Three forces reshaping security leadership: Distributed AI inference, threat evolution, and hybrid multicloud

John MaddisonChief Marketing Officer | F5

For the past 12 years, F5 has surveyed executives and IT decision makers around the world on the trends shaping their business. This year’s F5 State of Application Strategy Report makes one thing clear: three forces are now reshaping how organizations build, run, and secure modern applications.

First, distributed AI inference—the moment when one or more trained models are put to work to generate responses, decisions, or predictions in real time—has become a critical operational workload in the AI application journey. Second, the threat landscape is becoming faster, more scalable, and more persistent as attackers use AI to accelerate discovery, automate execution, and extend their reach. Third, hybrid multicloud is not a transitional phase. It is a permanent operating reality for most enterprises, especially as AI increases the demands on where applications, APIs, data, and inference services need to live.

For security leaders, these shifts are not theoretical. They are already changing the environments they protect, the architectures they support, and the decisions they make. Let’s take a look at each one.

AI inference is now the center of enterprise value.

AI inference is not a passing trend—it has quickly established itself as a core business capability. According to our survey, 77% of respondents report that inference, rather than model training or tuning, is their dominant AI activity.

The report also found that enterprises operate an average of seven AI models, with inference workloads extending across a distributed environment—including the data center, cloud, and edge locations.

Inference is the most important AI workload for enterprises because it delivers critical, real-time insights that improve business competitiveness. That’s why AI has moved from experimentation to production-scale operations that directly impact operations and revenue.

Yet many organizations face significant challenges as they implement AI inference into operational workflows and day-to-day functions.

One major obstacle is the sprawl and complexity that enterprise-scale AI inference brings. Multi-model AI environments add increased management overhead, and with chained model routing, new security risks emerge at runtime when prompts, responses, and context move between models.

In addition, as customers increasingly rely on AI inference to accelerate business performance, they have to manage AI performance, security, and reliability in real time, which requires end-to-end observability to ensure that policies and compliance rules are applied consistently no matter what model is used or where it’s deployed.

This complexity also comes with a price tag: the cost of operating all this high-performing inference infrastructure can be substantial.

Distributed AI inference needs to be treated as a new application tier, where inference stops behaving like a single endpoint and starts interacting like a distributed system. For customers, that means handling inferencing with the same level of importance and operational discipline as other core components of the application stack that support and sustain the business.

As enterprises embrace AI and agents, attackers are doing the same.

Organizations are deploying agentic AI at lightning speed. But so are criminals. While nearly all (98%) of responding organizations report they are modifying their apps for autonomous AI agent access, the survey also reports that 77% expect issues with identity and access control for AI agents, providing a major opening for attacks.

AI introduces vast numbers of new, unpredictable entry points for attacks—such as prompt injection, data poisoning, and model inversion—that bypass traditional defenses. But AI systems don’t simply expand the attack surface; they reshape it.

Customers need AI security tools that focus on the inference layer, the new frontline for attacks where APIs, prompts, and access tokens intersect in real time. These connections must be protected with strong identity and authorization controls and real-time visibility across all AI interactions.

Comprehensive monitoring tools are also necessary to inspect and analyze prompts and responses, with integrated delivery and security to eliminate dark corners that offer a safe haven for attackers.

The complexity of hybrid multicloud is being exacerbated by multi-model, distributed AI.

In most organizations, the number and diversity of hosting locations continue to explode, as enterprises build for flexibility across all of their digital environments. Statistics from our report tell the story: more than nine in 10 responding organizations (93%) manage multicloud environments, and 86% run applications across on-premises, public cloud, and co-location environments.

In addition, survey respondents on average manage five of their own data centers plus an additional five co-location facilities—not to mention the four different public cloud providers used by the average organization. This means that today’s digital landscapes are, by default, inherently distributed and heterogeneous.

A platform approach to reducing complexity and securing AI

To thrive as these three trends take hold, organizations need a simpler way to deliver, secure, and control every interaction across distributed environments in real time. That means a unified infrastructure approach—one with consistent policy enforcement across environments, plus end-to-end visibility tools and controls that operate anywhere and everywhere across the digital ecosystem.

A converged platform that combines networking, application delivery, and security collapses fragmented control points into a unified enforcement layer, addressing the complexities of dynamic AI systems and hybrid multicloud infrastructures. The F5 Application Delivery and Security Platform (ADSP) is designed to do this—applying consistent policies across internal and external interaction points with context-aware traffic inspection to close the gaps that attackers exploit.

With end-to-end visibility and consistent protection across environments, F5 ADSP reduces operational complexity by shrinking the number of control planes and aligning NetOps, SecOps, and application teams. The result: delivery, security, and AI governance integrated into a single operational model, ready for the challenge of enterprise-scale inference.

To explore these important trends in more detail, download your copy of the 2026 State of Application Strategy Report.

About the Author

John MaddisonChief Marketing Officer | F5

John Maddison is F5’s Chief Marketing Officer. John has more than 30 years of experience leading product teams and corporate marketing functions in cybersecurity, cloud, and telecommunications. Prior to F5, John spent 12 years at Fortinet, most recently as Chief Marketing Officer and EVP of Product Strategy. He previously held leadership positions at Trend Micro, Vina Communications, and Octel Communications. John holds a B.S. in Engineering degree from Plymouth University in Devon, England.

More blogs by John Maddison