F5 (NASDAQ: FFIV) announced the launch of the F5 AI Security Platform, a solution designed to give CISOs continuous visibility, governance, and protection for enterprise AI workloads. The launch is paired with the acquisition of SurePath AI, a company that specializes in network‑based AI discovery, intent classification, and shadow‑AI detection. By integrating SurePath AI’s technology, F5 aims to close the visibility gap that many security teams face when unsanctioned or “shadow” AI tools appear across the network. The combined offering is positioned as a unified, adaptive loop that governs, discovers, tests, and protects AI models, agents, and the APIs that connect them—whether those assets run on‑premises, in air‑gapped environments, private clouds, hybrid setups, or public clouds.
F5 AI Security Platform and SurePath AI Acquisition
The F5 AI Security Platform extends the company’s Application Delivery and Security Platform (ADSP) strategy to cover AI applications, models, agents, and the APIs that connect them. According to the announcement, the platform supports on‑premises, air‑gapped, private‑cloud, hybrid, and public‑cloud environments, addressing data‑residency and sovereignty requirements that many regulated enterprises consider non‑negotiable.
SurePath AI’s technology will power the platform’s network‑based AI discovery capability. The acquisition enables “passive” identification of AI usage across the enterprise—including unsanctioned or shadow AI—without requiring direct integration with each application. Deployment is described as “frictionless” through network redirects and out‑of‑band analysis, providing a unified visibility layer that detects unauthorized AI activity, classifies intent, and traces agent tool calls and MCP server connections.
Kunal Anand, F5’s Chief Product Officer, said, “Most AI security today is a wrapper around a chatbot. That is not security… The F5 AI Security Platform gives CISOs and security leaders what they have been missing: continuous control over every model, agent, and API, wherever the AI runs, delivered on the same F5 platform that has secured and delivered enterprise applications for three decades.”
How the Platform Fits Into Enterprise AI Security
The platform is built around four integrated pillars plus an overarching observability layer, creating a persistent security lifecycle rather than a one‑time compliance exercise:
- AI Governance – Translates risk tolerances, privacy rules, and regulatory obligations into enforceable boundaries for prompts, outputs, tool use, and data access.
- AI Discovery – Provides continuous visibility into every AI application, agent, and MCP tool call, classifying activity by use case and intent. SurePath AI’s network‑based discovery operates passively, eliminating the need for application‑level integration.
- AI Security Testing – Offers stress‑testing against more than 140,000 attack patterns from what F5 describes as the industry’s deepest AI threat database, converting findings into enforceable defenses before production rollout.
- AI Runtime Protection – Allows guardrails to be defined in plain language and deployed at the point of interaction. Independent testing reportedly shows up to 98.2% efficacy in blocking prompt injection, excessive agent autonomy, and data leakage.
- AI Observability – Generates a complete audit trail for every AI interaction, supporting the traceability required in regulated sectors.
F5’s assessment that AI systems now have “more access, autonomy, and speed than even the most over‑privileged human users” underpins each pillar. The company’s 2026 State of Application Strategy (SOAS) Report is cited to show that 88% of organizations face at least one AI‑related operational or security challenge, while 98% are preparing for agentic AI. These figures illustrate why a continuous loop of discovery, testing, and runtime protection is essential: prompt injection, data leaks, or agents acting beyond authorized scope can quickly expand the blast radius of an incident.
Operational Relevance for Security Leaders
For CISOs operating in highly regulated industries, the platform’s flexible deployment options are a central selling point. Because the solution can run in air‑gapped or sovereign environments, it aligns with strict data‑residency mandates. The network‑based discovery model requires no changes to existing application architectures, which may reduce implementation friction for large, heterogeneous IT estates.
The announcement emphasizes that the platform creates a “persistent security lifecycle rather than a one‑time compliance exercise.” By continuously discovering AI assets, testing them against a large threat database, and enforcing guardrails at runtime, the solution aims to reduce the “blast radius” of misconfigurations or exploits—especially as AI agents gain the ability to authenticate, call tools, and access data autonomously.
F5 also references an “AI Red Team” and “AI Guardrails” that will leverage the visibility and risk data supplied by SurePath AI. However, the company did not disclose pricing, specific integration timelines, or the size of the SurePath AI team that will be absorbed.
Key Takeaways
- F5 launched the AI Security Platform, extending its ADSP suite to cover AI workloads across on‑premises, air‑gapped, private‑cloud, hybrid, and public‑cloud environments.
- The platform incorporates SurePath AI’s network‑based AI discovery technology, enabling passive detection of both sanctioned and shadow AI without application‑level integration.
- F5 claims the platform can block prompt injection, excessive agent autonomy, and data leakage with up to 98.2% efficacy in independent testing and supports continuous governance, testing, and observability for AI systems.
TechInsyte's Take
The announcement signals F5’s move to address a growing gap in enterprise AI security, particularly around shadow AI and autonomous agents. While the platform’s breadth of coverage and passive discovery are notable, buyers will need to evaluate the maturity of the integrated threat database and the real‑world performance of the claimed 98.2% protection rate. Organizations should monitor upcoming detailed technical briefings and pilot programs to assess fit with existing security stacks and compliance regimes.
Source: Businesswire