Following React2Shell, we had the privilege of working with the world's best security researchers on strengthening our network and runtime defenses. WAFs are broadly considered a 🩹 "bandaid" because they can be trivial to bypass, or have no insight into application and framework level protocols. Not only did we mitigate an extraordinarily broad range of attacks, we taught our WAF to understand the Flight protocol, and shipped defense-in-depth mechanisms to patch our compute layer automatically. In other words, even if you bypassed our WAF, our customers were protected. As a result of this incident, we now have the infrastructure in place to mitigate extremely complex and sophisticated CVEs. React2Shell is informing design improvements to our Firewall and Fluid that we think will push the frontier of defensive cybersecurity.
We paid $1 million to hackers to harden our firewall defenses. Today we're telling the story of how we strengthened our WAF, disclosing a runtime mitigation layer for the first time, and how we partnered with @Hacker0x01 to defend against React2Shell. vercel.com/blog/our-milli…