Radware’s Quiet Revolution In AI-Powered Defense
If you have been around this industry long enough, Radware probably lives in a nostalgic corner of your brain. Load balancing. Application delivery controllers. Solid DDoS mitigation at the network edge. The kind of infrastructure that quietly does its job while everyone argues about Zero Trust on LinkedIn.
But that picture of Radware is badly out of date.
In a recent conversation for Cyber Defense Magazine’s Innovator Spotlight, Radware’s representative made it very clear that the company has been busy reinventing itself while much of the industry was still arguing about whether AI is overhyped.
As he put it, many folks still walk past their booth and say something like, “I know Radware, but I only know it from load balancing and application delivery or from network layer three, layer four, DDoS mitigation.” Then he adds the punchline:
“We have a much bigger story than that now.”
What follows is that bigger story. It is about a company that has quietly built an AI-native security stack for DDoS, web applications, APIs, bots and even agentic AI, and is now stepping forward to say: we have been doing intent based, real time defense longer than people have been calling it AI.
DDoS Is Now A Machine-Speed Blood Sport
Radware still lives and breathes DDoS, but the threat landscape it describes looks very different from the old volumetric flood that used to be the headline.
In their annual threat report, the company saw a staggering spike in web DDoS activity.
“Last year’s Threat Report saw over 500% increase in web DDoS attacks,” he explains.
At the same time, layer 7 HTTP flood attacks grew more than 100 percent year over year, and network layer 3 and 4 DDoS attacks climbed about 163 percent. That is not a typo. These included attacks at massive scale.
“Industry wide, we saw 29.7 [terabits per second]. I think the biggest one that we saw was somewhere south of 20, but I do not have specific numbers, so you cannot really quote me on that, honestly.”
The scale of these attacks is not the only problem. The real shift is in how quickly they morph.
“These are no longer happening at kind of human speed. The attacks are changing and they are coming at organizations at machine speed.”
The old picture of a SOC analyst tuning rules while watching a flood on a dashboard simply does not hold up anymore. Today’s attacks combine classic network DDoS with web DDoS and API abuse, pivoting across vectors in a coordinated “pincher movement” that his director of cyber threat intelligence likes to use as a metaphor.
“You have an attack from both sides. It is creating this overwhelming brute force attack on the network side and scalpel layer precision on the web DDoS side.”
In other words, a battering ram on your pipes and a surgeon’s knife on your application surface, working at the same time.
Radware’s answer is a global mesh of “dedicated security scrubbing centers all over the world” backed by their own hardware. These are not CDN nodes doing double duty.
“They are dedicated to security. They are not CDN based. They are based solely on security, and we own all the equipment in them. So when we see big attacks like that, we add additional equipment to make sure that we are staying within the envelope of what the attacks are actually doing real time.”
For CISOs, that sounds very much like an old school capacity planning story. But capacity alone is not the differentiator anymore. What Radware really wants you to notice is what they are doing at layer 7 with intent based analytics.
Web DDoS, Intent, And The Human In The Loop
Web DDoS is where life gets annoying. Traffic looks legitimate. HTTP requests look like what your app normally expects. And as he puts it bluntly:
“The problem with web DDoS, of course, is that you cannot discern legitimate from threat actor traffic, so you block it all, or have something like Radware.”
That “something like Radware” is a set of machine learning and AI models that try to understand intent and behavior at scale. The system observes traffic patterns in real time, looks at normal baselines, and then decides what is good and what is hostile.
“It is a learning model. So when it does make mistakes, a human in the loop can go, ‘Wait a second, that blocked off some traffic that we do not want to do,’ and it is very, very small traffic, but for the most part, where we actually capture legitimate users and they can correct the model.”
The result is an iterative model, refined attack to attack, that aims for very low false positives. Humans retain the steering wheel, but the AI is doing the driving at machine speed.
This is a pattern you see across Radware’s portfolio now. The company is not bolting AI on the side as a marketing term. They are treating AI as the only way to function at the speed of modern attacks, while still acknowledging that human judgment is essential to keep models honest.
APIs: From Afterthought To Primary Attack Surface
Like many of the more forward leaning security vendors, Radware has decided that API security is no longer a feature inside something else. It is a primary battleground.
“API has also risen as a number one attack vector for would be threat actors. That is OWASP.”
The way he describes modern API abuse is not your classic “someone found a missing auth check” story. It is workflow exploitation.
“They are looking at the whole workflow, right, and are figuring out where the areas of the API can be exercised to bypass authorization, steal accounts, do all sorts of stuff. Once they get access to do things, they actually analyze how the application works, and then they see where they can tweak parameters on those API endpoints to get to things that they should not be able to get to.”
Developers move fast. They often block bad behavior “at the front gate” and assume the internal workflow will behave itself. Attackers, of course, do not share that assumption.
Radware’s answer has been to broaden what used to be “just” WAF and basic API defenses into a full stack: discovery, testing, runtime protection, posture management and operational reporting. The company acquired an API security vendor and folded that technology into its platform, then exposed it both as a standalone API product and as part of its WAF.
“We have discovery. We have runtime, again runtime being critical. If you are not doing runtime analysis of attacks against your APIs, you have really got a good root cause analysis toolkit, right. You cannot be looking in the rear view mirror. You have to be dynamically stopping things at the gate to be able to say you have security.”
That line about “rear view mirror” security should hit home for any CISO who has sat through a postmortem and realized their state of the art logging platform did exactly nothing to prevent the breach it so beautifully documented.
Using AI To Protect AI
Where Radware really starts to separate itself from the classic DDoS vendor archetype is in what they are doing to protect AI applications.
They frame the AI problem space in four buckets. Here are two that are immediately familiar:
- Organizations that are not using AI at all but are being attacked by adversaries who are.
- Organizations that are embedding AI, usually generative models, into their applications.
On the first front, Radware’s message is simple. Whether or not your governance committee has approved a single AI initiative, you are already in an AI war. Threat actors are using automated toolkits, LLMs specialized on attack techniques, orchestration platforms in the underground and even “penetration tools” that present themselves as benign on their marketing sites while being cheerfully repurposed by attackers.
“Whether you are using AI or not in your organization, you are fighting an AI battle. So fighting at machine speed requires using technologies that can do that.”
On the second front, the story gets into the weeds of prompt injection and LLM abuse, which most boards vaguely understand but very few security teams are equipped to deal with in production. Prompt injection, he notes, was the “number one threat against AI in 2025” and remains a thorny problem because most guardrails are essentially glorified pattern matching.
“Guardrails are static in how they work, and that is because most of our security tools are built for humans, not for machines. But natural language is dynamic.”
He uses a simple analogy. Think of all the ways to say “beautiful.” Song, poetry, slang, regional phrasing. That is how prompts work. Adversaries can express the same malicious intent in dozens of ways that do not trigger brittle rules.
Radware’s answer is what they describe as an LLM firewall.
“We have an LLM firewall product that we just launched earlier this year that basically acts as a proxy and looks for inbound prompts and cleans those up, looks at bias, inappropriate responses, all tied to business logic that are coming back through to the end user.”
The goal is to keep your product chatbot from wandering off into territory that has nothing to do with your business, or worse, leaking sensitive data, while still allowing it enough latitude to do useful work. That is not a static rules problem. It is an AI problem.
Agentic AI: When Your Bots Go Rogue
If LLM guardrails are today’s headache, agentic AI is tomorrow’s migraine. Radware is already playing in that space.
As more organizations turn agents loose to read emails, triage tickets, review resumes, hit APIs and talk to other agents, you get a stack of autonomous components often making decisions with only weak controls around them.
Radware’s research team published work on two classes of indirect prompt injection in these environments: “shadow leak” and “zombie agent.”
In the shadow leak scenario, they showed that an attacker could embed a hidden prompt inside a document, such as an email, that the agent is instructed to read. That prompt in turn instructs the agent to exfiltrate data to a remote server.
“There is no internal enterprise logging for that, because it is happening in the cloud, on the platform.”
They responsibly disclosed the issue to OpenAI, which addressed that specific problem, but the broader pattern remains, and is not limited to a single vendor.
The “zombie agent” work is even more unsettling. Here, the injected prompt corrupts the working memory of an agent and then propagates that corruption to other agents in the chain. You effectively get a worm, but inside an AI ecosystem rather than on a traditional host.
“We were able to corrupt the working memory of the agent, and then it could propagate that to other agents in the stack, so you got a worm like infection in your AI.”
To answer this, Radware has built technology that plugs into AI orchestration ecosystems, whether delivered by an integrator or a third party platform, to watch for indirect prompt injection, tool poisoning and agent to agent corruption. It is a guardian around the agentic stack that tries to stop your helpful workflow assistant from becoming the world’s most compliant insider threat.
Bot Management In A World Where Bots Are Your Customers
Radware also revisited one of the older buzzwords in the space: bots. The company’s WAF has long shipped with a bot manager, but they have substantially upgraded that capability for a world where bots are no longer background noise. They are often your primary users.
“As we move forward, we are actually seeing that bots are increasingly the users using our web applications. It is not just human users, it is now machine users.”
The old approach of blocking all non human traffic simply does not scale when B2B workflows, third party integrations and inventory or order management are all machine to machine conversations. Forrester and Gartner have both pointed to substantial growth in automated B2B interactions, and Radware is betting that your next big customer may show up as an agent, not a person.
“Increasingly, it is becoming critical that you not only allow bots in, but that you have a means to discern good bot from bad bot.”
Again, that calls for dynamic reasoning systems that can operate at machine speed, not static signatures and periodic rule updates.
A Three Decade “Overnight” Innovator
What makes this story interesting is not just the technology list. Plenty of vendors can rattle off DDoS, WAF, API, bot management and AI security in a single sentence.
What stands out is Radware’s claim that they have been doing AI style intent modeling for a long time, long before the current hype cycle.
“We have been doing AI for longer than anybody has been talking about AI,” he says. “We already have done intent based modeling and understand how to do that at runtime for network defense, for web DDoS, for network DDoS, for our application or WAF, our web API security. We have been doing this for years. We have been around for 30 years, and innovators all along that path, we just have not been really good about standing up and talking about it.”
If that sounds like a subtle jab at younger companies with louder marketing teams, it probably is. The company evolved from appliances, to scrubbing centers, to a broader cloud security platform, and now into AI and agentic protection, largely without shouting about it.
“Part of it is a natural evolution. The revolution does not happen overnight. It is something that builds over time on past successes.”
For CISOs, that combination of deep infrastructure heritage and a forward leaning AI roadmap can be appealing. You get a vendor that understands packets and terabit floods, but is also speaking concretely about things like LLM firewalls, indirect prompt injection and agent worms, instead of tossing “AI powered” into every other sentence.
Why CISOs Should Care Right Now
If you strip the marketing away, Radware’s core message to CISOs comes down to this:
- You are being attacked at machine speed whether you are ready for it or not.
- Your web, API, and AI surfaces are now primary targets, not side quests.
Radware is positioning itself as a one stop shop for defending that full spectrum: from traditional DDoS at layer 3 and 4, to web DDoS at layer 7, to API workflow abuse, bot traffic, LLM misuse and agentic AI corruption.
“Whether you are protecting your existing infrastructure, you do not want to deal with AI, you are not dealing with AI, you need to move at machine speed to protect yourself, you absolutely must,” he concludes. “Then if you are on the AI side, regardless of whether you are deploying an LLM as a bot or getting into agent tech for workflow, you need to have the right type of AI protections to actually get that effectively done. And that is something that Radware can help with.”
For a readership of CISOs and senior security leaders, the call to action is straightforward. Take a hard look at your current protections and ask some uncomfortable questions:
- Can your DDoS and web application defenses actually reason about intent and behavior at machine speed, or are you still in “rear view mirror” mode with great forensics and poor prevention?
- Do you have first class visibility and runtime protection for APIs, including workflows and business logic paths, not just surface endpoints?
- Is your AI program protected by anything more sophisticated than simple prompt filters and a hope that your model will behave itself?
If the honest answer to any of those is “not really,” then it is probably time to put Radware on your evaluation shortlist.
Author’s Note
The author sat down with Radware’s representative for this interview at the 2026 RSAC Conference in San Francisco, held March 23rd to 25th, 2026. The conversation covered Radware’s evolution from traditional DDoS and load balancing roots into a comprehensive, AI driven security platform that spans DDoS, web application security, API protection, bot management and AI or agentic safeguards.
For more information, please visit www.radware.com.
About the Author
Pete Green is the CISO / CTO of Anvil Works, a ProCloud SaaS company and co-author of “The vCISO Playbook: How Virtual CISOs Deliver Enterprise-Grade Cybersecurity to Small and Medium Businesses (SMBs)”. With over 25 years of experience in information technology and cybersecurity, Pete is a seasoned and accomplished security practitioner.
Throughout his career, he has held a wide range of technical and leadership roles, including LAN/WLAN Engineer, Threat Analyst, Security Project Manager, Security Architect, Cloud Security Architect, Principal Security Consultant, Director of IT, CTO, CEO, Virtual CISO, and CISO.
Pete has supported clients across numerous industries, including federal, state, and local government, as well as financial services, healthcare, food services, manufacturing, technology, transportation, and hospitality.
He holds a Master of Computer Information Systems in Information Security from Boston University, which is recognized as a National Center of Academic Excellence in Information Assurance / Cyber Defense (CAE IA/CD) by the NSA and DHS. He also holds a Master of Business Administration in Informatics.
