John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
Two security acquisitions. Same day. Different buyers, different products, different logic. Same conclusion.
The biggest AI-era platforms just decided security isn’t something they want to partner on anymore. They want to own it.
Google closed its Wiz acquisition yesterday. $32 billion. The largest acquisition in Alphabet history. Wiz does cloud security posture management across AWS, Azure, and Google Cloud, finding misconfigurations, exposed credentials, excessive permissions, attack paths. Over 45% of the Fortune 100 use it. And a big reason they chose Wiz was because it was independent. Multi-cloud neutral.
That’s the question now, isn’t it?
Google says they’ll maintain multi-cloud support. But the competitive incentive to make Wiz work a little better on Google Cloud than on AWS or Azure is sitting right there. Whether Google resists that pull, and for how long, is something every Wiz customer should be asking about. Don’t wait for the annual review. Get your account team on the phone and ask for specifics. Pricing parity. Feature parity. Integration timeline.
If you’re evaluating cloud security posture management tools right now, the competitive map just shifted. Wiz is increasingly a Google Cloud feature. Microsoft Defender for Cloud and AWS Security Hub have clearer lanes than they did last week.
Meanwhile, OpenAI bought Promptfoo. Promptfoo built LLM red-teaming tools: prompt injection detection, adversarial testing, safety evaluation. The stuff you use to stress-test whether your AI models can be manipulated into doing things they shouldn’t.
So now the company building the most widely deployed AI models owns the adversarial testing toolkit too. That tells you how central AI security is becoming to the product itself.
For anyone using Promptfoo’s open-source tooling today, watch closely. Whether it stays freely available or gets folded into a proprietary OpenAI offering is an open question. Start identifying alternatives just in case.
Both deals follow the same pattern. Google wants cloud security baked into Google Cloud. OpenAI wants AI safety testing baked into OpenAI. Security as a first-party feature, not an ecosystem concern.
If you have vendor relationships with recently acquired security companies, now’s a good time to review them. Not because acquisitions are automatically bad. But “serve customers broadly” and “serve the acquirer’s platform strategy” are different priorities. And yours just got subordinated.
March 11, 2026 might be the date we look back on as the start of serious AI security market consolidation. Two major independent players left the ecosystem. Others will follow.