Migrating from Protect AI to middleBrick

Extract findings and metadata from Protect AI using their UI or API. Most platforms provide a download option for scan reports in JSON or CSV; locate the export button on the scan summary page and choose JSON for structured fields such as severity, endpoint, and recommendation. If you use the Protect AI API, call the list and detail endpoints with your authentication token to pull results programmatically. Save the raw JSON as a baseline file; this preserves timestamps, unique identifiers, and tags needed when mapping to middleBrick scan records.

Import your exported data to create a comparable dataset in middleBrick. The dashboard does not auto-import Protect AI results, so use the manual process: for each API, run a middleBrick scan and record the new scan ID and score. Use the CLI to automate repeated checks, for example:

middlebrick scan https://api.example.com/openapi.json --output json

Map Protect AI issue types to middleBrick categories, such as authentication misconfigurations or input validation, using the findings fields. Because middleBrick is a black-box scanner, some historical Protect AI test paths that required authenticated probes will need to be reconfigured in the dashboard when you add auth details for retesting.

Avoid broken builds while switching tools by coordinating the transition at a maintenance window or behind a feature flag. Keep the existing Protect AI CI gate active until the first middleBrick scan passes your quality threshold. Then update your CI pipeline to use the middleBrick GitHub Action, for example:

- name: MiddleBrick Scan
  uses: middlebrick/github-action@v1
  with:
    url: ${{ secrets.API_URL }}
    threshold: C
    fail_build: true

Ensure the pipeline passes only authenticated scans when required; use the Starter-tier authenticated flow with domain verification so credentials are not accepted from unauthorized domains. During transition, you may run both tools in parallel and compare scores to reduce false positives in enforcement.

You will lose native Protect AI runtime instrumentation and managed detection of business logic anomalies that depend on their execution context. middleBrick does not perform active SQL injection or command injection tests, nor does it detect blind SSRF via out-of-band channels. You will gain a purely black-box approach with no agents or SDKs, sub-minute scans, and a clear mapping to OWASP API Top 10 (2023), PCI-DSS 4.0, and SOC 2 Type II controls. The dashboard provides score trends, branded compliance PDFs, and webhook-driven alerts, while the CLI and MCP Server let you integrate scanning into AI tooling and custom workflows without proprietary dependencies.

Before decommissioning Protect AI, complete these steps: export and archive all scan reports, re-run critical endpoints in middleBrick with authentication where needed, update CI pipelines to use the new GitHub Action or MCP Server, validate that your score thresholds align with your risk policy, and notify stakeholders of the change. After cutover, schedule recurring Pro-tier rescans to maintain continuous monitoring, and use the diff engine to track new findings and regressions over time.