AI WAF Anomaly

Pro

Detect and mitigate zero-day vulnerabilities, API abuse, and complex injection attacks using localized machine learning models.

How Anomaly Detection Works

Standard WAFs rely on signatures (such as regex rules) to block known attack vectors like OWASP Top 10. However, novel attacks, custom prompt injection techniques for LLM endpoints, and subtle API exploitation bypass static signature checks.

AI WAF Anomaly establishes a baseline of your normal API requests (path structures, parameter types, content lengths, headers). Requests with anomalous parameters trigger a threat score. If the threat score exceeds your threshold, the request is flagged, challenged, or blocked.

Dashboard Setup & Configuration

You can configure the AI WAF Anomaly engine directly inside the EdgeWrap Dashboard:

  1. Navigate to your project in the dashboard at https://app.edgewrap.pro.
  2. Go to the Security page and select the WAF tab.
  3. Scroll down to the AI Security section.
  4. Toggle the AI Anomaly Scanning switch to Enabled.
  5. Define the anomalous score thresholds and enable the prompt injection shields as required.
  6. Click Save Settings.

API Configuration

Alternatively, you can manage the AI Anomaly detection settings programmatically:

ParamTypeDescription
aiAnomalyEnabledbooleanEnable or disable machine learning anomaly scanning.(default: false)
aiAnomalyThresholdnumberAnomalous threshold score (0.00 to 1.00) above which requests are blocked.(default: 0.85)
promptInjectionEnabledbooleanSpecifically enable natural language prompt injection scanner (ideal for LLM gateway endpoints).(default: false)
Enable AI WAF Anomaly detection via API
curl -X PATCH https://server.edgewrap.pro/v1/projects/prj_01jxyz/waf/config \
  -H "Authorization: Bearer <your_session_token>" \
  -H "Content-Type: application/json" \
  -d '{
    "aiAnomalyEnabled": true,
    "aiAnomalyThreshold": 0.80,
    "promptInjectionEnabled": true
  }'
Warning: AI anomaly scanning adds approximately 3–5ms to request processing. If your API requires ultra-low response latencies, test in sandbox mode first before enforcing blocks.