For all the benefits, efficiencies, and productivity enhancements that large language models (LLMs) have already brought to the enterprise landscape, no organization can afford to overlook the inherent threats posed by their deployment. The vulnerability of an organization’s attack surface increases as the number of tools on the system increases.
Hidden malicious code—any code embedded in a response that can harm the user’s device, data, or network—is one type of threat that is serious and growing more so over time. Such code can be used as the first step toward stealing sensitive information, installing malware, hijacking the user’s device or identity, or launching denial-of-service (DoS) or other attacks. Its ability to be camouflaged as legitimate content makes it all the more dangerous. LLM-related vectors for malicious code include:
- Exploiting vulnerabilities in the model to inject malicious code into responses.
- Deploying social engineering attacks that send users carefully crafted responses that appear to be legitimate, but that contain links to websites or files that spread malicious code.
- Using compromised APIs or third-party services that inject malicious code into responses.
In each of these scenarios, even employees who are well-versed in an organization’s Security Awareness Program protocols would have no way of knowing that their ordinary, routine interactions with the LLM allowed malware to enter their organization’s system. But once inside a network or other private system, malicious code can wreak havoc in many ways, such as:
- Data theft or manipulation: Code can be designed to steal or manipulate sensitive data, such as personal financial or customer information or intellectual property (IP). Once the data has been exfiltrated, the attacker can:
- Use the stolen data to commit identity theft or financial fraud, or disrupt markets.
- Sell the data or IP on the dark web.
- Publish it on the Internet for the world to see.
- All of the above.
- Service disruption: Malicious code can trigger malfunctions within corporate systems, resulting in service disruptions that can cause delays in processing customer or vendor interactions, slow decision-making, reduce efficiency, and damage business opportunities, all of which could lead to significant financial losses for the organization.
- Reputational damage: A successful malicious code attack via an LLM could harm the company’s reputation, resulting in loss of trust from customers, stockholders, regulators, partners, and other stakeholders and leading to long-term financial impacts.
AI and cybersecurity professionals know the first line of defense against digital intrusions is a strong, well-maintained perimeter, and the second is a strong employee education program. Deployed across the enterprise, F5 AI Guardrails‘ weightless, model-agnostic trust layer platform bridges the gap between those solutions by enabling secure use of generative AI (GenAI) solutions without requiring downtime for installation or training. Full observability allows security teams to know what is happening across models in real time, providing the ability to deflect and prevent internal and external attacks. Policy-based access controls enable admins to limit model access and usage at group and individual levels, ensuring costs can be monitored and controlled. Rate limits enable protections against model DoS attacks.
F5 AI Guardrails also provides protection at a granular level with a comprehensive suite of customizable scanners that review:
- Every LLM prompt for private, confidential, or otherwise exploitable content and prevent it from leaving the system.
- Every response for malicious code and other suspicious content and prevent it from entering the system.
All details of each interaction are recorded, including the prompt, response, user, date and time, and individual guardrail results, providing full auditability and attribution around activity, content, and cost in a secure, private environment.
F5 AI Guardrails allows the contemporaneous implementation of cyber and AI security practices, providing organizations a strong, secure option to engage in operations as usual while keeping its people, property, and processes safe from AI-driven risk.
Click here to schedule a demo of our GenAI security and enablement platform.
About the Author
Related Blog Posts
The hidden cost of unmanaged AI infrastructure
AI platforms don’t lose value because of models. They lose value because of instability. See how intelligent traffic management improves token throughput while protecting expensive GPU infrastructure.
AI security through the analyst lens: insights from Gartner®, Forrester, and KuppingerCole
Enterprises are discovering that securing AI requires purpose-built solutions.
F5 secures today’s modern and AI applications
The F5 Application Delivery and Security Platform (ADSP) combines security with flexibility to deliver and protect any app and API and now any AI model or agent anywhere. F5 ADSP provides robust WAAP protection to defend against application-level threats, while F5 AI Guardrails secures AI interactions by enforcing controls against model and agent specific risks.
Govern your AI present and anticipate your AI future
Learn from our field CISO, Chuck Herrin, how to prepare for the new challenge of securing AI models and agents.
F5 recognized as one of the Emerging Visionaries in the Emerging Market Quadrant of the 2025 Gartner® Innovation Guide for Generative AI Engineering
We’re excited to share that F5 has been recognized in 2025 Gartner Emerging Market Quadrant(eMQ) for Generative AI Engineering.
Self-Hosting vs. Models-as-a-Service: The Runtime Security Tradeoff
As GenAI systems continue to move from experimental pilots to enterprise-wide deployments, one architectural choice carries significant weight: how will your organization deploy runtime-based capabilities?