TEL AVIV, Israel, Dec. 17, 2025 (GLOBE NEWSWIRE) -- Miggo Security today announced the publication of its new report, “Beat the Bypass: A Benchmark Study of WAF Weaknesses and AI Mitigation.” The study contextualizes why security teams treat Web Application Firewalls (WAFs) as necessary infrastructure, but not as a mitigation layer for critical vulnerabilities, CVEs, or today’s AI threats. It also addresses a strategic question for modern defense programs: can organizations leverage the WAF’s unique edge position to become an AI-ready, reliable mitigation layer if they augment it with runtime intelligence?
Andy Ellis, former Chief Security Officer of Akamai, asserts, “This study clarifies that WAFs are currently an underutilized asset because the manual, generic signature model erodes trust. Security teams cannot afford the risk of false positives or waiting 41 days for vendors to test CVE-specific rule changes. We see massive untapped potential here: runtime augmentation provides the necessary intelligence and automation to finally transform the WAF into a reliable, high-confidence defense layer for all critical CVEs, not just reactive, one-off fixes.”
The study comes on the heels of the discovery of "React2Shell" (CVE-2025-55182), a critical vulnerability in React and Next.js. This unfolding crisis serves as a stark, real-world validation of the study’s conclusion: the exposure window between exploit discovery and effective WAF protection is where the damage can happen.
“WAFs are necessary, but they cannot win the AI-enabled zero-day race alone," asserts Daniel Shechter, CEO and co-founder of Miggo Security. "The 'React2Shell' vulnerabilities are the textbook example of why the old model fails. We have a CVSS 10.0 threat where the exploit lives in the complex deserialization logic of the 'Flight' protocol – a place standard WAF signatures rarely look. The only way to close this 41-day gap is shifting from slow, generic signatures to fast, exploit-aware rules generated by runtime intelligence.”
Miggo’s benchmark study analyzed a representative sample of 360+ CVEs for WAF testing across leading WAF vendors. The curated dataset reflects realistic attacker focus: availability of exploit tooling, prevalence of affected components, and severity of impact – and how AI augmentation can profoundly provide protection.
Key Findings
- Most publicly relevant vulnerabilities bypass leading WAFs
52% of exploits bypass default rules even under favorable conditions. Real attacker payloads’ variability only pushes that number higher. - AI-powered tailored rules push coverage above 91%
+91% of bypassed vulnerabilities can be mitigated when rules are tailored with AI for the actual vulnerability and application context instead of generic attack patterns - WAF rule releases are 41x slower than AI-native attackers
It takes 41 days on average for a CVE-specific WAF rule to be published by leading WAF vendors, while exploit code appears within hours. This mismatch defines the modern exposure window. - $6 million in potential enterprise losses are estimated due to operational WAF deficiencies, annually for a mid-sized enterprise, because of the exposure window, unnecessary remediation costs, and false positives’ impact. An augmented approach can reduce these significant losses.
Julien Bellanger, former Imperva CMO, co-founder of RASP pioneer Prevoty and Miggo Security Board member, says, "The data in this report validates the uncomfortable truth we see daily: vulnerabilities are being weaponized faster than any manual process can handle. We know WAFs can be used as a critical mitigating control, cases like Cloudflare's effective initial response to the React2Shell vulnerability prove that. However, the moment a vulnerability is out in the wild, an arms race starts where AI attackers are faster than ever. The imperative now is to make WAFs smarter and more automated so security teams can trust them to reliably implement protection against the 99% of vulnerabilities that do (and don't) make headlines."
About Miggo Security
Miggo Security delivers AI Runtime Defense through its application detection and response (ADR) solution, empowering enterprises to identify, mitigate and respond to application threats. Miggo enables organizations to secure traditional, cloud-native and AI-driven applications at scale, reducing exposure windows by up to 99% and cutting operational overhead by 30% or more. Miggo Security has been awarded Gartner Cool Vendor 2025 for AI Security and Frost & Sullivan’s Product Innovation Award 2025, among others.
Founded by cybersecurity veterans and backed by SYN Ventures, YL Ventures, Runtime Ventures and CCL (Cyber Club London), Miggo is defining the future of application defense — fast, resilient and real-time. Visit: www.miggo.io
Media Contacts:
Montner Tech PR
Deb Montner & Sherlyn Rijos-Altman
dmontner@montner.com
srijos@montner.com
