Securing AI Models and agents without compromise: How F5’s acquisition of CalypsoAI will deliver end-to-end AI runtime protection

Managing cybersecurity in an AI world is more challenging than ever. As enterprises rapidly embrace generative and agentic AI tools, they face growing risks such as prompt injection attacks, data leakage, and compliance challenges. The dynamic and highly interconnected nature of AI applications, models, and APIs is expanding the attack surface, heightening regulatory scrutiny, and introducing operational blind spots.

Traditional point solution security tools struggle to keep pace with the complex and evolving AI threat landscape. Enterprises are tasked with integrating these powerful tools into their operations while ensuring compliance, safeguarding sensitive data, and avoiding operational delays—all at unprecedented pace and scale.

At F5, we believe securing AI workflows doesn’t mean sacrificing speed, user experience, or scalability. That’s why we’re excited to announce the acquisition of CalypsoAI, a pioneer in enterprise AI security that delivers adaptive protection, real-time threat monitoring, and audit-ready governance for AI systems. This acquisition positions F5 as the first company to deliver end-to-end protection for every app, API, and now AI model and agent, anywhere.

Together with CalypsoAI, we’re redefining enterprise AI security, enabling organizations to securely scale while mitigating risks, simplifying compliance, and delivering high-performance AI workflows. By bringing CalypsoAI’s capabilities to the F5 Application Delivery and Security Platform (ADSP), enterprises gain access to the world’s most comprehensive, end-to-end AI security solution, allowing them to secure their AI systems from pilot to production without compromise.

We sat down with James White, CTO of CalypsoAI, and Kunal Anand, Chief Innovation Officer at F5, to discuss how this groundbreaking solution simplifies enterprise AI security across the entire lifecycle of AI systems.

James White: Thank you! Our mission at CalypsoAI has always been to empower organizations to adopt AI confidently and securely. With enterprises rapidly scaling AI, they face rising risks like adversarial attacks, rogue model behaviors, policy violations, and evolving compliance demands. Due to how fast AI is changing, these risks can’t be addressed by traditional tools, which leave gaps in protection and governance.

To address this, we’ve built solutions that secure AI workflows for all stages of AI maturity. This includes proactive attack testing through AI Red Teaming, real-time defenses delivered by solutions like runtime inspection and enforcement, and centralized observability and compliance to meet regulatory standards like GDPR and the EU AI Act.

Joining F5 allows us to expand our vision and seamlessly integrate these capabilities into one unified platform, enabling enterprises to test, deploy, and scale AI without compromising security.

Kunal Anand: AI isn't just another workload; it's a new, dynamic attack surface that bypasses traditional security. For decades, F5 has sat at the critical junction between applications and users. Securing AI models, agents, and data flows is the logical extension of our core mission.

Our vision is a single, adaptive platform that secures code, APIs, and now, the AI constructs that power modern applications. By integrating CalypsoAI’s AI-native security into our ADSP, we are making that vision a reality. This isn't about bolting on a new feature. It's about embedding AI protection into the application fabric itself. Enterprises can now build with AI, not just react to its risks. That is the difference between leading and merely participating in this shift.

James White: As enterprises are looking to implement a new AI stack, AI workflows create a dynamic attack surface that introduces unique challenges:

• AI Vulnerabilities: Risks include prompt injection attacks, data poisoning, and adversarial manipulations, which can compromise AI system integrity. One of the most pressing challenges noted by security professionals is the rise of Shadow AI, where unauthorized use of third-party AI services magnifies risks like data exfiltration and operational blind spots. Practitioners highlight that balancing AI’s data demands with cybersecurity principles often forces trade-offs that leave businesses choosing between effective AI and robust security.
• Compliance Gaps: Regulations like GDPR and the EU AI Act require centralized oversight and accountability, but many organizations lack effective tools to streamline compliance for AI systems.
• Shadow AI: Unmonitored or unauthorized use of third-party AI services increases risks like data exfiltration and operational blind spots.
• Fragmented Security Tools: Many enterprises rely on disconnected tools or manual processes, which introduce inefficiencies and create bottlenecks.

The integration of CalypsoAI's purpose-built solutions into the F5 ADSP directly addresses these challenges, providing proactive, real-time protection at every stage—from pilot to production.

Kunal Anand: It delivers full-lifecycle AI security. Three benefits are immediate:

• Harden Models Before Deployment. Think of it as continuous, automated red-teaming for your AI. CalypsoAI fires thousands of adversarial prompts at your models, discovering and fixing vulnerabilities in hours, not weeks. Teams ship resilient systems faster.
• Protect Runtime AI. This is not a passive log scanner. It's a real-time shield that sits in the data path, actively blocking prompt injections, data exfiltration, and other attacks without compromising performance. We prevent the breach, not just report on it.
• Unified Observability for AI. AI systems can feel like a black box, creating massive operational blind spots. CalypsoAI observes every prompt, response, and data interaction across your entire AI estate. This turns ambiguity into clear insight, allowing teams to troubleshoot issues, detect drift, and maintain a complete, audit-ready record of AI behavior. You can't secure what you can't see.

James White: Our approach is both proactive and continuous. For example, during development, our Red Teaming tools simulate adversarial attacks to pressure-test AI systems, ensuring vulnerabilities are addressed before deployment. Post-deployment, live monitoring and runtime protection systems detect and respond to anomalous behavior and attacks like data exfiltration in real time.

This layered security approach gives enterprises the tools to protect against risks from pilot to production, streamline compliance, and accelerate their AI innovation—securely. CalypsoAI is the established industry expert in post-deployment AI model security. Our solutions give us unique insights into measuring and benchmarking how vulnerable the world’s most used generative AI and agentic AI models. Our CASI security index and Agentic Warfare Resistance leaderboards rank the top 10 models in each of these respective areas, helping enterprises better understand which models to deploy and the inherent risks they face in deploying them.