Wallarm Subscription Plans¶
Wallarm AI Control Platform covers AI security and API security across cloud-native and multi-cloud environments through four products โ Wallarm API Security, Wallarm Infrastructure Discovery, Wallarm AI Hypervisor, and Wallarm API Security Testing. Each product has its own subscription model. This page describes the plans available across all four. Choose the set of functionality that best suits your needs.
Core subscription plans¶
Cloud Native WAAP - WAAP (Web Application & API Protection) subscription provides web applications and APIs with protection against common threats such as SQLi, XSS, brute force, etc. It supports all API protocols but does not cover some specific API threats.
WAAP + Advanced API Security. This bundle enhances general WAAP capabilities with comprehensive API Security tools to cover all OWASP API Top-10 threats.
Security Testing. This bundle helps you proactively uncover security vulnerabilities in your applications and APIs before attackers do.
| Feature | WAAP | WAAP + API Security | Security Testing |
|---|---|---|---|
| Real-time protection | |||
| DDoS protection (L7) | Yes | Yes | No |
| Geo/source filtering | Yes | Yes | No |
| IP reputation feeds | Yes | Yes | No |
| Attack stamps (SQLi, XSS, SSRF, etc.) | Yes | Yes | No |
| Customer defined signatures | Yes | Yes | No |
| Virtual patching | Yes | Yes | No |
| Brute force protection | Yes | Yes | No |
| Forced browsing protection | Yes | Yes | No |
| Distributed rate limiting | Yes | Yes | No |
| BOLA protection | Manual triggers | Mitigation control | No |
| API Abuse Prevention (bot management) | No | Yes | No |
| Credential Stuffing Detection | No | Yes | No |
| API Specification Enforcement | No | Yes | No |
| GraphQL security policies | No | Yes | No |
| Enumeration attack protection | No | Yes | No |
| Mitigation controls | No | Yes | No |
| MCP mitigation controls | No | Yes | No |
| API protocol support | |||
| Legacy (SOAP, XML-RPC, WebDAV, WebForm) | Yes | Yes | No |
| Mainstream (REST, GraphQL) | Yes | Yes | No |
| Modern and streaming (gRPC, WebSocket) | Yes | Yes | No |
| Security posture | |||
| API Attack Surface Management (AASM) | No | Yes | No |
| Vulnerability assessment | Yes | Yes | No |
| API Sessions | No | Yes | No |
| MCP Sessions | No | Yes | No |
| API Discovery | No | Yes | No |
| MCP server discovery | No | Yes | No |
| Sensitive data detection | No | Yes | No |
| Rogue API Detection (shadow, zombie) | No | Yes | No |
| BI Dashboards | No | Yes | No |
| Security testing | |||
| Threat Replay Testing | No | Yes | Yes, with API Security |
| Schema-Based Security Testing | No | No | Yes |
| Additional options | |||
| Self-hosted Node deployment | All | All | No |
| Security Edge | No | No | No |
| Integrations | All | All | All |
| Number of users | Unlimited | Unlimited | Unlimited |
| SSO authentication | Yes | Yes | Yes |
| Role-based access control (RBAC) | Yes | Yes | Yes |
| Multi-tenant | Yes (by request) | Yes (by request) | Yes (by request) |
| Period of event storage | 6 month | 6 month | 6 month |
| Support | Standard/ Advanced/ Platinum |
Standard/ Advanced/ Platinum |
Standard/ Advanced/ Platinum |
To activate the subscription plan, contact sales@wallarm.com.
Wallarm Infrastructure Discovery¶
Wallarm Infrastructure Discovery is available on AWS only. It provides cross-account AWS asset discovery, surfaces shadow AI within minutes of deployment, and makes findings from native AWS security services (Security Hub, GuardDuty, Inspector, Macie, IAM Access Analyzer) actionable on a single relationship graph.
Infrastructure Discovery is procured through the AWS Marketplace listing. The listing describes all available plans โ including the free tier and paid tiers โ and is the entry point for self-service signup.
Wallarm AI Hypervisor¶
Wallarm AI Hypervisor is available on AWS only and deploys on Amazon EKS. It instruments AI workloads at runtime with no application code changes, enforces policy inline at the connection level, and produces continuous compliance evidence โ coverage heatmap, AI software bill of materials (AI-SBOM), session audit logs, and sensitive data flow records.
AI Hypervisor follows a separate onboarding flow with the Wallarm team. There is no self-service signup, free tier, or in-Console activation โ AI Hypervisor is managed on a separate domain and is not configured through Wallarm Console.
To get access, contact sales@wallarm.com. Sales will scope your deployment (EKS clusters, model providers, compliance framework targets such as EU AI Act or SOC 2) and provision access.
See the AI Hypervisor overview for product details.
API Attack Surface¶
Variants: Core (Free), Enterprise (Paid) - see comparison here.
Relations to other plans
This subscription plan:
- Is included into Advanced API Security plan
- Can be added to Cloud Native WAAP plan
- Can be used alone (no other plans or filtering node required)
The API Attack Surface subscription plan provides a comprehensive view of publicly exposed APIs and related information with zero deployment and minimal configuration.
The subscription plan provides the API Attack Surface Management (AASM) product which includes:
To activate the subscription plan, do one of the following:
-
If you do not have Wallarm account yet, get pricing information and activate AASM on the Wallarm's official site here.
When activating, scanning of the used email's domain starts immediately while you negotiate sales team. After activation, you can add additional domains to the scope.
-
If you already have Wallarm account, contact sales@wallarm.com.
Rogue MCP¶
Relations to other plans
This subscription plan:
- Can be added to any core subscription plan
- Can be used alone (no other plans or filtering node required)
The Rogue MCP subscription plan provides access to the extended functions of Wallarm's MCP server, including API Security Testing via Postman.
Free features
Rogue MCP Inspection โ auditing local MCP servers for supply-chain risks and excessive privileges โ is always free and does not require a subscription or API key.
To activate this subscription:
-
New users: register and subscribe at roguemcp.wallarm.com.
-
Existing users: contact Wallarm Support to get the subscription added to your account.
Security Edge (Paid Plan)¶
Relations to other plans
This subscription plan:
- Can be added to Cloud Native WAAP or Advanced API Security plan
- Cannot be used alone
The Security Edge subscription plan allows you to deploy the Wallarm node on the managed environment, eliminating the need for onsite installation and management.
With Wallarm handling node hosting and maintenance, you can focus on your core infrastructure while benefiting from robust traffic filtering, attack detection, and secure communication - all backed by Wallarm.
Available Security Edge deployments include:
To inquire about this subscription, please contact sales@wallarm.com.
Security Edge Free Tier¶
For smaller companies and educational purposes, Wallarm offers the option to create a Security Edge Free Tier account yourself. You can choose the Wallarm cloud that best suits your storage preferences:
The Security Edge Free Tier account allows:
-
Security Edge functionality, with some feature limitations.
-
Process up to 500 thousand requests per month with no limitation in time.
-
Access to the Wallarm platform as Advanced API Security, except for the following:
- Vulnerability assessment
- API Abuse Prevention
- Limited to 3 users per company account
- Telemetry portal of Security Edge
- Multi-cloud Security Edge deployment
-
Utilize the abilities of Schema-Based Security Testing
If a Free Tier account exceeds 100% of the monthly quota, your access to the Wallarm Console is disabled, along with all integrations. When reaching 200%, protection on your Wallarm nodes is disabled. These restrictions will be in effect until the first day of the next month.
To remove all restrictions, contact sales@wallarm.com.