Hello, good morning. Good morning, everyone, and welcome to Radware's Investor Day. We are happy, excited, to host you here in person and also on the webcast. So in our agenda today, we'll start with Roy Zisapel, who will present the vision and the strategy. Followed by Connie Stack, who will present the growth plan, and David Aviv, who will present the innovation and the offering. After a short break, David Roth and Randy Wood will present the go-to market, and we'll conclude with the financial performance from Guy Avidan. After another break, we will have the Q&A session, live session with our executives. And after we read the safe harbor statement carefully, I would like to introduce Roy Zisapel.
Okay. Good morning, everyone. It's a pleasure to have you today with us. We're excited to take this opportunity, we didn't do it for a couple of years, to give you a view of the business, to focus on the core aspects of growth, and frankly, also to show the progress we've made. And furthermore, as we are all coming together, we will give you some additional information or insight to some of the growth drivers we are playing, specifically one in the go-to market around MSSPs, and one in the expansion of the product and the cloud platform around API and AI, that it's a great opportunity to share and provide you the full view on that. Okay, so let's start.
Radware, we are delivering a comprehensive, real-time protection to the crown jewels of our enterprise and carrier customers, the very large applications. We're 1,300 people, 3,500 customers, and those are generally very large customers, so the opportunity there is massive. We're one of the very, very few companies that built a cloud security platform, and we have today 65 locations with 30 terabit of capacity. 2025, as you all know by now, was a record year for us. We crossed $300 million revenues. Our cloud security is scaling close to $100 million and actually accelerating in growth rate, and as a result of that, the vast majority of our business, now 80% of our business, is recurring business.
If you think where we were several years ago as an appliance company and where we are today is a massive shift into a subscription business model. And as our cloud scales, so is our ARR, and Guy will show it in his presentation. Now, total ARR for the company is growing 11%. What are the investment highlights? So first, Radware today is a cloud-first security company. We have a leadership platform for cybersecurity to protect against this very complicated problem of mission-critical application protection. As I've mentioned, our cloud security business was the major growth driver, is accelerating at scale. Beyond that, and Randy and David Roth in their go-to-market presentation will share more details of that, we are seeing strength also in our on-prem business, especially in second half of 2025, and that drives subscription growth even further.
We worked very hard on our go-to market. We have a global presence, and we've optimized it further, and we're now expanding it, and David, in the go-to market presentation, will share with that, both with the OEMs, but very importantly in you. If you saw our announcement from today morning about Bell Cyber joining us as a new MSSP, the whole MSSP action that we have. And all of this has positioned the company for sustained double-digit growth. So let's go deeper into each one of these. So first, our current markets. If you look on our current markets, we're playing in the web application protection and the DDoS protection. What's nice to see is that those markets continue to grow, and they're expected to roughly double by the end of 2028. So there's very, very strong market demand behind us.
People are putting more and more applications online, and those are becoming more critical, and they need protection, and we, with a very strong platform, are standing to deliver that. So our platform is protecting any type of application. It can be a web application, it can be a mobile application, it can be an API application, and as all of us are hearing in recent weeks and months, is it can be also an AI agent, and we'll talk about it. So any type of application that can reside anywhere. We, we are indifferent if the application runs in public cloud, Azure, AWS, GCP, or in private cloud, legacy, Kubernetes. Wherever it runs, we can protect it against a whole set of attacks. And what you're seeing here is all kinds of families of attacks that hackers can take advantage of to-...
Bring the application down to target the confidentiality, integrity of our applications. How do we do that? That's very important. We built one fully integrated, comprehensive platform. This is not a platform that we stitched from 10, 15 acquisitions. This is something built from the ground up to serve the mission, the protection of mission-critical applications. And over the last two years, and David Aviv, in his presentation, is going to talk about what we've done with AI, we've weaved into each and every model a lot of AI protection capabilities to make the platform even stronger. The strength of this platform is resulting in major wins at the very high end of the market. And you can see in this slide, we are serving nine out of the 10 top carriers. For example, four out of the 10 biggest SaaS companies in the world.
One of them was a new customer for us. We just won second half of 2025 in North America, so we continue here to expand, and people recognize the leadership we have in the solution. And you can see some of our large references below: Salesforce, Cisco, eBay, and so on. So let's now go deeper into the platform and the way we look on the growth and the market going forward. Connie is going to mention that and, and explain it in more details, but we are seeing four waves of growth. If you think where Radware is generating today, the business, it's in the DDoS, in the AppSec, what we call the web economy. What do we mean by web economy? People were digitizing their business, they were putting web applications online, and those need protection.
This is where the business is today, and we believe we can continue to grow and foster here. But in recent years, people started to use the application economy. I'm talking about application-to-application information. I'm talking about APIs, and that's another wave of potential growth because that needs to be secured as well. And last but not least, the AI economy, the agent economy, how AI agents are going to function and deliver productivity, commerce, et cetera. And we are going to share both on the product side and on the, trend side, what are we seeing there? We're seeing four potential growth drivers for us. Let's now dive into the third one, the API security. This is a fast-growing market now. It's becoming a billion-dollar market this year, growing 30% CAGR, so very promising. It's really in the large enterprise.
We see 2026 and 2027 as a peak year of decision-making and consumption, so we are really at the right time for that. We've built and released, just short of two months ago, a very, very strong API security solution. Very comprehensive, and we've topped it with the acquisition of Pynt that adds to us this API testing for pre-production. So today we have a very wide and strong, and, you know, we'll share more details about that API security solution, and we strongly believe we can participate very well in this new TAM and SAM for us. As we go forward, we also prepared ourselves for the agentic AI security, and I will not share tons of additional market statistics on AI. You're probably overwhelmed by now with that.
But it's clear that AI agents or Agentic AI is going to be used heavily by enterprises to automate processes, to improve productivity, customer service, acceleration, business demand, and so on. What you're going to see is that with these great outcomes or great potential, you're getting also huge amount of possible threats and attacks that are very real and very risky. Hence, there's a clear need to secure those Agentic AI, and the attacks are completely different from attacks we've seen until today. So there's a new market for AI cybersecurity. You can see the TAM by Gartner. The numbers are mind-boggling. You know, you're talking $170 billion in 2029. For a company like Radware, that's more than an ocean. It's a whole galaxy of potential.
What AI means to Radware, or why do we think AI is an amazing opportunity for our company? You know, for some companies, AI can be a tremendous risk. For us, it's a major upside, and there are three areas I want to highlight to you. First, with all this AI technology, it's not only serving the good guys. Also, the bad guys took notice, which means AI allows them to create faster, better, stronger, more scalable attacks in very, very quick time. So for that, our customers, for their regular applications, forget Agentic AI and API. For their regular applications, they need better security. That creates demand for cybersecurity platforms like us. It's going, you know, there's going to be clear differentiation between platforms that can do it and platforms that cannot protect in real time. You, you'll hear from David about our algorithmic strength.
We're definitely ones that can do it. That's a tailwind of demand for our cybersecurity platforms. The second point is that, and I've mentioned it on the platform, we've weaved in GenAI and AI algorithms to our platforms to make it better. So making use of AI across, and AI agents across our operations to make it faster. You'll hear it even on the gross margin from Guy, to make it more cost-effective. So high use of AI, this we call Protect with AI. We are utilizing AI to do better protection. And the biggest potential from revenues and impact is the agentic AI.
Those agents need protection, they need cybersecurity, and we just released two new offerings, the Protect AI, to protect those agents, and Serve AI, to allow our enterprise customers to serve consumers that are coming with AI agents, and not mistakenly thinking they are automated bots that needs to be blocked. So there's both on the enablement and in the protection. So all in all, AI for us is a great opportunity, and with the new products we've launched just two weeks ago, we're heavily addressing and targeting this opportunity. Now let's go into the cloud security performance by itself. This is our main growth driver, and I think it's executing very well. Not only that we're scaling, we're actually accelerating the growth. Last year, we increased growth rates from 19%-23%, and as we shared, we're targeting 25% at least. The potential is there.
We have a very strong solution. I just covered at high level our technology stack there. We are executing extremely well for our customers. The outcomes, our ability to protect in real time is at the highest point in the market, so definitely we're seeing that as a continued growth driver. To that, which is today, again, centered on this web economy, the AppSec and the DDoS, we're adding the API security and the AI security. That's why we feel also the TAM and SAM expansion give us more tailwind behind these growth rates for the coming years. To execute that, you're seeing us, and we are releasing every time more and more data centers we're opening across the world. If you ask yourself, "Okay, why are they continue to do so?" It's because we want to get closer to more customers.
There's a lot of data sovereignty issues in the world. If I'm a bank in Singapore, I'm not allowed to ship my traffic to Thailand or to Hong Kong. I want to be served from Singapore. There's performance considerations that are secondary. There's compliance, and so on. So we're opening and building the global infrastructure. I told you we're already at 65 nodes, so we are very... We have a very nice infrastructure, but we're continuing to build and scale this global infrastructure, and all of that together, we feel is a very good, you know, starting point to continued growth in the cloud era. Beyond this growth driver, that, as I said, we feel very strongly about it, we're starting to see also very good outcomes from our on-demand, on-premises appliance business.
The things we've done with this on-prem DDoS mitigation, which we call DefensePro X, that I'm going to highlight, are driving significant subscription growth. On the product side, leave aside cloud, now we're talking product subscriptions, we're seeing very good outcomes there. The DefensePro X is unique in the market because we're controlling in DDoS, we're controlling the full stack. We are the ones that are developing the FPGAs. We're developing the hardware, the software, the algorithms, the management platform, the orchestration, and the cloud solution. There's no one else in the market that does all of that. We are unique in our capability, and that allows us, with the algorithmic-first approach, hardware investment in cloud, to be by far the leader in the hybrid cloud DDoS market.
So when customers are aiming really high to the very, most advanced solutions, most sophisticated outcomes in DDoS, it's our opportunity to lose. In the DefensePro X, the new generation of DefensePro, we've put a lot more subscription content than in previous generations. So a customer that migrates from a DefensePro 8 to a DefensePro 10, even for the same amount of total dollars, will have more subscription content, and sometimes the whole solution will be sold as subscription. But beyond that, all the advanced feature set, application protection, network protection, management, are all sold as annual subscriptions. We're seeing now the impact of that, especially that we have now the tailwind of the end-of-sale announcements on DefensePro 8. So customers need to migrate. When they upgrade with us, we immediately see that.
Also on new wins, like I mentioned to you, the SaaS, global SaaS providers, there's immediate contribution to our subscription. The end result, and we've published it in Q4, our total subscription business, our total ARR and revenues yield is growing now 21%. So you already know cloud ARR is growing 23%. The total growing 21%. Product subscription are growing strong double digit. We're very interested—we are very excited by that. We think we can continue with that. It's a very, very important point, and I think a second growth driver that drives the overall subscription of the company. Go-to-market. We're going to discuss today several core concepts of our go-to-market strategy. First, Randy, in his presentation, is going to cover what we're doing in North America, what we've done, what are the outcomes we've seen, what's our plan going forward?
Then David Roth is going to share two global initiatives. One is the OEM, give a bit more insight of the trends we're seeing there, and the MSSPs. We believe MSSPs are a great way for us to expand to the mid-market. So are OEMs, but MSSPs even more. As a company, our direct touch is focused on the very large enterprises, and we mentioned that. We don't have the resources or the scale to go mid-market, but with MSSPs, we can, and we're going to share more details on our plan, our traction, our results in the market. We're very excited by that. So within go-to-market, it's all about executing more with what we have, executing better, accelerating the growth, and opening new ways to market to scale through the mid-market.
All of that, if you capture everything I told you and where the company is today, already with 11% ARR growth, 10% growth year-over-year, and all the investments we've done, I think it prepares us very well for the future. If you take the 25% CAGR on cloud, and Guy will cover it in detail in his presentation, and play it out, that drags by itself, without any additional assumptions, the ARR growth to 15% and our total revenue by 2030 to $500 million. We're planning to achieve that, and with strong profitability and cash flow, like we always executed. So to summarize my opening presentation, we are a cloud-first cybersecurity company. We're very unique in the strength of our platform and the expansion we're doing now into API and AI security with huge potential.
Our cloud business is accelerating at scale. We're at a $100 million, and we continue to forecast 25% ARR growth. With that, we're starting to enjoy the on-prem business subscription growth that together are driving the total subscription of the company to be above 20% growth rate. In the go-to-market, we are heavily investing in North America and broadening to the mid-market through MSSPs, and all of that will allow us to sustain double-digit growth for the coming years. So thanks for attending, and I would like to ask Connie, our Chief Growth Officer, to take it from here.
Thank you, Roy. All righty, let's flip here. Hard act to follow, hey? Guy has a lot more experience at Radware than I do. I'm in month 11, so, that, that'll give you a comparison point. I've known Roy actually for about six years. He checked in with me annually over those six years to say: "Are you ready to come to work with Radware yet?" But if you go check me out on LinkedIn, you'll see two things: an AI-generated headshot, which demonstrates we're all using AI now, and you'll also see a long career in startups. I was a growth stage startup hound. I've been at companies that have scaled from zero to 100 million in ARR. I've been in companies that have scaled from zero to 64 and have gone through a few successful acquisitions.
So in order for me to make the decision to join my first public company, which was a big leap for me, I talked to Roy about my role. Like: "Roy, are you really serious about hyper-accelerating the growth of this company?" And he said: "Connie, I am very serious about it. We're doing some pretty cool things, and I think you can help us." So he said, "Come on in and join us," and this is what I'm gonna be doing. I care so much about growth, I insisted I don't want a CMO title. I am a Chief Growth Officer.
I'm gonna collaborate really closely with you, Roy, all the executive leadership team, everybody in the business, our board, to be able to build meaningful strategic vision for the business. But I absolutely will run marketing because I, I think... I love that saying, "Vision without execution is hallucination." Owning the marketing team, owning the sales development group, I own top of funnel, right? I've got to make sure that these visionary strategies work and can be executed, can turn into sales motions for those two gentlemen in North America and around the world, and I'm gonna introduce them in a moment. So it was a big deal for me to leap into a public company, and I'm thrilled to be here. My first 11 months have been fantastic. I can tell you, I've probably joined the most startup-like public company I could ever imagine. We operate like a startup, which is fabulous. So when I joined the business, I thought, "Okay, big task ahead of me.
How are we gonna develop a great growth strategy for Radware?" So I thought, two things you need to understand, Connie: You need to understand the market. What is happening in the market today? And the second thing I need to understand is how to evaluate all the options for growth that we have, right? Because sometimes it's easier, frankly, to do too much, right, and try to boil the ocean, but I wanted to focus, and I'll talk to you about how we're doing that in a moment. So Roy said I will introduce this slide as... Well, he introduced it. I'll tell you a little bit more about how we think about it...
I think about these waves of market disruption that have happened and how well-positioned Radware is to take advantage of those. The web economy, the app economy, and the agent economy they're all running in parallel today. There are companies out there that still run fairly traditional websites. They still matter. They care deeply about DDoS. They care about being protected against that. They care deeply about their application security and being protected. Radware is there. We also have an emergent app economy, as you guys all know. In the early, what, 2010s, let's say, there was a shift in software development to APIs, right? So that software could talk to software, even if you didn't build that software, and that opened up a massive threat surface, and we're there, too.
Roy talked about our relaunch, effectively, of our API security solution, in the fall, but we've had API security, pieces of that solution, for a few years now, and we have customers that are using it effectively. But we are excited about what we're going to bring to market with our full suite, and we'll talk about that in a moment as well. And then the agent economy, I have to tell you, this is the piece that I'm so excited about. And Roy, honestly, he tempered all of us in our preparation meetings for this session today. He said: "Guys, don't go too focused on AI, because we do so much more.
You've got to be able to, you know, make sure everybody knows we're not abandoning our heritage, and our legacy, and all those customers that count on us to help them thrive in the web economy, in the application economy, and now in the agent economy." So we're not going to over-focus there, but I can tell you I'm truly excited about this. We'll talk about it a little more. So the second thing, I see a few people out here that are about as old as me, so maybe you remember the Ansoff Matrix from business school. I need to understand what's happening in the market. We just discussed that. I also need to understand: How do I filter through all these growth opportunities and decide what are we going to focus on, right? What am I going to work with Randy most closely on in North America?
What's going to resonate here? For Dave, rest of world, and so on. So this was a good framework for me to evaluate these opportunities, and I'm going to double-click and dive down into all of those. For people who aren't familiar with Ansoff, it's basically focused on the products and services, solutions you're selling into the markets you sell to, right? And that's essentially what I was. You know, a great framework for how to think about growth strategies. So if we double-click here on, you know, we want to be able to penetrate further existing markets that we're already in. North America is a great example of that, and with the products that we already have.
As Roy said, right, yes, API is here, and it's exciting, and yes, AI is coming, but we have a great solution in DDoS, Cloud App Sec, and even our on-premise subscription solutions as well. So we decided on a North America double down. I hope everybody's excited to hear that, because some of the feedback that I've gotten from customers and prospects in the past is, "Connie, we're concerned. Is Radware committed to the U.S. market?" You bet. We've never not been committed to the U.S. market, but we're going to demonstrate that. And, of course, being a marketer, I call it, you know, there is a double down, or I would say a triple down, that's happening in North America.
I'm not going to steal all of Randy's thunder because he has a deeper dive on that, but I am going to talk about a couple of points. Then competitive displacement. When you're talking about penetrating a market with existing products and solutions in a market that's fairly saturated, you guys all know, many of the opportunities we're walking into, from a sales perspective, are, you know, they're... It's a displacement decision, right? They're making a decision, potentially, to leave one of our, you know, major competitors. So we have to have aggressive sales motions aligned with those refresh cycles, and we do have those. We have. I mean, superior product features are why people are coming to us, right?
Some of the new stuff that we're introducing, the integration of an API solution into the Radware platform, is very exciting to the market. We also have switching incentives. You know, we want to, we want to take down those barriers to exit, and sometimes, you know, if you're not quite at the end of your license for a particular product or solution, we might, you know, help you, you know, coax that, move away from them faster with some incentives. So this is what we're focused on. North America double down. Here's where I will introduce Randy Wood. Randy joined the company in July 2024, so he predated me. He's SVP of sales in North America. He has done tremendous work. I'll let him tell you all about it. I obviously joined in March 2025. I'm in month 11. That's my AI-generated headshot.
Chief Growth Officer, and as I said, work on strategy as well as run the marketing and the sales development team. And David Roth, he, I used to be the newest, but now he's the newest. David just joined us in July, in time to literally go around- or, sorry, January, in time to really travel around the world and hit all our skos. So he's going to share his insights there. We're here. We're in this geo. We're in North America. I'm north of Boston. Randy's in Virginia. David's in Dallas. So we are definitely, you know, focused on this market. We know, in order for Radware to win big, we've got to win in North America, and Randy and David are going to tell you how we're doing that. So our game-changing platform, I... Oh, sorry, clicked too fast.
I don't think we spend enough time talking about this. I say to, you know, to Roy, sometimes, you know, one of my most important stakeholders inside the company, right? You might hear a lot of language about the Radware portal, the portal. It's a platform. We have got to start to say that loud and proud. We have an incredible platform, and it is one that has been built on a long legacy and knowledge of unique features for us, right? David, I can take no credit. David Aviv can. He's been the CTO for years. We have been using AI since before it was called AI, right? We were one of the first companies to introduce machine learning and algorithms and behavior-based threat detection to neutralize threats in real time. We have a predictive engine, right?
We are using, again, very sophisticated algorithms to be able to understand, is this a risk, and help you take care of it quickly. Anti-fragile, this is a system that learns and gets better. It doesn't get stuck in the past, it doesn't rely exclusively on signatures and that sort of stuff. It gets smarter every time, and all that knowledge gets spread across all our customers. And we're covering all enforcement points, as Roy said, network application, API, across cloud and on-prem. So all those components and where we can actually, you know, secure are very. They're still important. All those aspects are important for us, and they will continue to be. So let's move to product development, and here we're talking about existing markets and new products that we've introduced, or better described, as new modules to the platform.
I'm gonna talk to you guys a little bit about API security, a little deeper than Roy spoke of. EPIC- AI, the introduction that we made predated me again. That was in the 2024 timeline. AI SOC X and AI DOC X, and why these are important. They're important, number one, because we're sending a signal to every one of our customers: We're continuing to develop features and modules for you that matter, right? And that make a difference to your your security posture and improve your protection. API security, complete solution for API testing to runtime security. There are lots of API security... well, not lots, actually. There's a few on the market today. We believe ours is the most complete, particularly with the addition of the Pynt acquisition for API security testing.
You will be able to test APIs before you push them live, and then actually watch, observe in runtime, and be able to make sure you're protected against any threats to your APIs at that point as well. AI SOC X, apologies, that is my responsibility, that typo. It's essentially a copilot for your SOC analysts. We all know SOC analysts are very, very busy. They're always, you know, they're called upon to do a lot. They get buried in a lot of noise, you know, so they're trying to say, "You know what? What is the signal?" AI SOC X helps them figure out what the signal is, and it really is they have a copilot that will allow them to do investigations faster and really reduce their mean time to resolution, which is, you know, what it's all about from a security perspective.
AI DOC X. This one, you know, it's one of those things like... we're like, "Okay, we can make our customers' lives easier by building essentially an LLM of all our materials around configuration of our platform and all of the modules and solutions." We thought, "This is easy for us to do. Let's get that done." Customers love it. They're like: "Wow, this is incredible. You know, I can find an easy way to understand the configuration of my WAF or what I should be doing, you know, with, with my API solution." So it really is. It's a knowledge-based model on top. Easy way to get quick answers, good answers to the questions you may have about configuring the platform. And then we come to market development. Now, market development here, I'm not talking about moving into another region of the, you know, of the globe.
We're everywhere. We're in the largest economies, you know, around the world. So when I think about markets, I think about new opportunities to sell through. So here we talk about OEM with Cisco and Check Point. David, again, not gonna steal your thunder. He's gonna dive into those. I will spend a little bit more time, though, on the MSSP market. Roy mentioned that. Now, this again predates me. It was a, you know, that was a focus market that we wanted to get into a few, at least a couple of years ago, and we have done that. And what that allows us to do is bring our solution to even more and more customers, right? We're only gonna hire so many salespeople, and this gives us a lot more essentially sellers on the street.
We're very focused on MSSP. We've done a great job. We've also introduced new features and functions, and I think Randy or David's gonna talk-- David's gonna talk about those as well, so, I'll just dive in here. We're making news with this program. We are landing MSSPs around the world. David's gonna talk about Spark in New Zealand. I'm gonna show you a video in a moment for MAIRE, our MSSP partner in Milan, Italy. They're probably enjoying the Olympics right now, which is nice. But we're making really good headway, really good progress here, and essentially it is a force multiplier. And I said, "You know, I can tell you all about it, or I can let one of our MSSP partners tell you about it.
We were looking for a partner able to combine technological excellence, and management expertise. Radware impressed us with AI-based and fully managed approach. The platform, including WAF, bot management, API protection, and DDoS mitigation, provided us a complete coverage and automation in a single environment. Radware, a strategic partner on our journey for increasing our intelligence and proactive cybersecurity. Looking ahead, we plan to extend Radware's solution, like including API protection, adaptive AI security, and threat intelligence services, to make our cybersecurity team stronger.
These kinds of customer testimonials and case studies are so valuable, and they're so hard to get. Security people just don't want to target on the back. They don't want to talk about the solutions they use, but this is absolutely fantastic when we can get one of our MSSP partners out there and proudly saying, "You know, it's, it's Radware. These are solutions we chose. We're gonna bring them to our customer base because they offer superior protections...." All righty, next up, where I am definitely most excited, is really around the diversification opportunity that we have, given this. It's not a wave. Agentic Security is a tsunami. I think we all know it.
I don't wanna pour it on too thick, because every meeting you're in like this, you're gonna hear about AI, AI, AI. If any of you are planning to go to RSA Security Conference in a couple of weeks in San Francisco, you're gonna see AI, AI, AI. And, and but it is. It's that big a wave, and it is very exciting. As Roy said, the CAGR is incredible. I actually think right now, Gartner is. You know, these are impressive numbers. One would argue they're underestimating. I will argue they're underestimating, and I'll tell you why in a moment, but I'll plant the little seed about serving AI. So what are we doing on diversification? When I joined the business, we had kind of an informal tiger team on AI, thinking about it and what should we do.
I formalized that tiger team, and we dove in. I worked very closely with David and Roy and a full team, cross-functional team, across the business, including our sales leaders and so on, and said, "Okay, where do we think the opportunities are in the market?" This is not rocket science to anybody. We saw a lot of our customers and prospects were having conversations with us about LLMs. They were building their own LLMs or using off-the-shelf LLMs, be it, you know, the ones from OpenAI or Google or whatever. So they have LLMs that they need to protect, and we built that protection. We obviously have been in the WAF space for a while, so firewalls are good for us.
We know them, and this was a solution that we put into market relatively quickly, and it is available now, again, as an add-on to our Cloud App Sec complete license. Radware Agentic Protection, this is really an industry-first solution. I won't steal my own thunder 'cause I have a slide. We'll go into that. And then bot management, again, this is on the Serve AI side that we're gonna talk about and why I think Gartner may be even underestimating AI security spend. When I think about this and how we are formulating our thoughts to the market, right? When we're talking to customers and prospects, this is how we're framing it up for them. In the web and app economy, every one of our customers wants to know we, as their partner, right, as a technology vendor, are leveraging AI in our own solutions.
Now, hopefully, I've illustrated to you, yes, we are. AI SOC X, AI DocX, as well as EPIC -AI, right? We've taken and put an AI wrapper around all of Radware's platforms, so we are definitely leveraging AI. In the agent economy, we know our customers want to use LLMs. They want to use agents in their own environments. They wanna streamline workflows. They wanna save money. We all see it in the news, right? When somebody proudly says, "Hey, I cut my software, you know, engineering group in half." Or, "Hey, you know, I used to have 10,000 agents in my call center. I now have 5,000 'cause we're so effectively using these AI agents." And this is where protecting AI, LLM models, and agents, this is a solution that allows our customers to leverage that new technology securely, right?
Use the LLM, use the agents, but do it securely. And then Serve AI, this is really exciting, and I think David's gonna talk about OpenClaw. Show of hands, anybody hear about OpenClaw recently, this new agent that went viral? Ah, a couple of hands. Excellent, excellent. OpenClaw. This is a consumer-facing agent. This has been built as an open-source project. Their desire is to get every one of you and me and everyone in this room using it to go take care of all the mundane tasks we don't wanna do: shopping, online, booking travel, whatever you might wanna do, that's what they wanna do. Our customers, eBay in particular, one of our publicly disclosed customers, they are very concerned about this.
As people start to use autonomous agents to go out and do tasks on their behalf, they want to make sure that these are not malicious. Just as with their traffic with bot, and this is why, again, falls into Radware's sweet spots, they wanna make sure this is legitimate agent traffic, and we provide a solution for that. So we want to allow our customers to serve AI. There's a lot of cybersecurity companies in the market today that are focused on block. Binary decision, block them. Don't let them on. You know, some of our major competitors are like: "Don't let AI crawlers, you know, come to your website," and so on. They're gonna be losers in the future if that's the strategy that they use, right?
You're going to have to welcome these agents into your environment and serve them, make sure they can complete their tasks in order to drive your own sales and your own revenues. This is kind of how we're framing it up when we're talking to prospects and customers about the Radware solutions, which buckets they fit into, and what is the business value they enable for our customers. Now, again, I told you, you're gonna hear AI a lot. You hear about it all the time, but why are we different, and why do we think we're positioned to win here?
Most of the security solutions that you're gonna see in the market today around AI, including, by the way, all the security built by the major providers of the models and agents, OpenAI, Google Gemini, Microsoft Copilot, and so on, they're guardrails-based, and guardrails are very, very good. But you have to know what bad thing is gonna happen for a guardrail to be effective, right? These are rules and policies, so it's to say, this is the known. We have behavioral classifiers. This is patent-pending technology David and his team have developed in order for us to supplement guardrails. Again, not saying they're, they're, they're not important; they are. But we supplement that with behavioral Classifications that allow you to be secure against the unknowns. Was it Donald Rumsfeld? ... the unknown unknowns. Well, Radware, unknown unknowns. We're gonna help people do that.
This is the key differentiator for us. All right, I'm probably going long, I apologize. I wanted to reiterate, you know, for everybody in the room, Radware, innovation's been at the core of this business since the beginning of time. I mean, even way back here, behavioral DDoS protection, Radware was the first to bring that to market, right? This whole idea of using machine learning and algorithms in order to help and protect against denial of service attacks. I'm not gonna go through everything, but I will point to agentic protection, API security, and our bot management, the Serve AI components that are coming. I don't think, frankly, the company gets enough credit for this. It'll be the first time... I don't think we've gotten enough credit for moving to the cloud.
But then, that's just me, but I'm a new public company girl, so. All righty. This is our goal, and it's my goal. Right now, just because of the fact that, you know, Radware's a 30-year-old company, you get stuck with that legacy tag, right? And this is really where my marketing... I've got to flex that marketing muscle for sure, because I got to get rid of that. I've got to be able to get few people focused on the innovation that we've had since day one in the business, and have people think about Radware in- when they think about innovation, growth, entrepreneurship, revolutionary markets, I want them to think about Radware. So that's what I'm gonna be doing. You'll see more announcements from us in the future regarding messaging, branding, and that sort of stuff. Lots of cool stuff coming. Hopefully, you enjoyed the presentation. Thank you. Up next, David Aviv, my buddy at Radware. There you go, David.
Thank you. Thank you, Connie. Hi, everyone. Good morning. Okay, so let's talk a little bit about the innovation to meet the disruption that is happening now in the market. So I'm sure you have seen this slide a couple of times today. So what I would like to do is to share and tell our story, the way we evolve our products and solutions to lead in the current waves and the upcoming AI, and the agent-driven world. It's going to be a big change. Soon, not soon, it's coming. So let's start with that. My role is to incubate innovations to support the growth. Out of the entire pitch that I'm going to talk today, I would like you to remember those three things. Only three things: security leadership, cloud-first delivery, and AI agentic security readiness. Those are the three things. Elaborate a little bit.
You know, Radware culture and DNA, algorithm first. Connie mentioned it, Roy mentioned it. Many years ago, we baked machine learning in the product line. So obviously, you know, the machine learning, the early generation of AI and generative AI, very natural to Radware, and we'll see the results later on when we'll talk on the AI. With that, we were able to bake and launch a behavioral best-of-breed line, product line. So we consider the entire product line, the DDoS, the WAF, the bot manager, and now the new baby, the API, best of breed. It's not that we tell it to ourselves, customer tell it, and you will see some of the reason for that. Then obviously, with that, building the best of breed for each layer, we built a complete comprehensive security stack. Now, how do you package a stack?
Through a cloud delivery, cloud motions. But not only the cloud, the cloud motion, the premise motion, and very important, the hybrid ones. Combine both the premise... And the premise gets more and more, you know, it's a sine wave in history. Now, premise becomes more popular because of the AI data center, et cetera. So by that, I can tell you that we are very confident when we say, and we tell the market, we are ready to move to the next wave, which is the AI disruption. The next 15 minutes, you will see why we are very confident when we say that. So we're humble, but confident, what we say. And that's... And once again, provide serving and protecting agents, and what's more dramatically, everywhere. Doesn't matter where, which platform you're running.
Remember those three, the other key things, the key takeaways I would like you to get today. So let's dig a little bit into the security leadership. We have already discussed the algorithm first, and once again, you know, our customers have been enjoying the fuzzy logic technology 15 years ago, baked into the DefensePro. So every DefensePro generation use 15 years ago, machine learning. As simple as it is, that technology wasn't launched because it's a machine learning, 'cause it simply enabled us to see things no other competitor could see. Could detect and amplify attacks that are beyond the radar, below the radar noise. Very simply, and with that, we have evolved into building more and more detection and mitigation algorithms on top of it. So this is straightforward for us. Obviously, Roy mentioned as well, on-prem leadership.
On-prem leadership means that we provide today, we believe, the best and actually the only DDoS hybrid solution in the market. Hybrid enabled and powered by new generation of the FPGA scalable platform. So we have both the platform for the customer that require those ones, and part what those algorithms at the premise, the cloud, and the hybrid itself. And next, the best of suite cloud platform. So I'd like to park a little bit on, on the, on that service portfolio, on the entire stack. We have a full stack. The first time we can say we have a entire full stack, starting from DDoS. When we say DDoS, not only network, expanded to application DDoS. By far more important today in the sense of running against the APIs and, and any, any site outside.
You can see through the bot client-side protection enables you to simply protect yourself from third parties that are connected natively to the application backend, to the service backend, the web application firewall. Account takeover, we have already couple account takeover, which is one of the most vicious attacks today, in which you try to actually take over the crown jewels of someone by manipulating his credentials. And obviously, the new baby, the API. With that, we have a full stack, and it's empowered by AI. So I'll give you just example, one of the things that AI... What does it mean, powered by AI? You know, when you run large customers which have many, many application, many endpoints, you run, let's say, a web application firewall, which is a rule-based. Rule-based create noise. Why? Because the application change themself.
The customer don't have enough manpower, sit all the day and change the rules on, on a daily basis. It's impossible. The result, after a time, the rules are not tuned to the real use of the application, the noise, the false positive get. So we designed an autonomous agent. Autonomous agents, AI agents, looks on the security event, monitors them, understands and figures out automatically, "Hey, what kind of rules needs to be tuned?" Does the calculation, the algorithmic calculation, provides the understanding, the reasoning, and provides recommendation automatically how to tune automatically the filters to reduce the noise, the false positive noise. So we can now provide a huge business value, scale, provide scalable solutions to the customers with a guaranteed SLA, because what really matters to the customer, can you guarantee throughout the operation my SLA, so I can sleep, sleep quietly?
That's the most important thing. So that's just one example of the usage of the way we power our current generation with AI. Connie mentioned the SOC X. Connie mentioned also the Doc X. There are many, many things. We don't want to overwhelm you, but that's part of making the cloud faster, smarter, better, and most important now, also streamlining it for service excellence and customer experience. Very important, automated processor for service excellence. Adding brains, basically the SOC X concept is adding a brain, a subject matter expert brain, like I showed you. You can see the screen, what I described before. The way it does the auto policy, the noise reduction is done automatically. Customer can come in, look what's going on, hit the button and apply the rules inside.
That's better, smarter cloud with service excellence and customer experience motions. So with that, we're adding a new model. So as mentioned before, we had API, not a full suite. So why does it matter? Because you can see by the numbers now, the API growth outpaces the entire risk. Everyone uses API. And let me tell you a small secret. When you use AI, AI below runs APIs. So there is, will be acceleration of that by the usage of AI as well. The most important, exactly like in application, but much more dramatically, API is changing. API changes on a daily basis, weekly basis, daily basis, depending on the application itself. Once again, how do you cope with it? How do you provide a solution? How do you measure the risk? For that, we decided to move to a completely new leading end-to-end API security suite.
With the newest acquisition of Pynt, we completed the entire API delivery pipeline. So we are supporting now the APIs, what we call the shift left, from the build time, when you start building them, designing them, up to the runtime, the shift right. So it provides us now a full control on the API pipeline. Testing, providing the builder, the application builder feedback, continuous discovery, I'm reacting to the changes of the application. Every couple of hours, boom! We have launching a new discovery to understand what are the changes. Based on that, we build the risk posture. Risk means proactive attitude. We are proactively alarming you. "Hey, guys, there is a risk here. Either you patch it, if not, we can patch for you in the cloud," certain things, not everything. More dramatically, the real change is in the runtime protection, the business logic.
Think of the business logic. This is where the real attackers are going because they are hunting your crown jewels, hunting the real secrets of the enterprise. How? They simply manipulate credentials. They manipulate the credentials, tokens, whatever, identities, and by that, they are able to get into the crown jewels. Very tough, because it's a... I would say, quite a complicated, a security algorithm. So that's why we came up with now an end-to-end suite, which is adding a new model to the entire platform, and now we can say that we have an end-to-end full stack app-- application security stack. So now we are coming to the real stuff, the, the new stuff. As a CTO, I'm excited, obviously, on that, and Roy warned me not to talk too much on that, so, it's okay.
We have invested a lot in the application security, network security. So think of everything, a company with a cloud delivery, delivery, that we have now network security, application security, and AI security, all the three layers together. So let's go on that one, on the AI agent-driven agent economy. Agents are building the new world, connected to anything you can, you can think of, and you know the recent, what is happening to the SaaS company because of that. But the most important time, thing, is that enterprise agents are here and to grow dramatically, probably. Now, Connie also mentioned the open source agentic fabric. Slightly consumer. This is the lobster moment, calling this the lobster because the sign of OpenClaw is a lobster. So it's a lobster moment coming to the industry. It's very important because it's going to change many thing.
We don't have the time to deal with it, but think of just that agents are starting to talk to each other through communication, through human communication channels, Slack, WhatsApp. Agent talks to an agent, open up a social network, they start a huge amount. Most important thing for us, Gartner launched, end of January, it's two weeks ago, a warning with agentic productivity comes with unacceptable cybersecurity risk. Very simple. Let's translate it. But before translating it, let's understand why. Those are injections, part of the ecosystem, that you don't know about them. They don't exist, and why? Regular application, application load, in order to do injection, you need to be a coder, a programmer. You need to understand. So you need to understand how to inject the query, so it will do the injection, divert the query.
Here, with LLM, with natural language injection, the software programmer is the English guys. The English language becomes the program, which means they collapse boundaries between natural languages and instructions. This is the main risk, collapse boundary. English, Chinese, Hebrew, French, whatever language, is instruction. Why? We demonstrate, and we'll see in a second, that I can run white letters on a white background. Human won't be able to see it. LLM machine will see it and do the instruction, obey the instructions. Very simple. It means that when we go to the agentic era. The risks are expanding exponentially. Actually, hyper-exponentially. Every email, every resource, every message, anything can be an attack payload. Very simple. So let's demonstrate it.
In Radware, we understood way back that I would say, I must admit, we couldn't even estimate the growth and the exposure, but we established a security team dedicated for hunting those kinds of attacks. So first of all, we are now at the forefront of the research. Why? That's why, remember I told you in the beginning, I feel very confident Radware moving from our current waves into the AI area. Not just blah, blah, but real research backed by product and by attacks. So in June, eighteenth of June 2025, we attacked OpenAI. Attacked OpenAI deep research agent. We are talking of the most guarded agent in the world today, OpenAI. By third of September, they acknowledged, and we discovered we are not the only one to discover that new line, zero-click attacks.
Indirect prompt injection, a family which leads translates into zero-click attacks. Zero-click means you are not aware on anything, you don't click on anything, and whoop! Everyone steals your most important data. It's stolen not from your pocket, from the credit card pocket. Think of that, from the LLM provider. You don't know even. Completely silent. We demonstrated it at DLP. We called it ShadowLeak. It had the news, Bloomberg, everyone was part of it. So 3rd September, OpenAI admitted, corrected, told the world, "We fixed new guardrails, behavioral guardrails. Nobody can bypass." Well, the proof that guardrails are not enough took us, the research team, three weeks. We breached and bypassed the all guardrails of OpenAI. Guys, we are talking not on. We are talking on OpenAI. It's, it's really. This is, I would say, the most important, the most protected environment.
We bypassed it September 3rd, September 26th, and OpenAI fixed it in December 16th. But this time, we took another step. Another step is the proof point for unacceptable cyber risk, is done by a new attack called ZombieAgent. And that attack, much, much more dangerous than just DLP. We simply took over OpenAI environment by installing commands, malicious command, control commands into their agent, into the memory of the agent, which made the attack persistent attack. Remember the APT? Same APT, persistent attacks. Whenever we want, we can take over. This is a totally different generation of attacks, of capabilities, which were demonstrated by us, by Radware.
That obviously amplifies the Gartner warning with productivity comes unacceptable cyber risk, which makes us at Radware, and that's why I'm saying with confidence because of the research that we have done, to move from DDoS, application security, AI security. So it was not only manifested in research. We understood that the new AI agent risk require a completely new attitude, a new solution, a new approach, actually, and we went after that approach. So I think you saw from Connie already, we are moving after two areas. I will start with the Serve AI and then all, but simply make this very, very simple. Internet was designed for human, web was designed for human, and the web protocols is for human browsing the...
By the end of the year, this year, 60%-70% of the traffic will be generated, automated traffic generated by agents that are coming to shop, to browse, to crawl. So the internet is changing. It is adding a new frontier, not only serving human, but serving agent. This week, just an anecdote, Google announced WebMCP. I'm not going into that, but basically it's to serve agents. Well, if you serve agents, you need to protect against it, because agent can be malicious or legit. How do you know? You cannot do the Turing machine, the Turing Test between human and agent. It's now an agent and an agent. How do we know? We know by understanding who you are, what is your intent, and how do you behave. Once again, behavioral versus intent. It's a totally different playground.
I'm not going into that, but this is exactly the AI agent access control, the Serve AI. The other part is the agentic protection. Once again, we are running AI agent, we need to protect, as we say. And I think you saw it. I would like to go a little bit. This is exactly a new paradigm where we understood guardrails are essential and not enough. We demonstrated it over and over again. By the way, we didn't breach only OpenAI. There's another announcement, too, and now the gorilla that we breached. And with our penetration, our techniques, new techniques, I think we can breach most of them. We have the understanding how to do, and with that understanding, we designed the second pillar, the behavioral classifier. And this is the differentiation.
You have the no-no, the rule-based, and by the way, the rule-based brings us back 30 years ago, the early days of the firewalls. Basically, it's a firewall, but in this way, you cannot manage so many firewalls anywhere. You don't know how to program them all the time, and basically, you are looking on the new or what you know, and what we know is changing on literally a daily basis. What we know. Problem is what we don't know. That's why the second pillar is coming. It's totally driven, outcome-driven. I'm not going. But think of, I need to understand what is the outcome of the agent, not his input and output. That's the only thing I can tell. We have multiple patents on that, proven to show those kind of defeating the silent attacks. Those are the critical things here.
Those silent attacks that you saw before. The solution is designed to be platform-agnostic, can run it anywhere. Simply runs on the API from the platform. Customers will have multiple platforms, so we support today Microsoft Copilot, Foundry, Studio, AWS Bedrock, homegrown agents, and, you know, with more customers, the support will expand. So the key here to say, to remember in this one, it's a solution which is platform-agnostic. It has a behavioral piece for the silent attacks. Once again, like 18 years ago, the first generation of fuzzy logic engines that could detect and understand the attacks that no other one could see, that phase, that second layer is designed to do that in the AI space. The same culture, the same DNA, with more gray hair. There, that's it.
The idea, this is the culture, the traditional fraudware, and that's why we are prepared to the next generation. So once again, the three pillars. I'm going back to the three pillars. The three things I wanted you to remember: the security leadership, which is actually translated now into the agentic as well, the cloud-first, and the fact that we have a full-force innovation power right now unleashed in order-positioned to lead the new cyber war wave. With that, thank you very much.