I have had some version of the same conversation dozens of times in the past year. It starts when a security leader at a large enterprise says, "I don't know how our employees are using AI." That statement sounds like an admission of a tooling gap. It is actually a description of a structural problem, and the structure is the part worth understanding.
Over the past few years, enterprises have moved from individuals using AI for one-off tasks to teams wiring models into enterprise data to the current inflection point of autonomous agents acting on their own. At every step, access and autonomy went up. At every step, visibility and control went down. Those two lines have been moving in opposite directions the entire time.
Call it the adoption-control inversion: the more AI an organization absorbs, the less it can see or govern, precisely because the thing being absorbed is built to act faster and more independently than the controls watching it. The inversion is expensive and lands hardest on the organizations that adopted fastest and watched least.
“Most AI security today is a wrapper around a chatbot. That is not security. Enterprises run AI inside regulated networks, behind APIs, and across agents that authenticate and act on their own. The F5 AI Security Platform gives CISOs what they have been missing: continuous control over every model, agent, and API, wherever the AI runs, delivered on the same F5 platform that has secured and delivered enterprise applications for three decades.”
Most security teams already understand that AI needs boundaries. Agreeing on that has never been the hard part. The hard part is knowing where a boundary should sit, what it should permit, and how to move it as the environment changes. Without continuous visibility, every one of those decisions is a guess.
The pattern we have seen before
The inversion is new in its particulars and old in its shape. The last time enterprise adoption outran enterprise visibility this badly was the shift to SaaS. Employees adopted cloud applications faster than IT could sanction them, and the instinct was to block. Blocking failed because it pushed usage into the shadows while slowing the business. What worked was a new control point: a layer that sat inline with the traffic, saw what was actually being used, and applied policy without forcing a choice between security and adoption.
Shadow AI is shadow SaaS with a faster clock and a larger blast radius. The answer has the same shape. You do not resolve the inversion with a smarter blocklist. You resolve it by occupying the position in the path where you can see usage, classify intent, and enforce policy at once.
Eliminating the guesswork
Today, F5 introduced the F5 AI Security Platform as a control point: a platform that extends our F5 Application Delivery and Security Platform strategy to enterprise AI. It runs a single adaptive loop. Teams continuously discover how the workforce is using AI, test their models and applications for vulnerabilities specific to those deployments, and translate their findings and tests into runtime protection calibrated to the threats each organization faces.
Put simply, here’s the core loop: Discovery feeds testing. Testing feeds enforcement. Enforcement feeds the next round of discovery.
That loop is the mechanism that flips the sign of the inversion. When discovery, testing, and protection are separate tools owned by separate teams, adoption still outruns control, because nothing closes the gap between what is happening and what is governed. When they are in one loop, running from one control point, control scales with adoption rather than falling behind it. The relationship inverts again, this time in the defender's favor.
What SurePath AI makes possible
The catalyst for the loop is our acquisition of SurePath AI, which gives us continuous discovery and classification of AI activity across the workforce, including deployments teams know about and those they do not. SurePath sits inline with corporate network traffic and integrates with the SASE, DLP, SIEM, and identity systems already in place, so it sees usage on managed devices without an agent on the endpoint.
Knowing who is using what is necessary but not sufficient. Security leaders need the intent behind the usage. An agent pulling sensitive records to draft a customer email is a different risk than a helper writing internal memos, even when the model and the user are identical. SurePath classifies usage by intent, audits agent activity for tool misuse and privilege escalation, and detects MCP tool calls so agents can be steered toward approved destinations rather than blocked outright.
That last capability will be one to watch. The MCP tool call is the point at which an agent stops reasoning and starts acting in the outside world, making it the natural egress control point for agentic AI. Whoever sits at that point governs what agents are allowed to do, not just what they are allowed to say. F5 has spent three decades occupying exactly this kind of position in the network. The agentic era did not create a new requirement so much as move the most important control point, and it moved it to somewhere we already are.
The full loop
Runtime enforcement and security testing were brought to the platform through our acquisition of CalypsoAI, now delivered as F5 AI Red Team and F5 AI Guardrails. AI Red Team fires adversarial campaigns against deployed models to find model-specific exploits and then turns those findings into new guardrails in minutes rather than weeks. AI Guardrails enforces those policies at runtime, with custom guardrails built for the intents a given organization cares about. SurePath now informs both, telling the loop which models, agent tool calls, and usage patterns are actually live in the enterprise, so that testing and enforcement target the real attack surface rather than a generic one.
Scattered insights, multi-week remediation cadences, and static policies cannot keep pace with attackers who retool in hours. Defenders have spent years on the wrong side of that asymmetry. A closed loop narrows the asymmetry.
AI security that keeps pace
AI security posture is becoming a function of position, not of products. Discovery, testing, and enforcement all require a seat in the path between the user or agent and the model. With the F5 AI Security Platform, we occupy that seat and can run the full AI security loop to flip the inversion. We’re excited to welcome SurePath AI to F5 and look forward to providing our customers with visibility and comprehensive AI security.
To learn more, read the press release and visit the F5 AI Security Platform webpage.
For a deeper dive, please join tomorrow’s F5 AI Summit, a three-hour virtual event that goes deep on AI security.
About the Author
Kunal Anand leads the F5 product organization as Chief Product Officer. Responsible for product vision, strategy, and execution, he ensures development of breakthrough solutions that solve critical challenges and create exceptional experiences for customers. In his previous role as Chief Technology and AI Officer, Kunal charted the company’s technology and AI strategy and vision. Prior to F5, Kunal held the dual role of Chief Technology Officer and Chief Information Security Officer at Imperva. His journey to Imperva began in 2018 with the acquisition of Prevoty, an application security startup he co-founded in 2013. Before joining Prevoty, he was the Director of Technology at BBC Worldwide. Kunal has a deep history of innovation and technical expertise, and has held roles leading security, data, technology, and engineering teams at Gravity, MySpace, and the NASA Jet Propulsion Lab. Kunal has over 15 years of experience in AI and machine learning, ranging from model training, employing AI-driven algorithms to enhance products, and designing and implementing AI architectures. Kunal holds a Bachelor of Science degree in computer science from Babson College.
More blogs by Kunal AnandRelated Blog Posts
Kubernetes-native WAF for the gateway era: F5 WAF for NGINX now integrates with F5 NGINX Gateway Fabric
F5 extends WAFs to deliver consistent, scalable protection across clusters and environments with F5 NGINX Gateway Fabric and F5 NGINX Ingress Controller.
From dashboard fatigue to operational excellence: Why XOps needs F5 Insight for ADSP
Learn how F5 Insight for ADSP lays the visibility foundation for XOps—turning fragmented signals across applications and infrastructure into actionable intelligence.
The hidden cost of unmanaged AI infrastructure
AI platforms don’t lose value because of models. They lose value because of instability. See how intelligent traffic management improves token throughput while protecting expensive GPU infrastructure.
Govern your AI present and anticipate your AI future
Learn from our field CISO, Chuck Herrin, how to prepare for the new challenge of securing AI models and agents.
F5 recognized as one of the Emerging Visionaries in the Emerging Market Quadrant of the 2025 Gartner® Innovation Guide for Generative AI Engineering
We’re excited to share that F5 has been recognized in 2025 Gartner Emerging Market Quadrant(eMQ) for Generative AI Engineering.
Self-Hosting vs. Models-as-a-Service: The Runtime Security Tradeoff
As GenAI systems continue to move from experimental pilots to enterprise-wide deployments, one architectural choice carries significant weight: how will your organization deploy runtime-based capabilities?