Target: Wix.com Ltd. (NASDAQ: WIX)
Audit Phase: V-DIG — Cyber-Intelligence & Technology Supply Chain Audit
Audit Date: 2026-05-01
Methodology: Evidence drawn exclusively from the research memo dated 2026-05-01. All claims are grounded in verified or partially-confirmed sources as assessed in that memo. Unverifiable, speculative, or fabricated claims from prior AI outputs have been discarded and are noted where relevant. No scores, tiers, or BRS values are assigned.
Wiz (Cloud Security)
Wix is a confirmed Wiz customer. The relationship entered the public record in mid-2025 when Wiz researchers identified a critical access-bypass vulnerability in Base44, the AI “vibe coding” platform Wix acquired for approximately $80 million in June 2025 822. Wiz conducted the post-acquisition security audit of the Base44 codebase, and the findings were reported across multiple technical outlets 91011. Wiz was co-founded by Assaf Rappaport and colleagues publicly described as veterans of Unit 8200 and alumni of Microsoft’s Adallom acquisition 26. The scope of the confirmed relationship covers at minimum cloud security auditing of the Base44 platform; the broader extent of Wiz’s engagement across the Wix cloud estate is not publicly quantified. This relationship is current as of 2025.
SentinelOne (Threat Intelligence Monitoring)
SentinelOne’s threat intelligence division (SentinelLabs) published a detailed technical report on “AkiraBot,” an AI-powered spam and CAPTCHA-bypass campaign that specifically targeted Wix-hosted websites at scale, affecting over 80,000 sites 1237. The SentinelLabs report demonstrates active telemetry monitoring of threats to Wix infrastructure, consistent with either a formal vendor relationship or a deep monitoring arrangement. A formal EDR contract between Wix and SentinelOne has not been independently confirmed beyond the monitoring report itself. SentinelOne is an Israeli-founded company (Tomer Weingarten, Almog Cohen) whose founding team includes IDF-alumni personnel. Evidence date: 2024–2025.
HashiCorp Vault (secrets management, US-origin, IBM-acquired) is confirmed as a Wix infrastructure tool through a publicly available HashiCorp case study describing Wix’s use of Vault in CD pipelines at scale 28. This is a confirmed operational dependency with no Israeli-origin dimension.
Stripe (US-origin) and HP (US-origin) are confirmed hardware and payment processing partners for Wix POS, announced in 2022 1314.
Razorpay (Indian fintech) is confirmed as a Wix payment gateway integration for India-market merchants, per Razorpay’s official documentation 31.
The following claimed vendor relationships appeared in a prior AI-generated output but have not been confirmed in any independently verifiable source reviewed:
No public evidence has been identified of named systems integrators or IT consultancies engaged by Wix for major technology programmes, or of integrators mandating Israeli-origin technology. Wix operates as a predominantly in-house engineering organisation, consistent with its SEC annual report disclosures 1.
FACEIO (Third-Party App Market Integration)
A developer tutorial published on Stackademic describes integrating the FACEIO facial recognition widget into a Wix website via the Wix App Market 32. FACEIO is a product of PIXLAB (not Israeli-origin) and is available to any Wix merchant through the third-party App Market. This represents a marketplace listing through which facial recognition capability is accessible to Wix merchants, not a direct Wix procurement or deployment of facial recognition technology. Date confirmed: 2023–2024.
BriefCam
The prior AI output linked BriefCam to Wix via a NICE Systems intermediary. BriefCam is an Israeli video analytics company. No direct Wix–BriefCam relationship was cited in any verifiable source. No public evidence identified.
Trigo
The prior AI output claimed a Wix–Trigo computer vision integration. Trigo appears on a Calcalist list of promising Israeli startups 34 but that list does not reference Wix. No partnership announcement or integration document was identified. No public evidence identified; claim discarded.
Wix’s POS hardware deployment, launched in partnership with Stripe and HP in 2022, uses Stripe Terminal M2 and S700 hardware 1314. NFC contactless payment capability is a standard feature of these devices, not a biometric deployment. No public evidence of biometric deployment in Wix POS has been identified.
Razorpay offers biometric authentication as part of its broader product suite; however, Wix’s confirmed integration with Razorpay is a payment gateway integration for merchants 31. The existence of biometric features in Razorpay’s wider portfolio does not constitute Wix deploying biometrics. No biometric deployment confirmed.
No public evidence has been identified of Wix using Israeli-origin predictive policing, social media monitoring, or workforce surveillance tools.
Wix’s Trust Centre FAQ confirms that user data is stored in Israel among other jurisdictions 19. The 2023 and 2024 20-F filings 1 confirm that Wix operates its own data centre infrastructure in Israel and pursues a multi-cloud strategy incorporating AWS and Google Cloud. Wix’s Tel Aviv headquarters and engineering hub 18 are consistent with on-premises infrastructure in Israel. This data residency posture is current and ongoing.
Project Nimbus is a confirmed $1.2 billion Israeli government contract jointly awarded to Amazon Web Services and Google Cloud in 2021 to construct sovereign cloud regions within Israel 34. The AWS Israel (Tel Aviv) Region launched on 31 July 2023 2. The +972 Magazine investigation into the Nimbus contracts details data sovereignty provisions and notification clauses that apply to the infrastructure providers — AWS and Google — not to commercial tenants 45.
Wix is a large, multi-year AWS and Google Cloud customer, a fact consistent with its annual report disclosures 1 and engineering blog publications. Because Wix’s workloads on AWS Israel or Google Cloud Israel run on infrastructure built under the Nimbus programme, there is an infrastructural proximity to Project Nimbus by virtue of standard commercial cloud use.
However, the characterisation of Wix as a named “anchor tenant” in Project Nimbus documentation is not confirmed in any official AWS, Google Cloud, or Israeli government document reviewed. The AWS Israel Region launch announcement 2 does not list Wix in that role. The “anchor tenant” designation appearing in prior AI output is an editorial characterisation, not a documented designation. Infrastructure proximity confirmed; “anchor tenant” status unverified.
A 2024 Jerusalem Post article (citing Guardian reporting) describes contractual provisions under which Amazon and Google agreed to notify Israel’s government about data requests from foreign governments 30. These provisions govern the cloud providers’ obligations under the Nimbus contract and do not impose equivalent obligations on commercial tenants such as Wix.
No public evidence has been identified that Wix provides services specifically contracted to ensure digital sovereignty or infrastructure resilience for Israeli state institutions or military bodies beyond the general commercial cloud services described above.
During the COVID-19 pandemic in 2020, Wix built and deployed a national volunteer coordination platform for the Israeli government, connecting citizens in need with volunteers 21. This is confirmed by contemporaneous press coverage. This is a civilian emergency services application. The claim that this project required integration with the Ministry of Interior’s population registry is speculative and is not confirmed in any reviewed source. Whether any ongoing government services relationship followed from this project is not established in available evidence.
No public evidence has been identified of Wix contracts with the Israeli Ministry of Defence, the Israel Defense Forces, or Israeli intelligence agencies for IT services, communications infrastructure, data hosting, or analytics platforms. Source classes reviewed include SEC 20-F filings, Israeli government procurement as reported in press, and NGO investigations including Tech for Palestine 24 and the Business & Human Rights Resource Centre 567.
No verified public reporting has confirmed that Wix’s commercially available technology has been deployed for military, intelligence, or law enforcement surveillance applications within Israel or the occupied territories. The Tech for Palestine report 24 critiques Wix on grounds of corporate culture and leadership background but does not document dual-use technology deployment.
No public evidence identified. Wix is a web development SaaS platform with no publicly documented offensive cyber or weapons technology capability.
Wix has developed and deployed several AI products. “Wix ADI” (Artificial Design Intelligence) is a longstanding automated website-building feature. “Wix Harmony,” announced in 2023, blends AI with human creative direction in web design 20. The Base44 acquisition (June 2025, ~$80M) 823 added a natural-language application builder to Wix’s AI portfolio, expanding into the “vibe coding” market where users describe desired applications in plain language and AI generates functional web apps. None of these products have been documented as contracted to, or deployed by, Israeli state, military, or security institutions.
One month after the Base44 acquisition, Wiz researchers identified a critical access-bypass vulnerability in the Base44 platform, allowing unauthenticated API access to user-created applications and their underlying data 91011. This vulnerability was disclosed publicly in mid-2025. The incident is relevant to the AI supply chain risk profile in that it demonstrates the speed with which AI-native platforms can introduce material security exposures into a larger technology estate following acquisition.
No public evidence has been identified of Wix AI models trained on civilian population data, intercepted communications, or surveillance-derived datasets originating from Israel or the occupied territories.
No public evidence identified of Wix providing AI or ML systems to Israeli state, military, or security bodies.
No public evidence identified.
Wix’s primary R&D and engineering headquarters are in Tel Aviv, Israel — confirmed across the 2023 and 2024 20-F filings 1, the company’s Wikipedia entry 18, and consistent press coverage spanning the company’s history. The Tel Aviv operation is the company’s largest single engineering site, housing the preponderance of product development, infrastructure engineering, and AI research. The company additionally maintains engineering offices in Kyiv (Ukraine), Vilnius (Lithuania), Warsaw (Poland), and New York, per annual report disclosures. The Israeli R&D concentration is confirmed and ongoing.
Base44 (acquired June 2025, ~$80M) 823: An Israeli-origin AI/vibe-coding startup founded by Maor Shlomo. At the time of acquisition, Base44 was approximately six months old and described as “hyper-growth.” The acquisition brought an additional Israeli AI engineering team into Wix’s R&D structure. The post-acquisition security audit by Wiz revealed a critical access-bypass vulnerability 911, representing both a technology integration risk and a vendor ecosystem dimension.
Wix operates an investment arm (variously referenced as Wix Ventures or Wix Capital). The prior AI output claimed a Wix Ventures investment in Sola Security, a Tel Aviv-based cybersecurity startup [^23_sola]36. Calcalist/Ctech coverage describes Sola Security as “the Wix of cyber” — this is a journalistic analogy comparing business models (platform simplicity in cybersecurity), not a statement of investment by Wix [^23_sola]. No direct Wix Ventures investment in Sola Security has been confirmed. Specific portfolio companies of Wix Ventures are not comprehensively disclosed in public filings reviewed.
No public evidence has been identified of patent co-development or licensing arrangements between Wix and Israeli universities (Technion, Hebrew University, Weizmann Institute) or state research institutions. Wix holds patents in web technology, AI-assisted design, and platform architecture filed primarily through its Israeli legal entity with the USPTO and WIPO.
Wix maintains an active public engineering blog and hosts internal “guild” meetup events with the broader Israeli tech community 27. Participation in Israeli tech community events is confirmed; this reflects the company’s deep integration in the Tel Aviv technology ecosystem without establishing specific vendor or procurement relationships with other participants.
The following leadership background facts are confirmed or partially confirmed from available sources, with confidence levels noted:
Avishai Abrahami (CEO & Co-Founder): IDF service is publicly referenced in Israeli business press. Unit 8200-specific attribution appears in the Tech for Palestine report 24 and is partially corroborated by Israeli press interviews, including a Calcalist profile 29. Partially confirmed; primary attribution sourced to activist reporting and Israeli business press.
Nir Zohar (President & COO): A Taub Center speaker biography [^38_taub] is cited in the prior output as confirming ten years of Unit 8200 service and more than 200 days of reserve duty following October 7, 2023. The Taub Center is a real Israeli social policy research institution. The specific biographical details could not be independently verified without live document access. Zohar’s public statements about the Courtney Carey termination are referenced in the BHRRC entries 56. Partially confirmed.
Lior Shemesh (CFO): Appointment to the eToro board of directors is confirmed by eToro investor relations materials 17. Prior affiliation with Israel Aerospace Industries (Israel’s largest state-owned defence company) is referenced in Israeli financial press but not independently verifiable to a primary source from available training data. eToro appointment confirmed; IAI affiliation partially confirmed from secondary press.
Ron Gutler (Director): CyberArk board membership confirmed in CyberArk’s 2024 20-F filing 16. Prior NICE Systems chairmanship (2002–2013) is cited to a Wix SEC proxy exhibit consistent with known filing patterns; NICE Systems is a confirmed Israeli surveillance and analytics company. A claimed Psagot Investment House directorship has not been confirmed in any independently verifiable source reviewed. CyberArk and NICE connections partially confirmed; Psagot claim unverified.
Gavin Patterson (Director): Board appointment confirmed March 2023 15. Former President/CRO of Salesforce, and Consello advisory role, confirmed by public record. Confirmed.
Internal “Supporting-Israel-Narrative” Channel: In 2023, Wix was reported to have directed or encouraged employees to create videos and other creative content supporting Israel’s public narrative following the October 7 attacks. The Business & Human Rights Resource Centre documented this, including Wix’s own response 5. The incident attracted criticism from civil society organisations and commentary in the Irish press, given Wix’s significant Dublin engineering presence.
Courtney Carey Termination: Also in 2023, Wix terminated the employment of Courtney Carey, a Dublin-based employee, following public comments in which she referred to Israel as a “terrorist state.” The termination was reported by the Jerusalem Post 7 and documented by the BHRRC 6, which noted concerns about a potential “chilling effect” on employee speech. Wix’s response characterised the termination as a workplace conduct matter. Irish labour and civil liberties organisations commented on the potential implications under Irish employment law. No formal regulatory investigation, Employment Tribunal filing, or legal judgment against Wix arising from this matter has been publicly reported.
Tech for Palestine (2023–2024): Published an investigative profile of Wix 24 focusing on: the company’s Israeli founding and headquarters; leadership military backgrounds; the Carey termination; and the internal content-creation directive. The report is activist-oriented and does not document specific military contracts or dual-use technology deployment. It has circulated in civil society and anti-occupation advocacy contexts.
Business & Human Rights Resource Centre (2023): Published two separate entries on Wix 56, both aggregating Irish and Israeli press coverage and including Wix’s own statements. These are confirmed 2023 records with direct links to primary materials.
The BDS Movement’s corporate targeting guide 25 is a public document. As of available training data through April 2026, Wix has not been listed as a primary BDS campaign target in the manner of HP, Siemens, G4S, or Puma — companies subject to named, sustained BDS campaigns with dedicated campaign pages, coalition calls to action, and documented corporate responses. Tech for Palestine has published a profile calling for pressure on Wix 24, but this is distinct from a formal BDS designation. No formal, organised BDS campaign specifically targeting Wix has been identified in sources reviewed.
No regulatory inquiries, export control actions, or sanctions-related investigations involving Wix’s technology sales to Israeli state entities have been identified. Source classes reviewed include SEC 20-F risk factor disclosures, US BIS export control enforcement records as reported in press, and EU regulatory press.
SentinelLabs documented the AkiraBot campaign as a large-scale AI-powered spam and CAPTCHA-bypass operation that used OpenAI’s GPT-4o to generate bespoke spam content and targeted contact forms on Wix-hosted websites, among other platforms 1237. The campaign affected more than 80,000 websites. This event is relevant as a civil-society-facing security harm in which Wix-hosted infrastructure was systematically targeted for abuse, with SentinelOne conducting and publishing the primary technical investigation.
https://www.sec.gov/cgi-bin/browse-edgar?action=getcompany&CIK=0001576789&type=20-F&dateb=&owner=include&count=10 ↩↩↩↩
https://www.businesswire.com/news/home/20230731044074/en/AWS-Launches-Infrastructure-Region-in-Israel ↩↩
https://en.wikipedia.org/wiki/Project_Nimbus ↩
https://www.972mag.com/project-nimbus-contract-google-amazon-israel/ ↩↩
https://www.business-humanrights.org/my/latest-news/ireland-wixs-alleged-company-initiative-for-employees-to-create-videos-and-creative-campaigns-to-support-israels-narrative-elicits-criticism-incl-co-comment/ ↩↩↩↩↩
https://www.business-humanrights.org/en/latest-news/ireland-fears-of-chilling-effect-after-wix-fires-worker-over-pro-palestine-comments-incl-co-comment/ ↩↩↩↩
https://www.jpost.com/business-and-innovation/article-769922 ↩↩
https://www.globenewswire.com/news-release/2025/06/18/3101508/0/en/Wix-Further-Expands-into-Vibe-Coding-with-Acquisition-of-Base44-a-Hyper-Growth-Startup-that-Simplifies-Web-and-App-Creation-with-AI.html ↩↩↩
https://thehackernews.com/2025/07/wiz-uncovers-critical-access-bypass.html ↩↩↩
https://www.searchenginejournal.com/vulnerability-uncovered-in-wix-vibe-coding-platform/552554/ ↩↩
https://www.calcalistech.com/ctechnews/article/s17pjsivge ↩↩↩
https://www.sentinelone.com/labs/akirabot-ai-powered-bot-bypasses-captchas-spams-websites-at-scale/ ↩↩
https://tech.co/news/wix-launches-pos-partnership-stripe-hp ↩↩
https://www.zdnet.com/finance/wix-partners-with-stripe-hp-to-launch-wix-pos/ ↩↩
https://www.prnewswire.com/news-releases/wix-announces-changes-to-board-of-directors-to-support-new-phase-of-value-creation-301766203.html ↩
https://www.sec.gov/Archives/edgar/data/1598110/000117891325000811/zk2532806.htm ↩↩
https://investors.etoro.com/news-releases/news-release-details/etoro-appoints-former-sec-commissioner-laura-unger-and-wix-cfo ↩
https://www.wix.com/trust-center/faq ↩
https://www.nasdaq.com/articles/wix-unveils-harmony-blending-human-creativity-ai-web-design ↩
https://kr-asia.com/during-pandemic-wix-connects-volunteers-with-those-in-need-worldwide ↩
https://en.globes.co.il/en/article-wix-acquires-israeli-vibe-coding-co-base44-1001513267 ↩
https://www.calcalistech.com/ctechnews/article/sjkol5ajkl ↩↩
https://updates.techforpalestine.org/wix-the-israeli-engine-behind-some-of-your-favorite-websites/ ↩↩↩↩↩
https://bdsmovement.net/Guide-to-BDS-Boycott ↩
https://www.indexventures.com/perspectives/cloud-captains-how-assaf-rappaport-and-his-extraordinary-co-founders-built-the-worlds-fastest-growing-company/ ↩
https://www.hashicorp.com/en/resources/how-wix-uses-cd-pipelines-to-upgrade-vault-at-scale ↩
https://www.calcalistech.com/ctechnews/article/hjflzzzjjl ↩
https://www.jpost.com/israel-news/article-872152 ↩
https://blog.stackademic.com/how-to-integrate-the-faceio-widget-into-your-wix-website-a8629f558d25 ↩
https://www.aquasec.com/news/aqua-acquires-argon-software-supply-chain-security/ ↩
https://www.calcalistech.com/ctechnews/article/sk00nnz1i5 ↩
https://racismandtechnology.center/2025/04/07/google-acquires-israeli-startup-wiz-marking-a-continuation-of-its-complicity-in-the-ongoing-genocide-in-gaza-and-the-apartheid-regime/ ↩
https://www.calcalistech.com/ctechnews/article/cnknfmbad ↩
https://cybernews.com/cybercrime/akirabot-spams-over-80000-websites/ [^38_taub]: https://www.taubcenter.org.il/wp-content/uploads/2025/08/ ↩↩
