NVIDIA is making a clear statement about where enterprise AI is headed. Agentic AI is pushing infrastructure requirements beyond raw compute. As autonomous agents reason, retrieve, and act continuously, data becomes the fuel, storage becomes a first-order asset, and data protection and observability become fundamental operations in the AI factory. That shift changes the security and resiliency model.
With the announcement of new and enhanced NVIDIA DOCA security capabilities for NVIDIA Vera BlueField-4 STX, NVIDIA is defining a new class of secure-by-design AI storage by embedding real-time protection for data, agents, and context memory directly in silicon. The outcome is straightforward: a shift from reactive security controls to proactive, policy-driven enforcement that can operate at AI agent speed.
“The combination of DOCA Argus runtime visibility and an enterprise-grade traffic and security gateway such as F5 allows organizations to detect threats earlier, contain them faster, and keep AI services running under pressure.”
The most important part is what this signals to the industry. When the infrastructure platform embeds security into the trust domain, the conversation shifts from “can we bolt on enough tools?” to “can we enforce policy for every asset in the infrastructure while maintaining the speed of the AI factory?” That is the baseline enterprises are converging on.
This matters because, in agentic systems, security is no longer only about protecting endpoints. It is about governing every interaction between agents and the data they access or generate, continuously, inline, and at scale. In an AI factory, the most sensitive operations are often not the prompts. They are the fast, reliable, and governed retrieval, access, and generation paths to proprietary datasets and models. That is why secure-by-design storage, data protection, observability, and policy guardrails are becoming foundational.
What NVIDIA is announcing: A unified DOCA security stack for the AI factory
At the core of NVIDIA’s approach to secure-by-design AI-native storage and data infrastructure is the DOCA security stack, deployed consistently across the platform and enforced in the BlueField trust domain. NVIDIA Vera BlueField-4 STX Security brings three complementary protection layers:
- AI-native data protection: NVIDIA DOCA Vault. DOCA Vault is a zero-trust access layer for file-based storage that enforces policy on access requests and can block unauthorized access in real time, even if the host OS is compromised.
- AI inference protection: NVIDIA DOCA Flow plus NVIDIA DOCA Argus. DOCA Argus provides runtime visibility into inference workload behavior, enabling AI discovery, exposure management, and real-time threat detection across multi-tenant AI environments. DOCA Flow extends protection through line-rate network policy enforcement at speeds up to 800Gb/s, enabling secure isolation between agents, tenants, and inference pipelines without impacting AI performance. Operating directly in the AI data path, DOCA Flow enables high-speed traffic inspection, segmentation, and secure communication across distributed inference environments.
- AI agent protection: DOCA Argus integrated with ecosystem security gateways. NVIDIA Vera BlueField-4 STX introduces a new control point to monitor and govern how AI agents interact with data and external systems. By integrating DOCA Argus with enterprise AI security gateways from NVIDIA ecosystem partners, including real-time telemetry-aware policy enforcement layers, the platform continuously analyzes agent behavior in silicon, including integrity, operations, data access, network activity, interactions between agents, and execution patterns. When behavior deviates from what is expected, it can trigger immediate action, such as blocking network access to isolate the agent, preventing data exfiltration, and containing risk before it propagates.
This is the direction the industry is moving toward. Security built into the infrastructure layer, not bolted on after the fact.
Turn runtime telemetry into action with F5 and NVIDIA DOCA Argus
NVIDIA BlueField-4 delivers an in-silicon enforcement point, and DOCA Argus provides runtime visibility into AI workloads. F5 BIG-IP Next for Kubernetes acts as a real-time telemetry-aware enterprise AI security gateway in this architecture, ingesting DOCA Argus signals in real time and applying policy-based security decisions to reinforce AI agent protection. F5 enhances that foundation with resiliency, security, and observability across AI data pipelines and storage services, helping organizations correlate runtime signals with live traffic context and respond faster when behavior deviates from normal.
BIG-IP Next for Kubernetes also provides the north-south traffic context that infrastructure telemetry alone does not carry. When combined with DOCA Argus, BIG-IP Next for Kubernetes does not just observe runtime behavior. It turns runtime telemetry into enforcement, using real-time workload signals together with traffic context to make security decisions and apply policy inline. This creates two complementary views of the same event: what the API and tenants are doing at the front door, and what the workload is doing at runtime.
The same model extends to NVIDIA DOCA Vault and storage security. BIG-IP Next for Kubernetes helps create a zero-trust layer for storage and data access by isolating, protecting, and governing access paths to data services. In combination with DOCA Vault, BIG-IP Next for Kubernetes helps enforce policy, strengthen tenant isolation, and protect storage access paths across shared AI infrastructure.
F5 also enhances resiliency and security within the NVIDIA BlueField-4 STX Security architecture for agentic AI. With F5 BIG-IP, customers can protect AI data pipelines and storage services from DDoS attacks, traffic spikes, and abnormal load conditions, allowing critical services to remain operational under stress. F5 can also improve GPUs and other AI resource utilization by intelligently steering AI traffic and supporting quality of service for latency-sensitive AI workloads. This correlation is the difference between “something looks off” and “we have high-confidence compromise.” It also enables mitigation that is both fast and targeted, instead of blunt shutdowns that impact every tenant.
Why runtime plus traffic correlation is the next security control point
One of the hardest problems in production AI is distinguishing between legitimate usage and early-stage compromise. Many attacks will not look like volumetric floods. They look like valid calls to a public inference endpoint, often authenticated, and only become obvious when you correlate front-door behavior with what is happening inside the workload.
That is where the combined NVIDIA Vera BlueField-4 STX and F5 approach becomes powerful.
North-south signals like endpoint behavior, error and abort rates, latency shifts, and tenant context tell you what is happening at the edge. Runtime telemetry from DOCA Argus, such as process activity, unexpected shells or commands, and new outbound connections, tells you what should never be happening inside the inference stack.
When those two views line up in the same time window, you can move from suspicious to high-confidence attack quickly and act before the blast radius expands across shared AI infrastructure.
A practical example: Detecting an inference attack that looks legitimate
Consider a public AI API endpoint where the traffic is authenticated and appears valid. Overall request volume is not very high, but service behavior changes. Response times spike from sub-second to multi-second. Error and abort rates rise on the same endpoint. Requests cluster near the upper bounds of expected payload sizes.
From a traffic-only perspective, this may look like a noisy tenant or a performance incident.
Now add the BlueField trust-domain view with DOCA Argus on the specific GPU server handling those requests. The model-serving process unexpectedly launches an interactive shell. Immediately after, the same process initiates new outbound HTTPS connections to external destinations. That combination is consistent with command-and-control activity or staging and exfiltration.
This is where the integration becomes operationally decisive. BIG-IP Next for Kubernetes can tie the degraded API behavior to tenant and request context, while DOCA Argus confirms abnormal runtime behavior on the specific backend handling those requests. Together, that creates a high-confidence detection signal that can enable rapid, targeted containment.
In practice, this enables targeted mitigation. Rather than treating it as a generic incident, enterprises can isolate the affected path and preserve overall service continuity of other tenants and endpoints.
The bigger shift: Designed, not assembled
The AI factory model is forcing a new baseline. Performance, cost-per-token, and trust must be engineered together. NVIDIA Vera BlueField-4 STX and the NVIDIA DOCA security stack represent a meaningful move toward that baseline by embedding enforcement in silicon and operating from an isolated trust domain.
As this architecture becomes the reference point for how enterprises build AI factories, ecosystem integrations matter. Infrastructure-level security signals are only as valuable as the controls that can act on them. The combination of DOCA Argus runtime visibility and an enterprise-grade traffic and security gateway allows organizations to detect threats earlier, contain them faster, and keep AI services running under pressure. This milestone is part of a broader journey already underway between F5 and NVIDIA. BIG-IP Next for Kubernetes already aligns with NVIDIA BlueField DPUs and DOCA-accelerated AI infrastructure, bringing high-performance traffic management, security, and AI-aware controls into production AI environments. This latest collaboration builds on that foundation, extending it into NVIDIA Vera BlueField-4 STX to help enterprises protect data, inference, and agents with greater visibility, policy enforcement, and operational control.
AI factories do not just need more GPUs. They need secure-by-design infrastructure that can keep pace with agents and keep enterprise data protected while doing it.
To learn more, visit: Technology Alliances: F5 and NVIDIA
About the Author
Related Blog Posts
Secure-by-design storage for agentic AI: Why runtime visibility plus traffic control matters
Learn how F5 is collaborating with NVIDIA to help protect agentic AI with secure-by-design AI infrastructure, runtime visibility, and traffic control.
F5 joins the Dell AI Ecosystem Program to help enterprises operationalize AI
F5 joins the Dell AI Ecosystem Program to help enterprises deploy production AI with greater performance, security, and control.
Why sub-optimal application delivery architecture costs more than you think
Discover the hidden performance, security, and operational costs of sub‑optimal application delivery—and how modern architectures address them.
Architecting for AI: Secure, scalable, multicloud
Operationalize AI-era multicloud with F5 and Equinix. Explore scalable solutions for secure data flows, uniform policies, and governance across dynamic cloud environments.
AppViewX + F5: Automating and orchestrating app delivery
As an F5 ADSP Select partner, AppViewX works with F5 to deliver a centralized orchestration solution to manage app services across distributed environments.
F5 NGINX Gateway Fabric is a certified solution for Red Hat OpenShift
F5 collaborates with Red Hat to deliver a solution that combines the high-performance app delivery of F5 NGINX with Red Hat OpenShift’s enterprise Kubernetes capabilities.