Can Wiz Help Google Win the Cloud? A Deep Dive into the $32B Acquisition

Wiz’s Origin and Growth: Founded in 2020 by former Adallom founders, Wiz rapidly became the fastest-growing software company ever, reaching a $1.6B valuation in just 18 months with $100M ARR. Its innovative, agentless cloud security platform gained strong traction across Fortune 100 companies.

Record-Breaking Acquisition: Google acquired Wiz in March 2025 for $32B—the largest cybersecurity acquisition to date. The high multiple (45x–65x) is supported by Wiz’s growth and strategic value in filling Google’s cybersecurity and enterprise gaps.

Strategic Fit for Google: Wiz strengthens Google Cloud’s security stack and helps address one of GCP’s core weaknesses: a lack of proactive, multi-cloud-native security tools. The deal also grants Google access to Wiz’s enterprise customer base and enhances its credibility in Fortune 100 accounts.

Comprehensive Product Offering: Wiz’s CNAPP encompasses CSPM, CWPP, DSPM, CDR, and AI-SPM, providing full-stack cloud security coverage. Its agentless, API-based architecture and user-friendly interface drive adoption across cloud providers.

Supports Google’s AI and Cloud Ambitions: Wiz’s AI Security Posture Management aligns with Google’s AI push, helping secure AI models and infrastructure across Vertex AI and beyond. This adds an essential layer of protection as enterprises scale AI workloads in the cloud.

Cloud Neutrality Risks: A significant challenge lies in maintaining Wiz’s multi-cloud neutrality and independence. Over-integration with GCP could trigger enterprise concerns about vendor lock-in, leading customers to shift to competitors like CrowdStrike or Palo Alto Networks.

Execution and Integration Challenges: Wiz’s agility, startup culture, and AWS-based infrastructure may clash with Google’s corporate structure. To avoid the pitfalls of past acquisitions, Google must preserve Wiz’s brand identity, talent, and innovation velocity.

Market Impact and Competitive Pressure: If integrated successfully, Wiz could boost Google Cloud’s growth and disrupt both hyperscalers and security vendors. This deal positions Google to make security a core differentiator, with Wiz acting as a Trojan horse into rival clouds.

I’ll be structuring the article as follows:

1. History of Wiz
2. What are their primary products, and how are they successful?
3. Breaking down Google’s recent acquisition
4. What a Google-Wiz Partnership Could Look Like—and the Key Challenges Ahead

Wiz was founded in 2020 by Assaf Rappaport, Yinon Costica, Roy Reznik, and Ami Luttwak, all of whom previously co-founded and sold Adallom. The Wiz team competed in the cloud cybersecurity space and steadily increased market traction over the past five years. Wiz was acquired by Google (NASDAQ: GOOG) in March 2025 for $32B, which is the highest price paid for a cybersecurity company, surpassing the acquisition of Splunk by Cisco in 2023 for $30.2B. 

1. History: 

Before Wiz, Assaf Rappaport (Wiz CEO) and co-founders created Adallom, a cloud security company, which they sold to Microsoft in 2015 for $320M. Adallom solutions secured software-as-a-service application usage, audited user activity, and protected digital assets from threats, helping Microsoft advance in the cybersecurity landscape. Rappaport and his team are unique in their ability to understand and adapt to security challenges in the cloud and AI cybersecurity landscape. 

Like Adallom, Wiz quickly penetrated the cybersecurity market with innovative products such as Wiz CNAPP, driving rapid market penetration and an impressive $1.6B valuation within 18 months on $100M in annual recurring revenue (ARR), making it the fastest-growing software company in history. As a private company, Wiz raised $1.9B over several rounds, the largest being a $1B Series E round in May 2024. Key investors included Index Ventures, Sequoia Capital, Insight Partners, and Cyberstarts, quickly making Wiz a relevant player in the cybersecurity landscape. 

Google spent nearly a year courting Wiz, resulting in a $23B offer in July of 2024, the second largest acquisition in Google's history, but Wiz rejected the offer. Nine months later, Wiz was acquired for $32B by Google. 

2. Key Product Offering:

Wiz offers several products and services that leverage its agentless, API-driven platform. Their products’ friendly User Interface (UI) makes it a customer favorite in the cloud cyber space. Here is a breakdown of key product offerings:

CSPM (Cloud Security Posture Management):

Wiz’s CSPM solution continuously monitors cloud environments to detect misconfigurations, policy violations, and compliance risks across platforms like AWS, Azure, GCP (Google Cloud Platform), and Oracle Cloud. Integrating CSPM with GCP will provide enhanced security features to GCP customers, including the identification and regulation of publicly exposed storage buckets, overly permissive IAM roles, and unencrypted resources. Wiz’s proprietary graph-based risk engine enables teams to not only detect vulnerabilities but also identify those that are exploitable, making remediation more efficient and timely. By ranking threats, teams focus on pressing vulnerabilities while allowing AI to solve monotonous and minute problems.

CWPP (Cloud Workload Protection): 

CWPP focuses on securing compute workloads, such as VMs, containers, and serverless functions, without the need to install agents. Wiz’s focus on agentless scanning abilities makes configuration and integration quick and easy to set up and manage. CWPP simultaneously scans disparate environments, including EC2, Kubernetes, Azure VMs, and Google Compute Engine. Integrating into CI/CD (Continuous Integration and Continuous Delivery/Deployment) pipelines enables developers to “shift left” and address security issues earlier in the development lifecycle. Importantly, and unlike traditional solutions, Wiz’s CWPP does not require agents, making it faster to deploy and less disruptive to cloud operations, while still delivering deep runtime and configuration insights.

DSPM (Data Security Posture Management):

DSPM streamlines the process of locating, classifying, and securing sensitive data across various cloud services, automatically discovering both structured and unstructured data in systems such as Amazon S3, Google Cloud Storage, BigQuery, and RDS. The platform also classifies sensitive information—such as personally identifiable information (PII), payment data, and credentials—highlighting potential exposures, including unencrypted data or overly broad access permissions. By combining data discovery with contextual risk analysis, Wiz enables teams to enforce robust data governance and prevent breaches associated with cloud data mismanagement.

CDR (Cloud Detection & Response):

Wiz’s CDR solution provides real-time detection and response to threats in the cloud. By analyzing cloud activity logs, user behavior, and threat intelligence, CDR can identify malicious actions such as credential abuse, privilege escalation, or suspicious deployments. The alert system is designed to minimize trivial items, using contextual insights to prioritize the most relevant incidents. Security teams can construct automated response workflows that isolate compromised workloads, revoke access, or trigger notifications in tools like Slack or SIEM platforms. CDR enables faster incident detection and response, eliminating the need for agents or traditional endpoint tools.

AI-SPM (Security for AI pipelines):

As enterprises deploy machine learning and AI models in the cloud, Wiz’s AI-SPM module helps secure these pipelines by identifying vulnerabilities unique to AI workloads. It identifies AI assets, including model endpoints and training data repositories, and evaluates them for risks such as open access, unencrypted storage, and prompt injection vulnerabilities. AI-SPM also evaluates IAM configurations tied to models and datasets to ensure that access is appropriately limited. This module helps organizations safely scale their AI initiatives while maintaining compliance and preventing emerging threats, such as model exfiltration or data leakage.

3. Overview of the Acquisition:

As mentioned, Wiz was acquired by Google for $32B. This acquisition aims to bolster Google Cloud’s security capabilities and reinvigorate its competitive positioning in both cloud infrastructure and emerging AI markets. The rationale behind this deal is multipronged: rooted in Google’s need to catch up in cloud market share, close longstanding gaps in its cybersecurity portfolio, and capitalize on the accelerating convergence of cloud and AI.

Based on Wiz's estimated revenue, the deal is one of the highest (disclosed) revenue multiples in the history of large cybersecurity M&A, falling between 45x and 65x. This relatively high revenue multiple is justified by Wiz’s rapid revenue growth and the significant strategic synergies the deal offers Google, particularly in strengthening its cloud security and enterprise adoption efforts. Wiz's strong customer base, including over half of the Fortune 100 companies, provides Google with immediate access to a broader market segment, creating incremental opportunities to sell GCP. Google needed a catalyst to accelerate its cloud growth, and the Wiz acquisition not only bolsters Google’s cybersecurity performance but also encourages cloud growth.

Despite years of investment, Google Cloud has consistently trailed AWS and Microsoft Azure in both revenue and enterprise adoption. Recent quarters showed slowing ARR growth, raising concerns about its long-term viability as a hyperscaler. By acquiring Wiz, Google strengthened its security portfolio, addressing a key concern for enterprise clients considering cloud migration. By incorporating agentless, real-time visibility and control over vulnerabilities, misconfigurations, and access permissions across public cloud environments, Google now offers market-leading security for current and future cloud customers. 

While Google has made notable acquisitions such as Mandiant ($5.4B), it has still struggled to establish a dominant position in enterprise security. Microsoft Defender for Cloud and AWS’s native tools have stronger enterprise mindshare. Google lacked comprehensive, proactive cloud-native protection—something Wiz solves with its agentless CNAPP platform, offering real-time visibility, contextual risk analysis, and multi-cloud coverage. This fills a key gap in Google’s stack, providing a flagship cybersecurity product.

Wiz’s cloud-agnostic platform secures workloads across AWS, Azure, and Google Cloud, aligning with Google's multi-cloud strategy. This enables Wiz to sell security services into accounts that aren’t fully committed to GCP. It is also particularly valuable as organizations increasingly adopt hybrid and multi-cloud environments. While this strategy allows Wiz to help all customers, a key challenge will be maintaining Wiz’s independence, as security leaders may hesitate to trust a Google-owned product monitoring rival clouds.

Wiz counts over 50% of Fortune 100 companies as customers, an impressive number for a 5-year-old company. Google Cloud has long struggled to penetrate the enterprise market compared to AWS and Microsoft, and this deal provides Google with immediate access to high-value customers and a strong upsell opportunity. This success hinges on maintaining customer trust—if Wiz is seen as too closely tied to GCP, customers may shift to independent alternatives, such as CrowdStrike, Palo Alto Networks, or Orca. The challenge for Google is balancing these new relationships and striving to drive traffic to GCP while also remaining neutral between clouds for Wiz customers.

The acquisition is subject to regulatory approval, and concerns have been raised about maintaining Wiz's cloud-agnostic stance following the integration. Ensuring that Wiz continues to operate independently and supports multiple cloud platforms will be crucial to preserving its value proposition and customer trust. If this acquisition falls through, the winners in the cybersecurity space will likely be multi-cloud competitors such as Palo Alto Networks and Crowdstrike, which have invested millions in enhancing their cloud security products. 

4. How Google and Wiz Will Partner Together:

Wiz’s comprehensive product offerings provide a holistic and market-leading security stack that could enable Google to challenge legacy solutions offered by players like Palo Alto Networks, CrowdStrike, and Check Point. This deal puts these companies, as well as other cybersecurity competitors, at an increased risk of slowed revenue growth and churn. Wiz’s user-friendly, developer-oriented interface enables Google to offer security that’s more easily adopted by both security teams and developers, which is a significant value-add in today's DevSecOps environment.

As part of this initial integration, Google indicated that Wiz will operate semi-independently. However, we expect future enhancements to the Wiz product line to naturally skew towards the benefit of Google Cloud customers, while balancing neutrality is critical. There is uncertainty surrounding Wiz’s ability to maintain its vendor-neutral status or whether it will closely integrate with Google’s multi-cloud security capabilities, potentially leading to vendor lock-in. This partnership aims to create a unified cloud security layer across Google Cloud Platform (GCP), combining Wiz’s proactive posture management and agentless scanning technology with Google’s threat detection and response tools, such as Mandiant and Chronicle. Over time, we will monitor Wiz’s ability to maintain neutrality while maximizing value and tools for GCP customers, driving more traffic to Google as cybersecurity becomes increasingly significant. 

This acquisition, while strategically powerful, raises important questions around execution, integration, and long-term positioning. A key challenge will be integrating Wiz into Google’s cloud ecosystem without interrupting its startup-driven innovation, agility, multi-cloud neutrality, and high growth rate. More importantly, Wiz runs on AWS, and reconciling infrastructure across platforms introduces architectural friction. Google's past acquisitions have also seen similar product stagnation post-integration, making CISOs wary of future vendor lock-in or a shift away from proper multi-cloud support, which is key to the success of this acquisition. 

Preserving Wiz’s independent brand is crucial to maintaining enterprise trust, especially as concerns arise about Google leveraging Wiz’s data advantage to favor GCP in deals. If not managed carefully, Google risks slowing Wiz’s momentum, losing key talent, and opening doors for competitors to fill any gaps left by diverted focus, especially in newer categories like application security posture management. Neutrality and execution are critical to the success of this acquisition and could lead to a generational win or a strategic misstep.

If done correctly, Wiz will enable Google to enhance security across its entire cloud stack, providing enterprise customers with a more seamless and secure cloud experience. With Wiz’s tools, GCP can offer real-time visibility into identities, workloads, data, and infrastructure risks without requiring disruptive agent deployments. This strengthens Google’s position as a security-first cloud provider, appealing to regulated industries such as financial services, healthcare, and government. Furthermore, Wiz’s AI Security Posture Management (AI-SPM) capabilities will help Google better secure AI development pipelines through its Vertex AI platform—an increasingly critical need for enterprises deploying machine learning at scale.

GCP trails  AWS and Azure, and one should expect this acquisition to significantly help GCP gain market share in the highly competitive cloud infrastructure space. Google Cloud can now differentiate with security solutions, which is a growing concern for enterprise cloud buyers. By providing best-in-class, multi-cloud security capabilities that will eventually benefit from native integration, Google can attract incremental customers who can leverage faster onboarding. Additionally, this deal gives Google the chance to cross-sell Wiz’s platform into its existing enterprise customers and lock them into Google Cloud. The impact will be compelling in hybrid and multi-cloud environments, where customers seek centralized, scalable solutions to manage cloud risk.

If successfully integrated, Wiz could accelerate GCP’s revenue trajectory and strengthen Google’s position as a serious challenger in the enterprise cloud. For investors, this acquisition signals Google’s intent to double down on AI and cloud as core growth drivers, allowing Google to derisk its cloud business, especially as security becomes non-negotiable for enterprises embracing digital transformation.

For customers currently using AWS and Azure, the transition to GCP will not be immediate or forced. Because Wiz already supports AWS and Azure environments, Google can continue offering value to these customers without forcing migration. Over time, we expect Google to entice customers with bundled offerings, such as Wiz plus Mandiant Threat Response or exclusive integrations with BigQuery and Vertex AI, that provide unique advantages on GCP. With the right incentives, migration assistance, and strategic go-to-market efforts, Google could gradually gain share from AWS and Azure by first securing them through Wiz. In this way, Wiz may serve as a powerful Trojan horse, allowing Google to establish a foothold within competitors' environments and win over customers from the inside out. This strategy will take time, and as deep integration becomes less sticky and migration between platforms simplifies, Google/Wiz will reap the benefits. 

Wiz is one of the most impactful cybersecurity acquisitions in recent history. Not just for its product, but because it solves Google’s trust problem in the cloud. With agent-less deployment, cross-cloud reach, and a clean UI, Wiz becomes Google’s gateway into enterprise IT departments. If successfully integrated, this deal could mark a turning point in GCP’s market share trajectory. From our perspective, Google is positioned in the Cloud and cybersecurity market to put increasingly more pressure on other hyperscalers, specifically AWS and Azure, as well as cybersecurity companies, including Palo Alto Networks, Crowdstrike, and Checkpoint. For investors and competitors alike, this is a wake-up call that cybersecurity is becoming an increasingly crucial central battleground for cloud dominance. The real challenge is whether Google can keep Wiz agile and independent, while still using it to attract customers to GCP—without undermining Wiz’s cloud-neutral appeal and pushing customers away.

Thank you for reading!

Views expressed in these emails are ours and ours alone and don’t represent those of our previous or current employers. Public Comps provides financial and industry information regarding public software companies as part of our weekly dashboard, our blog, and emails. Such information is for general informational purposes only and should not be construed as investment advice or other professional advice.