Full Report
How Wiz AI-SPM delivers the first complete view of exposed AI application endpoints — from Vibe Coding to MCP — and why that visibility matters.
Analysis Summary
Based on the provided context, the document is a product announcement and conceptual overview of capabilities offered by Wiz AI Security Posture Management (AI-SPM), specifically highlighting a new Application Endpoints widget powered by the Wiz Dynamic Scanner. It does not detail specific malware, exploit kits, or established threat actor TTPs in the traditional sense, but rather describes the *attack surfaces* and *vulnerabilities* introduced by new AI technologies that attackers *could exploit*.
Therefore, the summary below focuses on the *concepts* and *AI components* discussed as potential points of compromise, framed as "Techniques" or "Attack Surfaces."
# Tool/Technique: Exposed AI Application Endpoints (Vibe Coding to MCP)
## Overview
This entry summarizes the attack surface related to exposed endpoints generated by various stages of AI adoption, identified and validated by the Wiz Dynamic Scanner within the Wiz AI-SPM platform. These endpoints represent entry points for attackers targeting AI infrastructure, data, and models.
## Technical Details
- Type: Technique / Attack Surface Identification
- Platform: Cloud environments hosting AI workflows (AI Developer Tools, Pipelines, Model APIs, etc.)
- Capabilities: Live validation, runtime reachability checking, security graph contextualization of AI application endpoints.
- First Seen: Not applicable (This is a disclosed capability/feature of the Wiz platform, not a threat actor tool).
## MITRE ATT&CK Mapping
Since this describes the *exposure* that enables Tactics, rather than a specific technique used by an adversary, the mapping reflects where such endpoints could lead an attack.
- **TA0011 - Command and Control**
- T1071 - Application Layer Protocol
- **TA0003 - Persistence**
- T1548.002 - Bypass User Account Control
- **TA0009 - Collection**
- T1005 - Data from Local System (If data is accessible via the endpoint)
## Functionality
### Core Capabilities
- **Discovery & Validation:** Surfacing live, validated endpoints across the AI spectrum (AI Developer Tools/Vibe Coding, AI Pipelines, AI as a Service, AI Frameworks & Toolkits, AI Models, AI Security services, and MCP interfaces).
- **Real-time Check:** Going beyond static scanning to confirm if endpoints are live and reachable in runtime.
- **Contextualization:** Mapping validated endpoints into the Wiz Security Graph to show associated data, identities, and workloads.
### Advanced Features
- **Direct Exploration:** Providing links to the IP address of surfaced endpoints for immediate live investigation.
- **Workload Tracing:** Tracing an exposed endpoint back to the hosting workload and associated configuration issues for remediation.
- **Attack Path Visualization:** Showing connections between the exposed AI endpoint and sensitive data stores (e.g., via MCP endpoint exposure showing connection to sensitive data).
## Indicators of Compromise
The indicator focus here is on the *presence* of specific types of exposed services, rather than specific host-based IoCs generated by malware:
- File Hashes: N/A
- File Names: N/A
- Registry Keys: N/A
- Network Indicators: Any exposed service associated with:
- Vibe Coding helper APIs.
- Model Context Protocol (MCP) interfaces.
- Default/exposed endpoints from AI Frameworks & Toolkits.
- Model-serving endpoints handling direct data flow.
- Behavioral Indicators: Runtime availability and reachability of services categorized as AI application endpoints.
## Associated Threat Actors
- Not explicitly named. The context implies that *any* threat actor or attacker targeting cloud assets would probe these newly exposed AI endpoints.
## Detection Methods
- **Signature-based detection:** Not applicable (Detection relies on runtime state/configuration posture).
- **Behavioral detection:** Dynamic scanning to determine runtime reachability and exposure status.
- **YARA rules:** Not applicable.
## Mitigation Strategies
- Review and restrict network accessibility for all identified AI application endpoints.
- Trace exposed endpoints back to the underlying workload configuration (e.g., security groups, firewall rules) and remediate misconfigurations.
- Ensure sensitive data flows (as seen in the Vibe Coding example) are routed only through sanctioned, protected channels.
- Secure Model Context Protocol (MCP) interfaces to prevent unauthorized access to agent/server communication.
## Related Tools/Techniques
- **MCP Endpoint Exposure:** Flagged as a high-risk path connected to sensitive data stores.
- **Vibe Coding Endpoint Exposure:** Test APIs spun up for iteration that tie into production pipelines and handle sensitive data.
- Concepts related to Shadow AI adoption (unseen AI usage).