What seems like an eternity ago, security teams worried about attackers manually poking at applications to find vulnerabilities that they could exploit.
In just a couple of short months, that process now seems almost quaint in its approach to vulnerability exploitation, doesn’t it?
With frontier AI models, and projects like Claude Mythos, being applied to application code and open-source ecosystems, vulnerability discovery has in a very short time become exponentially faster, infinitely more scalable, and even much less expensive. And so has the potential exploitation of those discovered vulnerabilities, too.
“Teams can rely on dynamic threat evaluation that targets genuinely malicious behavior while allowing legitimate traffic to pass unimpeded.”
Instead of a single researcher finding a bug, AI rapidly analyzes repositories, spots insecure patterns, and helps generate exploit paths. The result is a new reality: more vulnerabilities will be found earlier and weaponized sooner.
For web apps and APIs, and the millions of organizations worldwide that develop and use them, the question isn’t, “Will we see exploit attempts?” but now is, “Which exploits matter most, and can we stop the right exploits in time?”
The problem: Drowning in WAF noise while exploits accelerate
Web application firewalls (WAFs) are a critical control for blocking common attacks. But traditional WAFs often force a blunt decision: allow or deny access to an application or API. This can create a painful, time-consuming loop for your security teams, with too many alerts, including false positives and low-priority events that require manual (read: slow), expert-driven tuning to reduce the noise without halting good traffic, but with fewer experts (read: a widening skills and knowledge gap).
In the meantime, AI-assisted attackers won’t slow down because your backlog is full. As a matter of fact, they count on your SecOps teams being overloaded, over-subscribed, and in some cases, just over it.
Moving from “alerts” to “priorities”
This is why risk scoring has become essential.
The current way of placing equal weight on every signal from a WAF creates too many alerts, leading to alert fatigue for your already overworked teams. It also creates too many false positives, which can frustrate your application users.
SecOps teams face a constant balancing act: continually adjusting WAF signatures to maintain strong protection while minimizing false positives. Manual WAF tuning is complex and often demands time-consuming coordination across security, development, and operations teams, groups that are typically already overloaded. When decisions involve trade-offs between speed, accuracy, and cross-team effort, remediation slows and exposure persists. That’s why more advanced, AI-driven WAF capabilities are more necessary and vital than ever.
Instead of treating every WAF signal as equal, a risk-based model will answer the real operational question: “What should we act on first to reduce the most risk?”
A risk-based model for applications provides a risk-related score that translates complex security data and leverages many signals and inputs into quantifiable metrics. Risk scoring measures a vulnerability's exploitability, business criticality, and data sensitivity. By applying this level of context to application vulnerabilities modernizes and simplifies patch prioritization, allows resources to be allocated efficiently, and bridges the fast-closing gap between technical risk and business impact.
Rating vulnerability risk helps prevent alert fatigue by identifying the most urgent, critical threats so security teams can patch—or virtually patch—the vulnerabilities that may create the greatest potential damage for the organization and its users. Risk scoring provides context and prioritization of protection and helps standardize on evidence of a risk-based approach to security, helping to simplify addressing compliance regulations.
F5 AI-powered WAF
In a blog earlier this year, “Securing web apps without complexity: How F5’s AI-powered WAF transforms WAF security,” we discussed how the AI-powered WAF capabilities within F5 Distributed Cloud WAF represented a significant leap forward for web app protection, delivering stronger security with fewer false positives, while alleviating the burden of continuous manual tuning for SecOps teams. AI-powered WAF changes how application security decisions are made, shifting teams away from configuration-heavy rule management toward outcome-driven security.
Rather than endlessly tweaking hundreds or thousands of signatures, teams can rely on dynamic threat evaluation that targets genuinely malicious behavior while allowing legitimate traffic to pass unimpeded. As a result, organizations can move to blocking mode faster and gain immediate protection with far less risk of disrupting real users.
The AI-powered capabilities in Distributed Cloud WAF can now assign a single, intuitive numeric score to quantify threat severity. It’s very much like the equation many security teams already employ, which is “Risk = Likelihood × Impact,” simply operationalized into a single numeric score teams can triage instantly.
The numeric score is composed of a Likelihood Score, which measures the probability of a security event becoming an actual attack as opposed to representing benign traffic or a false positive.
It also includes an Impact Score, which quantifies how critical the situation would be if the probable security event became a successful attack. This score uses metrics aligned to real-world consequences—like confidentiality, integrity, and availability, plus signals like the Exploit Prediction Scoring Systems (EPSS) and Exploit Code Maturity.
Why this matters against AI-driven vulnerability exploitation
As AI tools expand vulnerability research, there will be more scanning, more probing, and more “almost attacks.” The danger is spending the limited time for addressing actual threats chasing the wrong security events, with the danger that a high-impact exploit slips through the purview of your overworked staff who have been looking in the wrong directions.
Risk scoring helps to:
- Alleviate alert fatigue so teams focus on what’s truly dangerous.
- Make faster, more confident decisions regarding whether to investigate, block, or ignore a potential threat.
- Reduce manual tuning by using quantitative signals instead of endless rule tweaks, saving valuable time for already overburdened, understaffed security teams.
- Enable smaller SecOps teams to operate effectively, where new hires can act on a clear score, not tribal knowledge.
The bottom line
Frontier AI is compressing the timeline from “vulnerability exists” to “exploit in the wild.” In that environment, security can’t be a backlog of undifferentiated alerts. Risk scoring turns WAF noise into clarity, helping prioritize real threats and stop vulnerability exploits before they become incidents.
To learn more, please read our press release and our product pages on F5 WAF solutions.
Request a free trial or speak with an expert today
About the Authors
Related Blog Posts
Kubernetes-native WAF for the gateway era: F5 WAF for NGINX now integrates with F5 NGINX Gateway Fabric
F5 extends WAFs to deliver consistent, scalable protection across clusters and environments with F5 NGINX Gateway Fabric and F5 NGINX Ingress Controller.
From dashboard fatigue to operational excellence: Why XOps needs F5 Insight for ADSP
Learn how F5 Insight for ADSP lays the visibility foundation for XOps—turning fragmented signals across applications and infrastructure into actionable intelligence.
The hidden cost of unmanaged AI infrastructure
AI platforms don’t lose value because of models. They lose value because of instability. See how intelligent traffic management improves token throughput while protecting expensive GPU infrastructure.
Govern your AI present and anticipate your AI future
Learn from our field CISO, Chuck Herrin, how to prepare for the new challenge of securing AI models and agents.
F5 recognized as one of the Emerging Visionaries in the Emerging Market Quadrant of the 2025 Gartner® Innovation Guide for Generative AI Engineering
We’re excited to share that F5 has been recognized in 2025 Gartner Emerging Market Quadrant(eMQ) for Generative AI Engineering.
Self-Hosting vs. Models-as-a-Service: The Runtime Security Tradeoff
As GenAI systems continue to move from experimental pilots to enterprise-wide deployments, one architectural choice carries significant weight: how will your organization deploy runtime-based capabilities?