In today's complex cybersecurity landscape, it is increasingly challenging to protect against sophisticated attacks. WAF is already critical to application security when deployed at the edge, including as a fast patch mechanism for zero-day exploits. But it's now possible, using Wasm plugins in the data plane, to inject WAF transparently at PEPs around individual services as part of a Zero Trust Architecture where security policy is enforced at every hop. Deploying WAF close to workloads can help organizations improve their overall security posture and reduce the likelihood of successful cyberattacks. In this talk, I will explore how Wasm can be used to deploy WAF deeper in the network, not just at the application edge. We'll also discuss compliance requirements for sensitive applications, such as PCI DSS which will demand WAF deployment by 2025. We'll explain how open-source WAFs can help meet these requirements and provide peace of mind for organizations handling sensitive data.