- Salesforce agreed to acquire Wiz, the agentless cloud-native security firm, for approximately $18 billion, marking one of the largest cybersecurity acquisitions in enterprise software history.
- Wiz’s Cloud Native Application Protection Platform (CNAPP) will be integrated with Salesforce’s Agentforce AI platform and Einstein Trust Layer.
- Wiz, founded in 2020, reached $100 million in annual recurring revenue within 18 months of launch — at the time the fastest SaaS company to hit that milestone.
- The deal follows a failed $32 billion acquisition agreement between Wiz and Google, which was announced in early 2025 and subsequently faced regulatory review.
What Happened
Salesforce has agreed to acquire Wiz for approximately $18 billion, bringing the New York-based cloud security firm into its enterprise AI portfolio. Wiz was founded in 2020 by CEO Assaf Rappaport and co-founders Ami Luttwak, Yinon Costica, and Roy Reznik — all former members of Microsoft’s internal cloud security team. According to the deal announcement, Salesforce intends to embed Wiz’s security capabilities directly into its Agentforce AI platform and Einstein Trust Layer.
Why It Matters
The acquisition reflects intensifying competition among enterprise software vendors to own the security layer for AI workloads. Wiz previously declined a reported $23 billion acquisition offer from Google in mid-2024, citing its intent to pursue an independent path and a potential IPO. Google and Wiz subsequently reached a $32 billion agreement announced in early 2025, a deal that drew regulatory scrutiny before apparently collapsing ahead of this transaction.
For Salesforce, which generated $37.9 billion in revenue in fiscal year 2025, the purchase signals a strategic shift toward making security a native capability of its AI platform rather than a third-party integration. CEO Marc Benioff has publicly framed Agentforce — launched in late 2024 — as Salesforce’s primary vehicle for enterprise AI deployment, and AI agent security has been a stated gap in the offering.
Technical Details
Wiz’s platform operates without deploying agents on individual workloads, instead connecting to cloud environments via read-only API access across AWS, Azure, Google Cloud, and Oracle Cloud. The platform ingests configuration data, runtime telemetry, and vulnerability signals from virtual machines, containers, serverless functions, and cloud storage, then constructs what Wiz calls a “security graph” — a unified risk map of interconnected exposures across a customer’s cloud estate.
The security graph approach is distinct from endpoint-centric detection tools: rather than alerting on individual events, it identifies attack paths by correlating multiple low-severity signals. Wiz’s platform covers the four primary CNAPP functions — Cloud Security Posture Management (CSPM), Cloud Workload Protection Platform (CWPP), Kubernetes Security Posture Management (KSPM), and Cloud Infrastructure Entitlement Management (CIEM) — in a single agentless scan. By 2024, the company had reported hundreds of millions of dollars in annual recurring revenue and served a significant portion of the Fortune 100.
Who’s Affected
Enterprise customers running Salesforce CRM and Agentforce deployments stand to gain integrated cloud security scanning without deploying a separate vendor stack. Cloud security competitors — including Palo Alto Networks, CrowdStrike, and Orca Security — face a newly resourced rival embedded within one of the world’s largest enterprise software distribution networks.
Independent security vendors that have historically sold into Salesforce accounts may see deal displacement as Salesforce bundles Wiz capabilities into its platform. Wiz’s existing customer contracts and co-sell arrangements with the major cloud hyperscalers will require renegotiation, particularly given Salesforce’s competitive position relative to AWS, Azure, and Google Cloud.
What’s Next
The transaction is subject to regulatory review from U.S. and potentially EU antitrust authorities. Given that a prior acquisition of Wiz — Google’s $32 billion agreement — faced extended scrutiny, the Salesforce deal is likely to receive similar examination, particularly around whether bundling security tooling with CRM market dominance raises competitive concerns.
Salesforce has indicated integration timelines have not yet been disclosed. Rappaport is expected to remain in a leadership role post-acquisition, as has been customary in large platform acquisitions of founder-led security companies.
