At Wiz, trust is the foundation of our partnership. To provide enterprise-grade peace of mind, this Customer Trust Center allows you to self-serve documentation about our security and compliance posture. Come see why 50% of Fortune 100 companies rely on Wiz to protect their clouds. Our most-downloaded files among the 75+ here include:
- Audit reports against 8+ risk and compliance frameworks including SOC 2 Type II with HIPAA/HITECH, ISO 27001, PCI DSS and others.
- Pentest report and pentest vendor credentials.
- Certificates of Insurance (COI).
- Completed SIG Lite and CAIQ assessments.
- Internal Policies that touch on security, privacy, data, AI, and legal matters.
See also our ever-expanding list of Frequently Asked Questions. However, for technical product info please visit Wiz Docs. And for information about our FedRAMP-authorized platform (“Wiz4Gov”), reach out to your Wiz point of contact or support@wiz.us.
Morgan Stanley
Salesforce
Slack
Blackstone
DocuSign
ServiceNow
Siemens
Canva
Colgate-Palmolive
BMW
Redis
Aon
LVMH
Mars
Cushman & Wakefield
Bridgewater Associates
Priceline
ManpowerGroup
Fox Corporation
InterContinental Hotels Group
Shell
REIVercel / Context.ai Security Incident - No Impact to Wiz
We are aware of the recent Vercel security incident following the compromise of Context.ai and can confirm that no part of Wiz’s product or production environment was impacted.
While we were not affected, we have proactively rotated credentials for all integrations as a rigorous security precaution to ensure continued platform integrity.
For further information on this incident, please refer to Vercel's official security bulletin.
2026 Annual Disaster Recovery Test Report Available
As part of our commitment to ensuring the highest level of service availability and data protection, Wiz performs annual disaster recovery exercises.
On January 14, 2026, Wiz conducted a disaster recovery exercise that simulated a scenario involving a regional AWS outage. This simulated a disruption to a primary data center, impacting the availability of Wiz systems and services. As a result in this tabletop exercise, Wiz initiated the cross-regional disaster recovery strategy and executed a comprehensive disaster recovery plan.
The report is available in the Reports card of the Trust Center.
Update on React and Next.js Vulnerabilities
Wiz recently published a Threat Center update for its customers, as well as a public blog post, on the critical vulnerabilities affecting React and Next.js that were disclosed on December 3, 2025.
As part of our internal response process, Wiz security teams have been identifying and patching instances of these affected components across our environments. As of this writing, Wiz has not identified any systems related to its product platform that are externally exposed and vulnerable, and customers do not need to take any further action to safeguard their instances of Wiz. Please continue to monitor our Threat Center and this Trust Site for further updates.
Gainsight Security Incident - No Impact to Wiz
Wiz is aware of the recent supply chain attack targeting Gainsight and its integrations with Salesforce. We can confirm that Wiz does not use Gainsight in our production environment or internal business operations.
Wiz is not aware of any circumstance in which our subcontractors or subprocessors have been affected by this issue and impacted Wiz systems or data.
For further information on this incident, please see the Gainsight Incident FAQs.
Sha1-Hulud (2.0) NPM Supply Chain Attack - Investigating
A new Shai-Hulud-linked npm supply-chain campaign (“Sha1-Hulud”) is compromising major packages to exfiltrate development secrets and sensitive project files. The blast radius is large and the attack is accelerating, thanks to cross-victim exfiltration and a new preinstall-phase malware variant.
Our internal investigation is ongoing but as of this writing, Wiz has not identified any evidence indicating its own product or systems are affected.
Please continue to monitor the Wiz Threat Center for detection and mitigation guidance. See also this post with details on Wiz's public blog.