Wiz
By Rami McCarthy, Principal Security Researcher
AI tools are a core driver of modern innovation. As they move from experimentation to production, the security industry has been scrambling to define new threat models, coin new classes of vulnerabilities, and figure out how to make these systems safe to use. But while the interfaces may be new, the risks mostly aren’t. The same challenges keep surfacing: insecure execution paths, trust boundary failures, and ungoverned dependencies, now wrapped in a new layer of complexity. Model Context Protocol (MCP), for example, is redefining how LLMs interact with external tools and data. It unlocks powerful new capabilities, from extending model functionality to building production-grade AI agents. But it also introduces a broad range of security risks, including supply chain attacks, remote code execution, and the dangers of auto-running untrusted tools.
Innovation doesn’t erase the fundamentals, it makes them more urgent. Understanding the AI threat model AI tools don’t operate in isolation. As these models move into production and gain the ability to trigger external tools and access data autonomously, security failures can emerge across layers: cloud misconfigurations, vulnerable dependencies, ungoverned data access, and weak runtime controls all have a role to play. Familiar patterns are already resurfacing: overly permissive cloud roles, unvalidated inputs at the control plane, shadow tools introduced without provenance, and inference pipelines touching sensitive data without clear governance.
These aren’t new problems, but they’re amplified in AI systems. Securing AI requires looking beyond the model itself and understanding how it interacts with the rest of the stack: code, infrastructure, identity, and data. This approach correlates model behavior with the environmental context necessary to derisk AI adoption, and safely enable innovation. The goal isn’t just detection. It’s architectural awareness.
The better we understand how these systems are wired together, the better we can anticipate failure paths and design controls that scale with the pace of innovation. Giving security teams better visibility and control Securing AI is about enabling teams to move fast, safely. That starts with treating AI tools as part of a larger system, and putting controls in place wherever they interact with code, infrastructure, or data. Some organizations are using isolation and policy to reduce risk at runtime. At Grammarly, teams are using Wiz MCP to safely operationalize model-to-tool interactions with clear guardrails, tenant isolation, and execution controls built in.
Others are focused on securing the software supply chain that supports their AI stack. At Brex and FICO, teams have embedded AI into their development workflows, but enforce strict provenance and integrity checks on every model, tool, and dependency. Whether it’s a foundational model or a simple utility, the same principle applies: if a model can invoke it, security needs to own it. The most effective teams aren’t treating AI as a special case. Rather, they’re applying the same architectural discipline they bring to every critical workload. Visit Wiz at Booth D2 at Black Hat Europe to learn more.