Wiz building cloud security OS
Wiz
These deals show Wiz is not just adding features, it is buying the missing workflows that turn a cloud scanner into a broader security operating system. Gem adds the after the alert workflow, helping teams detect, investigate, and respond to live cloud incidents. Raftt adds a deeper foothold in runtime and developer environments, which moves Wiz closer to covering the path from code, to cloud setup, to production behavior.
-
Gem filled a clear product gap. Wiz already showed security teams where risky cloud assets lived, but Gem brought cloud detection and response, meaning the tools to trace an attack, connect events into an incident timeline, and help analysts act on it inside the same workflow.
-
Raftt gave Wiz a bridge into the runtime layer and the developer loop. Raftt started as Kubernetes based dev environments, and Wiz described the acquisition as a way to secure cloud environments from code to runtime. That matters because CNAPP buyers increasingly want one platform across build, deploy, and production.
-
This acquisition pattern mirrors the whole market. Palo Alto Networks, Cisco, CrowdStrike, and SentinelOne all used M&A to assemble CNAPP capabilities, while cloud natives like Orca and Noname also expanded horizontally. In practice, the winner is increasingly the vendor that can replace several security consoles in one budget line.
The next step is a tighter bundle where Wiz sells posture management, runtime, and response as one larger enterprise contract. That pushes Wiz further into direct competition with platform incumbents, and makes future growth less about winning a single cloud scanning use case and more about owning the full cloud security workflow.