Radware Launches a New End-to-End API Security Service Delivering Runtime Protection and Posture Management of APIs

Rhea-AI Summary

Radware (NASDAQ: RDWR) announced the Radware API Security Service on Jan 20, 2026, a stand-alone and portfolio-integrated solution that provides end-to-end API protection using real-time production traffic.

Features include continuous API discovery, runtime posture management, business logic protection, coverage for the OWASP Top 10 API risks, and defenses against Layer 7 and HTTPS DDoS attacks, with an AI-driven approach to reduce false positives and support Dev, Sec, and DevSecOps collaboration.

Key Figures

Share price: $24.03 Market cap: $1,043,727,719 Shares outstanding: 42,554,602 shares +5 more

8 metrics

Share price $24.03 Pre-news current price for RDWR

Market cap $1,043,727,719 Equity value before API security launch news

Shares outstanding 42,554,602 shares Total shares outstanding cited in Jan 9, 2026 Form 144

Planned insider sale 53,678 shares Roy Zisapel intended sale per Jan 9, 2026 Form 144

Aggregate value of planned sale $1,309,743.20 Indicated market value for 53,678 shares in Jan 9, 2026 Form 144

OWASP API risks Top 10 Radware API Security Service covers OWASP Top 10 API Security Risks

52-week range $18.4565 – $31.5719 RDWR trading between these levels over last 52 weeks

Relative volume 0.72x Today’s volume vs 20-day average before the API launch news

Market Reality Check

Price: $24.03 Vol: Volume 205,312 vs 20-day ...

normal vol

$24.03 Last Close

Volume Volume 205,312 vs 20-day average 284,700 (relative volume 0.72x), suggesting limited pre-news activity. normal

Technical Shares at 24.03, trading below the 200-day MA of 24.91, indicating a weaker pre-news trend.

Peers on Argus

RDWR was down 2.48% while close peers were mixed: RPD -5.18%, ATEN -1.65%, VRNT ...

RDWR was down 2.48% while close peers were mixed: RPD -5.18%, ATEN -1.65%, VRNT +0.05%, YEXT +1.06%, TIXT 0%, pointing to stock-specific rather than broad sector pressure.

Historical Context

5 past events · Latest: Jan 08 (Neutral)

Pattern 5 events

Date	Event	Sentiment	Move	Catalyst
Jan 08	Security vulnerability	Neutral	-1.4%	Disclosure of ZombieAgent zero-click AI agent vulnerability and planned research.
Jan 07	Earnings scheduling	Neutral	+1.5%	Announcement of Q4 and full-year 2025 results date and conference call.
Jan 06	Capacity expansion	Positive	-0.5%	Doubling global cloud security mitigation capacity to 30 Tbps and network expansion.
Dec 23	AGM results	Neutral	-0.5%	Shareholders approved most AGM proposals; one compensation proposal failed.
Dec 22	Customer win	Positive	+1.8%	Announcement of multi-year, multimillion-dollar DefensePro DDoS deal with SaaS customer.

Pattern Detected

Recent product and security infrastructure announcements often saw modest or negative next-day reactions, while commercial wins drew more positive moves.

Recent Company History

Over the past months, Radware reported several security and business milestones. On Dec 22, 2025, a multi-year, multimillion-dollar DDoS customer win saw shares rise 1.84%. A capacity doubling to 30 Tbps on Jan 6, 2026 was followed by a -0.54% move. Disclosure of the ZombieAgent AI vulnerability on Jan 8, 2026 coincided with a -1.39% reaction. Earnings call scheduling on Jan 7, 2026 and AGM results in late December produced relatively small, mixed price changes.

Market Pulse Summary

This announcement adds an end-to-end API Security Service to Radware’s portfolio, emphasizing runtim...

Analysis

This announcement adds an end-to-end API Security Service to Radware’s portfolio, emphasizing runtime protection, automated API discovery, and coverage of OWASP Top 10 API Security Risks. In recent months, the company has highlighted cloud capacity expansion to 30 Tbps, new customer wins, and upcoming earnings. Investors may watch adoption of the new service, any quantified revenue impact in future reports, and how it complements existing DDoS and application security offerings.

Key Terms

api, devsecops

2 terms

api technical

"designed to protect APIs throughout their entire lifecycle using real-time..."

An API, or Application Programming Interface, is a set of rules that allows different software programs to communicate and work together smoothly, much like a waiter translating your order into the kitchen and then bringing your meal back. For investors, APIs are important because they enable real-time access to financial data, trading systems, and other digital services, making it easier to make informed decisions quickly and efficiently.

devsecops technical

"A single portal for Dev, Sec, and DevSecOps teams that simplifies..."

DevSecOps is the practice of building security checks into the whole software creation and delivery process instead of treating security as a separate step at the end. For investors, it matters because products that find and fix vulnerabilities earlier tend to ship faster, cost less to maintain, and carry lower risk of damaging breaches or regulatory fines — much like installing quality and safety checks on a car while it’s being assembled rather than after it leaves the factory.

AI-generated analysis. Not financial advice.

New solution unifies API discovery, posture management, business logic defense, and multi-vector runtime protection in a single platform

MAHWAH, N.J., Jan. 20, 2026 (GLOBE NEWSWIRE) -- Radware^® (NASDAQ: RDWR), a global leader in application security and delivery solutions for multi-cloud environments, today announced the launch of its Radware API Security Service, a full, end-to-end solution designed to protect APIs throughout their entire lifecycle using real-time production traffic. Radware API Security Service offers APIs advanced protection against the OWASP Top 10 API Security Risks, including sophisticated Layer 7 DDoS attacks.

As enterprises accelerate digital transformation, APIs now power most modern applications—but they also create major security blind spots. API security tools often generate large numbers of theoretical alerts without showing real risk, making it hard for teams to know what to fix first. Gaps in API discovery leave shadow APIs and third-party integrations unprotected, while limited runtime visibility makes it difficult to detect and stop complex business logic attacks as they happen.

Radware’s new API Security Service addresses these challenges by delivering continuous runtime visibility, posture management, and protection—providing security teams with a real-time, high-fidelity view of actual API risk based on live production traffic.

“APIs are dynamic, business-critical, and increasingly targeted—but most security approaches are still static,” said Haim Zelikovsky, vice president, cloud security business at Radware. “Radware’s API Security Service redefines API protection by continuously analyzing real traffic to identify real risk, automatically block real attacks, and help organizations reduce noise, shorten MTTR, and meet regulatory requirements with confidence.”

Runtime API Security Designed for Real-World Threats

Radware’s API Security Service delivers unified, end-to-end runtime protection across the API lifecycle—combining continuous discovery, posture management, analytics, and active defense in a single platform.

Key capabilities include:

• Runtime Posture Management – Real-time analysis of live production traffic identifies actual risks and prioritizes remediation based on active threats and attacker intent.
• Business Logic Protection – Automatically maps API workflows and detects and blocks sophisticated business logic attacks in runtime.
• Complete Runtime Protection – Full coverage of the OWASP Top 10 API Security Risks, including bot, embedded, client-side, and HTTPS DDoS attacks targeting APIs.
• Automated API Discovery and Visibility – Continuous discovery of all APIs, including shadow and third-party APIs, with full visibility into inventories, schemas, usage, and workflows.
• Unified Platform and Compliance – A single portal for Dev, Sec, and DevSecOps teams that simplifies collaboration and supports regulatory requirements, while reducing complexity and total cost of ownership.
  
  

Purpose Built for Enterprise API Security at Scale

The Radware API Security Service is designed to meet the needs of CISOs, security operations teams, and DevSecOps organizations seeking complete API visibility, strong runtime protection, and measurable risk reduction. AI-driven detection is designed to minimize false positives, while adaptive, behavior-based protection is designed to prevent disruption to legitimate API traffic —even during large-scale HTTPS DDoS attacks.

The Radware API Security Service is generally available and officially launches today as a stand-alone solution, as well as part of Radware’s broader application security and management portfolio.

For more information, visit www.radware.com.

About Radware
Radware^® (NASDAQ: RDWR) is a global leader in application security and delivery solutions for multi-cloud environments. The company’s cloud application, infrastructure, and API security solutions use AI-driven algorithms for precise, hands-free, real-time protection from the most sophisticated web, application, and DDoS attacks, API abuse, and bad bots. Enterprises and carriers worldwide rely on Radware’s solutions to address evolving cybersecurity challenges and protect their brands and business operations while reducing costs. For more information, please visit the Radware website.

Radware encourages you to join our community and follow us on: Facebook, LinkedIn, Radware Blog, X, and YouTube.

©2026 Radware Ltd. All rights reserved. Any Radware products and solutions mentioned in this press release are protected by trademarks, patents, and pending patent applications of Radware in the U.S. and other countries. For more details, please see: https://www.radware.com/LegalNotice/. All other trademarks and names are property of their respective owners.

Radware believes the information in this document is accurate in all material respects as of its publication date. However, the information is provided without any express, statutory, or implied warranties and is subject to change without notice.

The contents of any website or hyperlinks mentioned in this press release are for informational purposes and the contents thereof are not part of this press release.

Safe Harbor Statement
This press release includes “forward-looking statements” within the meaning of the Private Securities Litigation Reform Act of 1995. Any statements made herein that are not statements of historical fact, including statements about Radware’s plans, outlook, beliefs, or opinions, are forward-looking statements. Generally, forward-looking statements may be identified by words such as “believes,” “expects,” “anticipates,” “intends,” “estimates,” “plans,” and similar expressions or future or conditional verbs such as “will,” “should,” “would,” “may,” and “could.” For example, when we say in this press release that our API Security Service automatically blocks real attacks, and helps organizations reduce noise, we are using forward-looking statements. Because such statements deal with future events, they are subject to various risks and uncertainties, and actual results, expressed or implied by such forward-looking statements, could differ materially from Radware’s current forecasts and estimates. Factors that could cause or contribute to such differences include, but are not limited to: the impact of global economic conditions, including as a result of the state of war declared in Israel in October 2023 and instability in the Middle East, the war in Ukraine, tensions between China and Taiwan, financial and credit market fluctuations (including elevated interest rates), impacts from tariffs or other trade restrictions, inflation, and the potential for regional or global recessions; our dependence on independent distributors to sell our products; our ability to manage our anticipated growth effectively; our business may be affected by sanctions, export controls, and similar measures, targeting Russia and other countries and territories, as well as other responses to Russia’s military conflict in Ukraine, including indefinite suspension of operations in Russia and dealings with Russian entities by many multi-national businesses across a variety of industries; the ability of vendors to provide our hardware platforms and components for the manufacture of our products; our ability to attract, train, and retain highly qualified personnel; intense competition in the market for cybersecurity and application delivery solutions and in our industry in general, and changes in the competitive landscape; our ability to develop new solutions and enhance existing solutions; the impact to our reputation and business in the event of real or perceived shortcomings, defects, or vulnerabilities in our solutions, if our end-users experience security breaches, or if our information technology systems and data, or those of our service providers and other contractors, are compromised by cyber-attackers or other malicious actors or by a critical system failure; our use of AI technologies that present regulatory, litigation, and reputational risks; risks related to the fact that our products must interoperate with operating systems, software applications and hardware that are developed by others; outages, interruptions, or delays in hosting services; the risks associated with our global operations, such as difficulties and costs of staffing and managing foreign operations, compliance costs arising from host country laws or regulations, partial or total expropriation, export duties and quotas, local tax exposure, economic or political instability, including as a result of insurrection, war, natural disasters, and major environmental, climate, or public health concerns; our net losses in the past and the possibility that we may incur losses in the future; a slowdown in the growth of the cybersecurity and application delivery solutions market or in the development of the market for our cloud-based solutions; long sales cycles for our solutions; risks and uncertainties relating to acquisitions or other investments; risks associated with doing business in countries with a history of corruption or with foreign governments; changes in foreign currency exchange rates; risks associated with undetected defects or errors in our products; our ability to protect our proprietary technology; intellectual property infringement claims made by third parties; laws, regulations, and industry standards affecting our business; compliance with open source and third-party licenses; complications with the design or implementation of our new enterprise resource planning (“ERP”) system; our reliance on information technology systems; our ESG disclosures and initiatives; and other factors and risks over which we may have little or no control. This list is intended to identify only certain of the principal factors that could cause actual results to differ. For a more detailed description of the risks and uncertainties affecting Radware, refer to Radware’s Annual Report on Form 20-F, filed with the Securities and Exchange Commission (SEC), and the other risk factors discussed from time to time by Radware in reports filed with, or furnished to, the SEC. Forward-looking statements speak only as of the date on which they are made and, except as required by applicable law, Radware undertakes no commitment to revise or update any forward-looking statement in order to reflect events or circumstances after the date any such statement is made. Radware’s public filings are available from the SEC’s website at www.sec.gov or may be obtained on Radware’s website at www.radware.com.

Media Contact:

Gina Sorice
Radware
GinaSo@radware.com

FAQ

What did Radware (RDWR) announce on January 20, 2026 about API security?

Radware announced the Radware API Security Service, a full end-to-end API protection platform using live production traffic for discovery, posture management, and runtime defense.

Which API threats does Radware's new RDWR service protect against?

The service covers the OWASP Top 10 API Security Risks, including business logic attacks, bot attacks, embedded/client-side threats, and Layer 7/HTTPS DDoS attacks.

Is the Radware API Security Service (RDWR) generally available and how is it offered?

Yes; the service is generally available as of Jan 20, 2026 and is offered both as a stand-alone solution and within Radware's broader application security portfolio.

How does Radware (RDWR) detect real API risk instead of theoretical alerts?

It analyzes live production traffic for continuous runtime visibility and prioritizes remediation based on active threats and attacker intent to reduce noise and false positives.

What enterprise teams is Radware's API Security Service designed for?

The service targets CISOs, security operations, and DevSecOps teams needing full API visibility, runtime protection at scale, and tools to support regulatory compliance.

Does Radware's RDWR API Security Service include automated API discovery?

Yes; it provides continuous discovery of all APIs, including shadow and third-party APIs, with inventories, schemas, usage, and workflow visibility.