Wiz Inc. is acquiring Dazz Inc., a cybersecurity startup that helps enterprises find vulnerabilities in their code.

The companies didn’t disclose the financial terms in their announcement of the deal today. However, sources told TechCrunch that the transaction values Dazz at $450 million. The startup was valued at about $400 million after its most recent funding round this past June.

Founded in 2020, Wiz provides a popular platform for securing public cloud environments. The software can protect Kubernetes clusters, artificial intelligence models and a range of other workloads. Wiz’s platform is currently generating $500 million in annual recurring revenue and the company hopes to top $1 billion next year.

Dazz, for its part, is reportedly generating “tens of millions” in annual revenue from a customer base of about 100 organizations. Moreover, the company claims, its top line is growing by 500% year-over-year. Dazz generates its revenue from an ASPM, or application security posture management, platform that scans developers’ code for vulnerabilities and provides remediation advice.

“ASPM goes prime time with the announcement of Wiz acquiring Dazz,” said Nikhil Gupta, chief executive of ASPM provider ArmorCode. “This deal highlights the two dramatically different approaches to ASPM. Wiz leading the scanner-centric camp, and ArmorCode leading the vendor-agnostic team.”

Dazz spots vulnerabilities by analyzing security data from a company’s code repositories, cloud environments and other systems. It collects that data through read-only application programming interfaces, which can access records but not modify them. This arrangement reduces the risk of cybersecurity incidents.

After it maps out the vulnerabilities in a company’s network, Dazz prioritizes them. If one of the vulnerabilities is being actively targeted by hackers, the platform might recommend that administrators move the issue to the top of their to-do list. Dazz’s prioritization algorithm also takes into account other factors such as whether a vulnerability affects only one application or several.

The platform uses large language models to generate remediation guidance. Dazz promises to help developers fix insecure configuration scripts, applications that store encryption keys in an easily accessible manner and a range of other issues. In some cases, the platform doesn’t merely provide troubleshooting guidance but also generates the necessary code updates. 

Wiz will use the company’s technology to enhance its recently launched Wiz Code service. Like Dazz, the offering is designed to help companies detect and fix vulnerabilities in their code. The development effort will focus on equipping Wiz Code with AI-powered risk prioritization and remediation tasks.

The acquisition comes about seven months after the company’s previous acquisition. Wiz bought Gem Security Inc., a provider of cloud security software, in a deal reportedly worth $350 million. It earlier acquired Raftt Systems Ltd., which developed a toolkit for debugging Kubernetes environments. 

Image: Wiz