MSSP, Endpoint/Device Security, AI benefits/risks, Generative AI, Application security, Attack surface management, Cloud Security

Radware Combines AI Agent, LLM Firewall Tools to Give Enterprises, MSSPs a Full AI Security Portfolio

AI monitoring and detecting cybersecurity threats, identifying data breaches and system vulnerabilities to enhance digital protection and prevent cyberattacks Parse

Radware is putting in place the tools that enterprises need to protect their businesses and secure their data as they ramp up their adoption of generative AI and AI agents.

The vendor in November 2025 took a significant step forward when it rolled out LLM Firewall, an addition to its Cloud Application Protection Services and the first phase of what executives said is a broader agentic protection solution for enterprises and MSSPs.

Radware this week expanded the effort with the introduction of its Agentic AI Protection Solution, which extends its security capabilities further into the AI space.

“This new release deals with protecting an organization’s AI agents – beyond just the LLM [large language model] – and adheres to the OWASP Top 10 for LLM applications and agentic applications,” Dror Zelber, vice president of product management for Radware, told MSSP Alert. “With this addition, Radware now offers a comprehensive AI security portfolio, positioning the company as a unique one-stop-shop for AI security matters.”

The Agentic AI Protection Solution is the latest tool to hit the market that is aimed at securing increasingly autonomous AI agents and the vast amounts of sensitive data that they have access to. It comes at a time when most cybersecurity professionals understand that AI agents can’t be secured through traditional cybersecurity tools and worry that the adoption of agentic AI is too quickly outpacing protections for it.

Urgent Need for Agent Security

A key problem is that AI agents don’t just understand questions, they act on them, according to Snegha Ramnarayanan, staff product go-to-market (GTM) manager at cybersecurity firm Wiz. Agents can create, modify, and destroy infrastructure without human intervention, interact with critical systems via APIs, use external memory stores like vector databases, and collaborate to run complex across distributed environments, Ramnarayanan wrote in a blog post.

This creates new risks that require purpose-built security controls.

“While traditional AI security risks still apply, agentic systems need more than static defenses,” she wrote. “They require intelligent, real-time guardrails guided by a unified, agentless view of identities, services, pipelines, and runtime linked to data sensitivity and exposure.”

A Cautionary Tale

In his own blog post, Radware’s Zelber wrote about a retail chain’s experience with AI agents, which were deployed to improve employee productivity, customer interactions, and efficiency, among other use cases. The initial results were good, with its customer-feedback score rising 17% in the first month and productivity metrics jumping, he wrote.

However, within three months, the company’s AI agents were being attacked through prompt injection, agent hijacking, and data exfiltration. There also were problems with unbounded execution, rising costs, and agent actions – like overly aggressive sales messages – that hurt its reputation.

The company “took a ‘deploy fast, secure later’ mindset, fearing that the competition would leave them behind if they did not rapidly deploy agents,” Zelber wrote. “Their assumption was that mainstream vendors already built robust safety into their platforms, and that only internal custom agents required special security review. Unfortunately, that assumption couldn’t have been more wrong.”

Broad Protections

Radware’s new agentic AI security solution uses external algorithmic behavioral analysis to identify malicious intent and misuse in real time, which aligns the protections with agentic AI’s scale and complexity, according to the vendor. The offering protects against such threats as direct and indirect prompt injection, unauthorized data access, and tool abuse.

The capabilities include real-time identification of both homegrown and SaaS-based agents, advanced runtime behavioral algorithms to detect and mitigate malicious intent, and integrated protection for custom agents and third-party agent platforms and services, such as Microsoft 365 Copilot and Amazon Web Services (AWS) Bedrock. A dynamic risk graph map continuously scores an organization’s agentic AI security posture.

The Threats are Growing

The agentic AI solution comes a month after Radware threat researchers wrote about ZombieAgent, a zero-click indirect prompt injection flaw in agentic AI environments that attackers used to implant malicious and persistent instructions directly into an agents long-term memory or working context, all without user interaction.

In another example of a bad actor leveraging agents, AI vendor Anthropic in November 2025 reported that a China-nexus threat group used the capabilities in its Claude Code agentic AI tool to automate about 90% of the work in espionage efforts against organizations, with human intervention needed for only four to six decision points.

Expanding MSSPs' AI Capabilities

Zelber said MSSPs can use Radware’s agentic AI security tool to protect themselves and their clients.

“The solution's architecture allows MSSPs to deploy it flexibly, whether the agents are located in a cloud service, on the MSSP’s premises, or in an end-client’s own data center,” he said. “Our solution integrates directly into the traffic flow and supports several architecture modes.”

It gives MSSPs a way to offer an AI-driven security operations center (SOC) to clients by licensing both Radware’s LLM Firewall and AI agent to create a more holistic security offering, he added.

Security services providers “already play a considerable role in providing network and application security to their clients,” Zelber said. “We see a huge potential for them to extend their services by providing specialized AI security to their customers.”

Jeffrey Burt

Jeffrey Burt has been a journalist for almost 40 years, moving from general-circulation newspapers to IT news sites in 2000. He’s an expert analyst and writer on cybersecurity, data center infrastructure, AI, and a host of other subjects for a range of organizations, including CyberRisk Alliance, eWEEK, Techstrong Group, The Next Platform, and The Register.

You can skip this ad in 5 seconds