GraphQL has become the API layer of choice for modern applications. Companies like GitHub, Shopify, and Meta run production GraphQL APIs serving billions of queries daily. The flexibility that makes GraphQL so powerful — single endpoint, client-driven queries, nested data fetching — also introduces attack vectors that traditional WAAP platforms were never designed to handle. Standard WAAPs do a decent job on the basics. They catch injection attacks in GraphQL arguments, apply rate limits at the HTTP level, and block known malicious IPs. But that leaves a dangerous blind spot: the content inside the query itself. The GraphQL Threat Model A GraphQL API exposes a single endpoint. Every query, mutation, and subscription funnels through /graphql . There's no URL-based routing to differentiate a cheap health check from a deeply nested resource drain. This makes signature-based WAF rules largely ineffective — the malicious payload is structurally valid GraphQL.…