The detection gap

WAF says “blocked a suspicious request” — was it real?

ADR confirms: the payload reached HikariProxyStatement.execute() and modified the SQL query. Verified exploit.

Scanner says “this app has a SQL injection vulnerability” — is it being exploited?

ADR confirms: this vulnerability was exploited 12 times in the last hour from 3 source IPs.

SIEM has no application-layer visibility — you’re blind between the load balancer and the database

ADR provides runtime telemetry: attack type, target function, payload, outcome, application name, environment