Forbes: WAFs Are Broken and Everyone Knows It
Forbes argues WAFs are broken because security teams are afraid to touch the rules. Huskeys launches with $8M to build a control plane on top of existing WAF infrastructure. The management layer is the real problem, not the firewalls themselves.
The management layer is the problem
A Forbes article published this week argues that WAFs are fundamentally broken, and that security teams have essentially given up on them. The argument is not that the enforcement layer is bad. The firewalls themselves work. The problem is the management layer on top: how rules are written, maintained, and adjusted as applications change.
The pattern is the same everywhere. A company deploys Cloudflare or AWS WAF or Akamai, then pays those same vendors an additional fee to have someone else configure it. The tool exists. The organizational capacity to use it effectively does not.
Huskeys raises $8M for Edge Security Management
Huskeys Security launched this week with $8 million in seed funding to tackle this exact problem. Rather than replacing existing WAFs, the company built what it calls an Edge Security Management platform. It sits on top of existing infrastructure from providers like Cloudflare, AWS WAF, and Akamai, handling the rule management that organizations cannot staff internally.
The platform uses AI to abstract provider-specific syntax, enrich it with organizational context, and continuously optimize rules and policies. Early customers include TikTok, Merlin Entertainments, and Hugging Face. In one case study, Huskeys identified overly aggressive vendor-managed WAF rules that were blocking legitimate customers from completing purchases, restoring millions in revenue.
The AI angle has limits
Applying AI to WAF management sounds obvious, but the article raises valid concerns. Not every phase of WAF management needs the same kind of AI. Some is pattern matching, some is generative, some is agentic. Applying the wrong approach to the wrong phase does not help. And WAFs handle real traffic with real user data. Routing that data through third-party AI models raises data residency and regulatory questions that regulated industries will not ignore.
WAFplanet take
The core argument is right. Most organizations treat their WAF as a set-and-forget deployment. The security team is afraid to touch the rules because the risk of blocking legitimate traffic outweighs the risk of leaving gaps. That is a broken operational model, not a broken technology.
Whether Huskeys specifically is the answer remains to be seen. Layering a control plane on top of Cloudflare, AWS WAF, Imperva, or Fastly is a smart architectural bet. But 30 CISOs investing personal capital is a stronger signal than the $8M itself. These are practitioners betting their own money that the WAF management problem is real and unsolved. That is worth paying attention to.
