nodes into a single clickable group. Click to expand → bordered rectangle with sub-nodes. Click to collapse → back to single node. Three variants observed: grid layout for findings, vertical fan-out for endpoints, directed subgraph for process trees.

SV0 mapping: Maps directly to access path groupings. ADR-011 already planned this with ELK compound graphs. Infrastructure is ready — this is the #1 visual improvement to ship.

2. Table ↔ Graph Toggle (P1)

Every query result viewable as both table (for bulk triage) and graph (for relationship exploration). Single toggle, same data.

SV0 gap: Graph Explorer and entity list are separate routes. Need a VIEW toggle on the same page.

3. Progressive Results Loading (P1)

"50 out of 840 results" with "Run a full search" button. Never overwhelms the user.

SV0 gap: Fixed 200-entity limit with no indication of total count.

4. Preset Search Queries (P2)

Landing page shows example queries like "Admin Users and Service accounts" and "User account with high privileges and unused password." Lowers barrier to first interaction.

SV0 equivalent: "Orphaned service accounts with admin access", "Cross-system paths reaching sensitive resources", "Dormant identities with active credentials."

5. Detection Pipeline Funnel (P2)

28M events → 317 detections → 31 threats. Instantly communicates signal-to-noise ratio and platform value.

SV0 equivalent: X entities ingested → Y evaluated → Z findings (N critical).

Integration Strategy Insights

Wiz's Model

Agentless, API-only scanning (CSP APIs + K8s APIs + Container Registries + Code Repos)
Code-to-Cloud tracing: commit → build → deploy → runtime → finding
240+ integrations across cloud, identity, SIEM, SOAR, ticketing, CI/CD
Runtime detection via optional eBPF sensor (pivot from pure agentless)

The Code Access Question

Should SV0 scan code? Yes, but narrowly:

Phase	Scope	Positioning
Phase 1 (now)	IaC repos — Terraform, CloudFormation for service account definitions	"NHI origin tracing"
Phase 2 (6-12mo)	Secrets scanning in infra repos	"Credential exposure surface"
Phase 3 (12-18mo)	Evaluate full code access based on adoption data	Data-driven decision

Do NOT build general SAST/SCA — that's Wiz/Snyk territory.

Where SV0 Wins

Dimension	Wiz	SV0
NHI scope	Cloud IAM only	Cross-system (Entra → Jira → Power Automate → Azure)
SaaS automation	No evidence of coverage	ServiceNow, Power Platform, Salesforce, Jira
Ownership tracking	Limited	Full lifecycle: creation → transfer → orphaning → decay
Temporal drift	Snapshot-based	Longitudinal change detection
Finding model	Graph correlation + ML risk scoring	Deterministic, auditable evidence chains
Evidence	Standard findings	SHA256-hashed evidence packs

Key Differentiators

Cross-system NHI chain visibility — we found no competitor tracing ServiceNow → Azure → AWS execution chains at this granularity
SaaS automation surface — we found no evidence of deep SaaS automation NHI visibility in reviewed competitors
Temporal drift detection — when and how NHI configurations changed, with versioned evidence
Evidence pack auditability — auditors can independently verify every finding

Competitive Positioning

Do not position SV0 as a Wiz competitor. Position as complementary:

"Wiz secures your cloud infrastructure. SV0 secures the identities that operate it — especially across SaaS platforms and cross-system boundaries."

For deals where Wiz is installed: SV0 enriches Wiz findings with cross-system context, ownership tracking, and temporal drift. Build a Wiz inbound integration — turn Wiz from competitor to data source.

For NHI-focused deals: SV0 wins on cross-system chains, deterministic evidence, and SaaS automation coverage vs. Token Security, Astrix, Oasis.

Top Strategic Moves

Accelerate connector velocity — target 10+ production connectors in 12 months
Build Wiz inbound integration — ingest Wiz cloud NHI data into SV0 graph
Ship NHI-scoped GitHub/GitLab integration — NHI origin tracing, not code scanning
Build MCP server for natural language NHI queries
Release open-source NHI discovery tool for lead generation
Implement P1 graph UX items — grouped nodes, table/graph toggle, progressive loading

Next Action

Status: research-complete Decision needed from: Ivan (CTO), Sergey (CEO) Options:

Adopt — prioritize P1 graph UI items into next sprint, approve integration roadmap
Defer — revisit after current sprint priorities
Partial adopt — cherry-pick specific recommendations

GitHub Issue: Not yet created

What Wiz Is​

Top UX Patterns to Steal​

1. Grouped Node Expansion (P1)​

2. Table ↔ Graph Toggle (P1)​

3. Progressive Results Loading (P1)​

4. Preset Search Queries (P2)​

5. Detection Pipeline Funnel (P2)​

Integration Strategy Insights​

Wiz's Model​

The Code Access Question​

Where SV0 Wins​

Key Differentiators​

Competitive Positioning​

Top Strategic Moves​

Next Action​