Govern your AI present and anticipate your AI future

Chuck HerrinField CISO

We often hear AI described as the most enthusiastic intern you’ve ever had. It’s tireless and creative, and it sometimes makes things up or gets convinced it knows better than you. Many enterprises trust AI models and the applications that use them with sensitive data and critical workflows before we’ve put the right guardrails in place. That is a recipe for brand damage, compliance exposure, and a lot of late nights for frustrated security teams, who often don’t even know that a new model went live or was exposed for usage until after the fact.

This approach must change, and we’re going to change it. Over the past few months, we at F5 shared two key milestones in our AI security journey. First, following the acquisition of CalypsoAI, we released two new products, F5 AI Guardrails and F5 AI Red Team, to bring advanced AI security to large enterprises. Second, we laid out how to secure AI models and agents without compromise. Today, I want to connect those dots to show how these moves help F5 customers adopt AI with confidence, speed, and most importantly without trade-offs. It’s time to innovate with confidence, and for security teams, it’s time to get very fast at pinpointing vulnerabilities.

Our recent analysis of how security teams feel about AI revealed many concerns. Three additional truths that stand out:

1. 71% of security professionals are most concerned about exposure from internal misuse or model behavior.
2. Concerns about AI model misuse exceed worries about malicious abuse by 134%.
3. Of security teams’ data security concerns, 52% revolve around shadow AI usage and sensitive data disclosures to LLMs.

In other words, of course external attackers matter, but the day-to-day risks SecOps teams worry about most stem from (usually) well-meaning users, overconfident models, and fragmented or missing controls. This real-world data is why we’re so focused on runtime security and policy enforcement because runtime is where risk actually manifests in prompts, responses, tools, and agent actions.

What F5’s focus on AI Security means for customers

Given the ferocious pace of AI adoption, we are accelerating F5’s vision to provide comprehensive, model-agnostic security for AI apps, models, agents, and data, from pilot to production. We are doing that by bringing two important and complementary products into the F5 Application Delivery and Security Platform (ADSP):

• F5 AI Guardrails: A runtime security and governance plane that inspects, governs, and protects prompts, responses, and agent/tool actions across any model or provider. It empowers teams to detect and prevent data leakage, moderate harmful or biased outputs, and enforce least privilege for models and agents, all without breaking the user experience.
• F5 AI Red Team: AI-specific red team capabilities with large-scale adversarial testing to continuously exercise your AI systems with thousands of attack patterns and over 10,000 new attack prompts added every single month. This continuously improving set of tests covers prompt injection, jailbreaks, model distillation, data exfiltration, and more, and delivers detailed, audit-ready logs and fingerprints.

The feedback loop is where the magic happens

Insights and findings from testing translate directly into dynamic protections—active guardrails. That means your defenses evolve alongside emerging threats and system changes—no waiting for a quarterly review or a vendor patch cycle. The better the tests get, the better your protection gets, month-in and month-out.

This approach is critically important to keep pace with the continuous iteration of threat actors, who recently fully automated development of exploit code from CVE findings using AI. We must use AI to defend against AI-powered attacks; otherwise, the asymmetry is just too great. This continuous improvement will become the hallmark of AI-powered defense, and F5 is embracing this methodology and integrating it directly into F5 ADSP.

Effective AI without compromising security

In our recent blog, Securing AI models and agents without compromise, we argued you shouldn’t have to choose between user experience, speed, and safety. Easy to say, but how we operationalize that promise is by delivering the following:

1. Consistency across any model or cloud. Models will change, providers will change, your guardrails shouldn’t. F5 delivers uniform policies across a hybrid, multi-model world—including on-premises deployments and open-source model options.
2. Low-latency protection by design. Failover avoidance keeps experiences fast and resilient, even as security policies are enforced in-line.
3. Compliance that’s baked in, not bolted on. Preset and custom auditing templates for compliance mandates like the General Data Protection regulation (GDPR), HIPAA, and the EU AI Act, with end-to-end observability and third-party SIEM/SOAR integrations, make evidence collection easy, repeatable, and reliable.

What to expect with F5’s new chapter in AI security

You already know F5 for our ability to keep applications fast, available, and safe. AI security slots into that existing fabric. The next chapter of AI security mitigates and illuminates risks from all directions. Combat new adversarial threats like prompt injection, jailbreaks, model distillation, and data exfiltration attempts with agentic threat intelligence that learns from 10,000+ new attack prompts each month. Detect and prevent sensitive data disclosures to public and private LLMs in real time and enforce DLP and access policies aligned with your data classifications.

Finally, govern responsible AI usage by moderating harmful or biased outputs, enforcing role-based and context-aware privileges for models and agents, and applying risk assessment frameworks across public and in-house models. Throughout all these safeguards, you can simplify observability with centralized visibility and traceability across all AI interactions, with detailed logs, agentic fingerprints, and integrations into your existing SIEM/SOAR to reduce noise and increase signal.

Addressing today’s pitfalls head-on

Depending solely on frontier model protections is risky. Adversaries target them first, and your risk spans far beyond any one provider. Disparate point tools amplify noise and introduce blind spots. And black-box “AI-powered” magic isn’t governance. You need transparent, human-in-the-loop controls, with audit-ready evidence and policies you can explain to regulators and your board.

If you’re just getting started with AI, begin where the risk is highest—shadow AI discovery, sensitive data protection, or adversarial testing—and expand from there. If you’re already in production, map your agent toolchains and data flows, then apply least privilege and runtime guardrails at the boundaries.

Bringing it all together

F5 AI Guardrails and F5 AI Red Team accelerate F5’s mission to deliver the most comprehensive platform for securing AI. They align with our commitment to secure models and agents without compromise, and they’re aimed at addressing the challenges SecOps is actually facing on the ground. The AI attack surface evolves every day. With these new capabilities, you get adaptive runtime protection and agentic threat intelligence that keep pace—protecting your models, agents, and data from pilot to production.

Bring your models —we’ll show model-agnostic protections across your stack. To learn more, watch our recent video.

About the Author

Chuck HerrinField CISO

Chuck Herrin is a Field CSO with F5.

More blogs by Chuck Herrin