TMCnet News

SecureIQLab WAAP 5.0 First to Test AI-Powered Defenses with AI-Powered Attacks
[March 12, 2026]

SecureIQLab WAAP 5.0 First to Test AI-Powered Defenses with AI-Powered Attacks


Version 5.0 adds LLM security, AI-assisted bot attacks, and API gateway validation — expanding independent WAAP evaluation to 7 test categories and 3 new attack surfaces

AUSTIN, Texas, March 12, 2026 /PRNewswire/ -- SecureIQLab today published its Cloud WAAP CyberRisk Validation Methodology v5.0, the first independent methodology to validate AI-powered defenses using AI-powered attacks. Version 5.0 expands independent WAAP validation to 7 test categories and 3 attack surfaces that no prior methodology had covered: AI-assisted bots, API gateways, and LLM-integrated application stacks.

First WAAP methodology to test AI-powered defenses using AI-powered attacks

OWASP formalized LLM threat categories only months ago, API attacks have more than doubled year-over-year, and AI-assisted bots now adapt mid-session to evade detection. Prior WAAP evaluations never exercised any of these capabilities. Version 5.0 validates defenses across all three surfaces simultaneously, closing a gap that legacy test methodologies left wide open.

Key methodology highlights:

  • AI-on-AI validation — AI-enhanced payloads across WAF and API testing, plus 3 AI-assisted bot attack types: Agentic AI, Dynamic Bots, and AI Summarizer
  • LLM/GenAI security testing — OWASP LLM Top 10 subset across 2 risk categories: Prompt Injection (LLM01:2025) and Improper Output Handling (LLM05:2025), integrated into WAAP validation for the first time
  • Full API lifecycle validation — Security testing across 5 protocols (REST, SOAP, GraphQL, gRPC, WebSocket), API Gateway functionality validation, and Shadow, Zombie, and Orpha API endpoint discovery
  • 3 validation pillars — Security Efficacy, Operational Efficacy, and Compliance Efficacy across 7 test categories and 8 security efficacy threat categories
  • Broadest independent scope — spanning dedicated WAAP vendors, CDN/edge providers, hyperscale cloud platforms, API security specialists, and application delivery platforms

"WAAP testing has not kept pace with WAAP products. Vendors ship AI-based detection, API gateways, and adaptive bot mitigation, then point to test results that never exercised those capabilities. Version 5.0 is designed so that the test infrastructure is as advanced as the products it measures," said David Ellis, VP of Research and Corporate Relations at SecureIQLab.

The methodology is AMTSO-compliant (Testing Protocol Standard v1.3, AMTSO Test ID: AMTSO-LS1-TP169) and aligned to MITRE ATT&CK, OWASP Top 10 (2025), OWASP API Security Top 10 (2025), and OWASP LLM Top 10 frameworks. The validation is non-commissioned and funded entirely by SecureIQLab, with no vendor influence on methodology, testing, or results.


Testing begins with vendor deployment in March 2026, comprehensive testing in April, documentation in May, and publication targeted for late July, ahead of Black Hat USA (Aug. 1-6).

Security vendors interested in participation can contact [email protected]. Enterprise security leaders can request a methodology briefing to understand how WAAP 5.0 results will apply to their evaluation criteria at secureiqlab.com/contact. The full methodology is available at secureiqlab.com/go/waap5.0-methodology.

WAAP CyberRisk Validation v5.0 is the most comprehensive update to SecureIQLab's longest-running validation program. Full comparative results, including CyberRisk Ripple rankings across all three validation pillars, will follow the testing cycle. SecureIQLab plans to launch additional validation programs on its SOCx platform throughout 2026. Program details and vendor participation will be announced as each methodology is finalized.

Data Integrity Disclosure: SecureIQLab does not endorse specific vendors. This methodology defines the test framework and procedures to be applied uniformly across all participating vendors. Results will be presented as verified performance metrics and do not constitute a subjective recommendation or "rating" of any product. SecureIQLab disclaims all warranties regarding the application of this data to unique user environments.

About SecureIQLab

SecureIQLab is an independent cloud security validation laboratory based in Austin, Texas. Unlike traditional analyst firms that rely on subjective surveys, SecureIQLab provides empirical, real-time security metrics based on testing that maps real-world enterprise use cases to specific business challenges. SecureIQLab is a principal member of Mplify (formerly MEF) and a member of the Anti-Malware Testing Standards Organization (AMTSO), AVAR, and NetSecOPEN.

Media Contact

SecureIQLab Communications [email protected] 1-512-575-3457

Cision View original content to download multimedia:https://www.prnewswire.com/news-releases/secureiqlab-waap-5-0-first-to-test-ai-powered-defenses-with-ai-powered-attacks-302711732.html

SOURCE SecureIQLab


[ Back To TMCnet.com's Homepage ]