Radware is putting in place the tools that enterprises need to protect their businesses and secure their data as they ramp up their adoption of generative AI and AI agents.
The vendor in November 2025 took a significant step forward when it
rolled out LLM Firewall, an addition to its Cloud Application Protection Services and the first phase of what executives said is a broader agentic protection solution for enterprises and MSSPs.
Radware this week expanded the effort with the introduction of its Agentic AI Protection Solution, which extends its security capabilities further into the AI space.
“This new release deals with protecting an organization’s AI agents – beyond just the LLM [large language model] – and adheres to the
OWASP Top 10 for LLM applications and
agentic applications,”
Dror Zelber, vice president of product management for Radware, told MSSP Alert. “With this addition, Radware now offers a comprehensive AI security portfolio, positioning the company as a unique one-stop-shop for AI security matters.”
The Agentic AI Protection Solution is the latest tool to hit the market that is aimed at securing increasingly autonomous AI agents and the vast amounts of sensitive data that they have access to. It comes at a time when most cybersecurity professionals understand that AI agents can’t be secured through traditional cybersecurity tools and worry that the adoption of agentic AI is
too quickly outpacing protections for it.
Urgent Need for Agent Security
A key problem is that AI agents don’t just understand questions, they act on them, according to
Snegha Ramnarayanan, staff product go-to-market (GTM) manager at cybersecurity firm
Wiz. Agents can create, modify, and destroy infrastructure without human intervention, interact with critical systems via APIs, use external memory stores like vector databases, and collaborate to run complex across distributed environments, Ramnarayanan
wrote in a blog post.
This creates new risks that require purpose-built security controls.
“While traditional AI security risks still apply, agentic systems need more than static defenses,” she wrote. “They require intelligent, real-time guardrails guided by a unified, agentless view of identities, services, pipelines, and runtime linked to data sensitivity and exposure.”
A Cautionary Tale
In his own
blog post, Radware’s Zelber wrote about a retail chain’s experience with AI agents, which were deployed to improve employee productivity, customer interactions, and efficiency, among other use cases. The initial results were good, with its customer-feedback score rising 17% in the first month and productivity metrics jumping, he wrote.
However, within three months, the company’s AI agents were being attacked through prompt injection, agent hijacking, and data exfiltration. There also were problems with unbounded execution, rising costs, and agent actions – like overly aggressive sales messages – that hurt its reputation.
The company “took a ‘deploy fast, secure later’ mindset, fearing that the competition would leave them behind if they did not rapidly deploy agents,” Zelber wrote. “Their assumption was that mainstream vendors already built robust safety into their platforms, and that only internal custom agents required special security review. Unfortunately, that assumption couldn’t have been more wrong.”
Broad Protections
Radware’s new agentic AI security solution uses external algorithmic behavioral analysis to identify malicious intent and misuse in real time, which aligns the protections with agentic AI’s scale and complexity, according to the vendor. The offering protects against such threats as direct and indirect prompt injection, unauthorized data access, and tool abuse.
The capabilities include real-time identification of both homegrown and SaaS-based agents, advanced runtime behavioral algorithms to detect and mitigate malicious intent, and integrated protection for custom agents and third-party agent platforms and services, such as
Microsoft 365 Copilot and
Amazon Web Services (AWS) Bedrock. A dynamic risk graph map continuously scores an organization’s agentic AI security posture.
The Threats are Growing
The agentic AI solution comes a month after Radware threat researchers
wrote about ZombieAgent, a zero-click indirect prompt injection flaw in agentic AI environments that attackers used to implant malicious and persistent instructions directly into an agents long-term memory or working context, all without user interaction.
In another example of a bad actor leveraging agents, AI vendor
Anthropic in November 2025
reported that a China-nexus threat group used the capabilities in its Claude Code agentic AI tool to automate about 90% of the work in espionage efforts against organizations, with human intervention needed for only four to six decision points.
Expanding MSSPs' AI Capabilities
Zelber said MSSPs can use Radware’s agentic AI security tool to protect themselves and their clients.
“The solution's architecture allows MSSPs to deploy it flexibly, whether the agents are located in a cloud service, on the MSSP’s premises, or in an end-client’s own data center,” he said. “Our solution integrates directly into the traffic flow and supports several architecture modes.”
It gives MSSPs a way to offer an AI-driven security operations center (SOC) to clients by licensing both Radware’s LLM Firewall and AI agent to create a more holistic security offering, he added.
Security services providers “already play a considerable role in providing network and application security to their clients,” Zelber said. “We see a huge potential for them to extend their services by providing specialized AI security to their customers.”