AFAIK, there are no explicit laws forbidding that. Maybe you could share what law you think this would be breaking?
GDPR, CCPA, HIPAA, etc, as Google has no way of knowing which data they will train on, add to that copyright and that's just off the top of my head
cloud contract obligations are also pretty clear about customer data.
furthermore it would be bad engineering and security if Wiz had actual direct access to customer data, versus having their code having access to said data. That would be a huge issue in due diligence for example
Obviously, existing agreements would need to continue to be run properly, no question about that. But there is always plenty of other data that probably could be used by Google to gain some insights.
that might be legal and interesting but i highly doubt it's 30+ billion dollar interesting
i imagine you can buy that data from data brokers without any legal exposure but that's only a guess
—
Customer hereby grants to Wiz a non-exclusive, worldwide, royalty-free right to use Customer Data to provide the Services and perform its obligations under this Agreement.
—
Or if reading terse legal documents isn’t your thing, go ahead and just read through Wiz’s own blog post about how their scanner works, which confirms they have full, direct access to customer EBS volume snapshots in the default “full SaaS” deployment model. [1]
Your point that due diligence would have taken issue with this might not be grounded in Google’s reality.
0: https://wiz.pactsafe.io/legal#wiz-subscription-agreement
1: https://www.wiz.io/blog/the-wiz-approach-to-agentless-scanni...
"Services" – which you'll note is capitalized... lawyers do that for a reason – has a very specific meaning that very obviously does not include "whatever the fuck Google wants to do with it", nor "training general purpose AI models" in particular.
Why are you intentionally and blatantly misinterpreting Wiz's policies? Or are you just that good at ignoring/missing details in order to weave the story you've already decided to believe?
