Web Application Firewalls Are Broken, and Everyone Knows It
Web application firewalls have been around for roughly 30 years. In that time, web traffic has fundamentally changed—from humans browsing pages to APIs, bots, and now AI agents executing transactions at scale. The WAF hasn’t kept pace.…
Web application firewalls have been around for roughly 30 years. In that time, web traffic has fundamentally changed—from humans browsing pages to APIs, bots, and now AI agents executing transactions at scale. The WAF hasn’t kept pace. And in a lot of organizations, the response has been to stop touching it entirely. WAFs sit at the perimeter of web-facing applications and are supposed to distinguish legitimate traffic from malicious traffic.
