Post by Wiz
415,062 followers
In <15 min: Our Wiz Red Agent found its way into an airline booking database ✈️ Our Red Agent started with nothing more than an airline's homepage [Yes, no insider knowledge.] It autonomously mapped the application's architecture, minted an anonymous session, discovered a GraphQL authorization flaw, and exposed access to customer booking records. This wasn't a zero-day. It was a classic Broken Object-Level Authorization (BOLA) issue, still the #1 API security risk. The takeaway? AI agents don't just scan for signatures. They reason through applications the way an attacker would, connecting small clues into real attack paths. See how our Red Agent uncovered the issue >> https://lnkd.in/dDsx_syi