Did Wiz Just Burn Their Mole by Reporting Microsoft’s AI Leak?

Numerous inquiries have been directed to me regarding a recent Microsoft incident related to AI data loss, with several individuals seeking my expert commentary.

At this juncture, it is prudent to exercise caution in offering definitive statements, as the situation remains in its early stages. Nevertheless, certain peculiarities have come to light concerning the actions of a company bearing the somewhat uncomfortably comical name of “Wiz” that claims to be obsessed with leaks.

To provide context, it is imperative to bring into the open that Wiz has endured a less-than-stellar reputation within the security product community, with a tarnished standing alluded to in hushed tones among industry veterans. Allegations of aggressive and unethical practices, ostensibly prioritizing unsustainable growth at the expense of others, have rendered Wiz akin to a boisterous interloper within the realm of composed security professionals who prefer to protect and serve quietly.

The ongoing legal entanglement between Wiz and Orca serves as a glaring manifestation of the broader industry concerns, as reported in CSO Online.

Israeli cybersecurity startup Orca Security is suing local cloud security rival Wiz for patent infringement, alleging that its success and growth is built on “wholesale copying.” Orca has accused Wiz of taking its “revolutionary inventions” and creating a “copycat cloud security platform,” improperly trading off of Orca’s creations, according to a lawsuit filed in the US District Court, District of Delaware. “This copying is replete throughout Wiz’s business and has manifest in myriad ways,” it added.

Orca was founded in 2019 by Israeli-born cybersecurity technologist Avi Shua. In the four years since its founding, Orca has raised substantial investment funds and grown from fewer than a dozen to more than 400 employees today. In 2022, Orca was the recipient of Amazon Web Services Global Security Partner of the Year Award. Wiz was founded in January 2020, a year after Orca, by Assaf Rappaport, Ami Luttwak, Yinon Costica, and Roy Reznikthat, a team that previously led the Cloud Security Group at Microsoft.

Orca is clearly pissed at Wiz (pardon the pun). Also Orca seems much more openly defensive than others who suspect foul play.

Going beyond surface-level scrutiny, further analysis unveils Wiz’s founders served together as intelligence operatives in Israel before being employed by Microsoft security. This introduces three significant dimensions to the unfolding narrative.

Firstly, it is worth acknowledging that Wiz founders have a competitive mindset honed in the crucible of combat intelligence activities. Their background as government-trained special operatives from a nation marked by profound existential concerns lends a distinctive perspective that may not readily align with conventional notions of legal compliance, fairness, or the civility inherent to civilian products.

In this sense anyone maintaining some air of formality with humility could serve as an important countermeasure against extrajudicial transgressions, as advocated by seasoned espionage veterans. Regrettably, Wiz’s public image constantly appears to reflect the diametrically opposed disposition of ostentatious self-promotion:

After you leave [Israel’s secret military technology unit of Special Operations — Unit 81] you realize that up until now you did the wildest things in your life together with the most talented people and you want to extend that into civilian life.

Secondly, legal experts have highlighted a recourse against lawyers who exhibit unethical behavior is at least feasible through professional reporting mechanisms. Observant lawyers can step forward when rules of conduct are violated, thereby enabling courts to impose sanctions. While this is by no means perfect, it begs the question: What other avenues are available to security professionals, beyond resorting to protracted legal battles — an undeniably formidable hurdle? FTC are you reading this?

Lastly, it is imperative to note the intersection of Wiz’s history as staff in Microsoft security, a facet that adds further complexity to the unfolding narrative about Wiz targeting Microsoft security. In a professional context, it is not my assertion that Wiz has informants within Microsoft who provide insider tips on where to poke for soft or bad configurations. No. Rather, I am raising a question regarding the possibility of such an occurrence.

As part of the Wiz Research Team’s ongoing work on accidental exposure of cloud-hosted data, the team scanned the internet for misconfigured storage containers. In this process, we found a GitHub repository under the Microsoft organization named robust-models-transfer. The repository belongs to Microsoft’s AI research division… an attacker could have injected malicious code into all the AI models in this storage account, and every user who trusts Microsoft’s GitHub repository would’ve been infected by it.

However, it’s important to note this storage account wasn’t directly exposed to the public; in fact, it was a private storage account. The Microsoft developers used an Azure mechanism called “SAS tokens”, which allows you to create a shareable link granting access to an Azure Storage account’s data — while upon inspection, the storage account would still seem completely private.

The degree of privacy associated with this storage account is a noteworthy aspect, buried by Wiz far below headlines. Their report starts out saying “ongoing work on accidental exposure” as if in the public, and then quietly pivots to the fact that the accident was extremely private. It prompts one to contemplate whether an initial investigator of a secret accident may, in fact, be on the scene for a special and unique private reason.

Let me also be clear about Wiz research posting a fair critique of Microsoft’s overarching security model. The report is actually on target even though “outside the box” (מבצע מחוץ לקופסה), like an air force jet that somehow miraculously flies straight through extensive defenses and hits an exact target inside the box.

As the old joke goes, Iran tries to rattle Israel by revealing 2 million soldiers ready to fight. Israel backs them down saying “we already knew, and we’re not ready to feed 2 million prisoners”.

The Wiz recommendation to establish dedicated storage accounts for external sharing, limiting the potential impact of accidentally over-privileged hidden long-term tokens to external data, is very astute and prudent, especially within the realm of trustworthy AI.

…we recommend creating dedicated storage accounts for external sharing, to ensure that the potential impact of an over-privileged token is limited to external data only.

Amen to that! This is something Microsoft definitely needs to hear, and their customers must demand more. A lack of segmentation coupled with a lack of granular token revocation on an opaque centralized system is a dangerous mix. There are much better ways.

Wiz correctly brings focus to data storage methods for AI, which should be personally dedicated instead of easily over-shared. A proper multi-user distributed model for AI data controls greatly reduces the looming danger of big privacy and integrity breaches. I agree with their analysis here.

And then, unfortunately…

While I concur with many technical details of the Wiz blog, I also discern a certain amount of unwarranted self-serving sensationalism. It is not my intention here to downplay intellectual acumen of the Wiz team. They are ex-intelligence, after all, trained by some of the best in the world to be the best at exploits and communication.

Their discussion could have stayed sharp and relevant to emerging data platform safety, touching on AI as a direct beneficiary of more distributed safety models. I’m definitely not stepping in the way if that was where they stayed, especially the “lack of monitoring capabilities” on centralized proprietary data stores raising a problem of secret “privileged tokens as a backdoor”.

Yet instead I observed their extensive blog post wandering into amateurishly immodest places, pressing readers hard (especially Microsoft customers) to jump into Wiz’s sales funnel.

Clumsy. Lazy. Arrogant.

A comparison of Wiz’s blog tone and content with Microsoft’s official remarks on the exact same topic highlights some very uncomfortable disparities.

No customer data was exposed, and no other internal services were put at risk because of this issue. No customer action is required in response to this issue. […] Our investigation concluded that there was no risk to customers as a result of this exposure.

Microsoft admits a bad token event and then unequivocally asserts no customer data was exposed, no other internal services jeopardized. They further state that no customer action is required. Their conclusion is no risk to customers from the configuration error.

These key statements (pardon the pun) are conspicuously absent from Wiz’s hyperventilated extra analysis, which seems designed to draw attention for revenue.

Microsoft’s narrative keeps risk in perspective as it discusses why configuration errors occur and emphasizes this issue was promptly addressed upon discovery. They suggest the issue be used as an educational opportunity, sharing internal/private discussions to facilitate learning. Again maybe it is pertinent to note it was ex-employees of Microsoft security who established Wiz to directly compete with Microsoft security.

GitHub’s secret scanning service monitors all public open-source code changes for plaintext exposure of credentials and other secrets. This service runs a SAS detection, provided by Microsoft, that flags Azure Storage SAS URLs pointing to sensitive content, such as VHDs and private cryptographic keys. Microsoft has expanded this detection to include any SAS token that may have overly-permissive expirations or privileges.

The slight extension of Microsoft’s scanning is thus the actual critical development in this context. And I don’t see that detail mentioned at all by Wiz, as they try to sell their own scanner.

Wiz instead appears to emphasize most how they alone came into possession of Microsoft’s private and sensitive personal data, including passwords, secret keys, and internal Microsoft Teams messages, insinuating a very deep level of safety beach.

SO SCARY. Buy! The Wiz blog literally says “we recommend” and then… their product.

According to sources, Wiz purportedly received its moniker from former Israeli military intelligence personnel who regarded themselves as omnipotent “Wizards.” This appellation draws inspiration from the popular story “Wizard of Oz” that underscores the vulnerability of Americans, who can be easily swayed by fear into funneling their finances and backing into deceptive technologies and detrimental sources of authority. It highlights a mastery of crafty maneuvers and superficial victories over genuine substance.

To clarify, I am not alleging the existence of an informant as required to make the Wiz scanning service somehow more intelligent, effective and targeted than Microsoft’s own competing services. I am merely raising questions regarding the actions of former Microsoft security employees who have entered into direct competition with their previous employer and are often tangled with Microsoft security seemingly from within while being outside.

The allegations of the Orca lawsuit as well as murmurs within the security industry about Wiz’s unsavory business practices do bring to mind potential further investigations of how Wiz really “researches” flaws.

At the end of the day a CISO comparing the Microsoft and Wiz versions of the same story should be wondering whether they should risk engaging with offensively oriented braggadocios, given there also are many more compelling professionals (quiet, modest and effective) who are available and trustworthy.


2 thoughts on “Did Wiz Just Burn Their Mole by Reporting Microsoft’s AI Leak?”

  1. I first ran into Wiz at the RSA conference.

    They made me suspicious because I’ve seen such companies rip to 100M on smoke and mirrors.

    And their booth hired people to dress as Dorothy.

    Tin man.

    Etc.

    A yellow brick road.

    And I just thought: did they not watch the end of that fucking movie?

  2. Wiz is a charlatan that uses smoke, mirrors, and technology to create the illusion of great power and authority. Actions are deceptive and manipulative motivated by a thirst to maintain position of self-dealing rule. Wiz doesn’t want people to discover anything true in nature or a lack of magic, because respect for lawful authority will pivot towards real world leaders who value meaningful care and kindness. Wiz curates the illusion of being the most powerful to keep scared people in line against their own best interests.

    I’m just talking here out loud about an old book I read when I was a wee child.

    Or am I?

    Speaking of children, it’s worth mentioning the soldiers of Unit 8200 have earned a reputation, even in public letters, for emphasizing the importance of discipline and moral boundaries as a means to prevent the abuse of power. In contrast, the highly-decorated Unit 81 soldiers still pride themselves in obscurity, appearing as elusive ghosts beyond accountability. The bold allegations brought forth by Orca, former members of Unit 8200, seem to grasp at such elusive behavior, almost like exposing specters, as they peel back a concealed curtain that could go all the way to uncovering war crimes either facilitated or even committed by such “Wizards” before they switched to openly targeting civilians for profit. Like did anyone predict we’d see abuse allegations against special military “Wizards” in both Australia (Ben Roberts-Smith) and the United States (Edward Gallagher, Mathew L. Golsteyn)?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.