The agentic AI era has arrived, and it’s reshaping traffic patterns across the Internet.
Enterprises are seeing a fast-rising mix of human users, automation, and, increasingly, autonomous agents making legitimate requests for data, API calls, and services. The opportunity for commerce growth is enormous as organizations welcome verified agents and monetize their demand. But this also brings a risk that is just as large: keeping out AI-created malicious bots that drive account takeover, inventory hoarding, payment fraud, and scraping.
To address the opportunity and challenges, F5 and Skyfire are partnering to bring these two imperatives together. By aligning F5 Distributed Cloud Bot Defense functionality with Skyfire’s agentic commerce platform, organizations can block abuse while safely selling to human-directed agents. This single motion protects experiences and opens revenue opportunities.
“The promise is straightforward: Enterprises don’t have to choose between safety and growth. They can deploy battle-tested bot defense to keep attackers out while laying down verified identity and payment rails for trusted AI agents.”
Bot defense meets emerging agentic AI commerce
For years, F5 has tackled the hardest problems in bot detection and mitigation by combining deep client-side telemetry, advanced behavioral analysis, and expert-curated detections that keep pace as attackers retool. That’s how our platform mitigates automated threats across the web, mobile devices, and APIs with near-zero false positives and without resorting to user friction. It’s also why global brands trust F5 to keep their most visible digital channels clean as adversaries adapt.
At the same time, the definition of a “good” request is expanding. Skyfire is building the identity and payments fabric for autonomous commerce: verifiable AgentID, developer and provider verification, enterprise budgets and policies, and instant global micropayments so legitimate AI agents can pay for what they need, pull data, run LLM inferences, and interact with premium endpoints without human intervention. This flips the script from “block all automation” to “allow automation enabling business”—aligning security with growth.
Consider a common journey: A popular retail site faces waves of credential-stuffing and cart-hoarding bots each time a high-demand product drops. F5 Distributed Cloud Bot Defense sits at the edge, collecting rich device and behavioral signals from browsers and mobile SDKs, classifying traffic in real time, and intercepting automated attacks before they distort inventory and frustrate real customers. Where once AIs easily solved CAPTCHA or mimicked clicks, F5’s obfuscated clients and adaptive models make evasive automation markedly harder, while policy-based mitigations neutralize threats without dragging down the user experience.
Welcoming verified AI agents, not malicious automation
Now introduce agentic traffic: verified AI agents aiming to purchase product availability feeds, premium pricing APIs, or fulfillment slots on behalf of legitimate buyers and partners. With Skyfire, these agents can showcase a unique, verifiable identity, operate within strict enterprise-defined budgets, and complete payments instantly—no credit cards on file, no fragile subscription hurdles, and no manual approvals. This creates a trusted pathway for non-human customers to discover, access, and pay for value, while Distributed Cloud Bot Defense prevents unverified or malicious automation from reaching those entry points.
Bringing clarity and confidence to automated traffic
This partnership also answers a deeper operational need: clarity. Security teams and platform owners have long lacked a common language to describe automated traffic in business terms. F5’s dashboards and forensics improvements provide granular visibility into who (or what) is hitting which endpoints, how often, and with what intent. Skyfire complements that view with transaction history, policy decisions, and identity-verification signals. Together, they create an evidence trail that lets organizations separate abusive scripts from revenue-generating agents—and tune policies accordingly, from login to checkout to premium APIs.
The promise is straightforward: Enterprises don’t have to choose between safety and growth. They can deploy battle-tested bot defense to keep attackers out while laying down verified identity and payment rails for trusted AI agents. In practical terms, that means fewer chargebacks and false declines, less scraping and inventory distortion, and a cleaner runway for machine-to-machine commerce that was previously infeasible due to fraud risk and payment friction.
How to get started with F5 + Skyfire
From a deployment standpoint, getting started follows a familiar arc. Organizations enable F5 Distributed Cloud Bot Defense at the application edge—via F5 Distributed Cloud, BIG-IP integrations, or connector-based insertion points —to begin classifying and mitigating automated traffic across web, mobile, and API channels. In parallel, they integrate Skyfire for agent verification and payments, defining which endpoints clients can access and at what spending thresholds.
As traffic flows, the combined telemetry and policy signals guide real-time decisions: verified agents proceed and pay; suspicious automation is challenged or blocked; business owners gain line of sight to both protection outcomes and new, agent-driven revenue.
This F5 and Skyfire partnership is ultimately about confidence—confidence that your applications and APIs are protected against the evolving tactics of malicious automation, and confidence to lean into the agentic AI economy with identity, controls, and payments built for non-human customers. If you’re ready to secure the edge and open the door to verified agents, we’re ready to help you navigate the path from risk management to increased revenue.
The Skyfire integration with F5 Distributed Cloud Bot Defense will be available by April 30, 2026. F5 customers will be able to enable Skyfire-verified agent traffic through the F5 Distributed Cloud Bot Defense management console.
To learn more, read our press release.
About the Authors
Related Blog Posts
Why sub-optimal application delivery architecture costs more than you think
Discover the hidden performance, security, and operational costs of sub‑optimal application delivery—and how modern architectures address them.
Keyfactor + F5: Integrating digital trust in the F5 platform
By integrating digital trust solutions into F5 ADSP, Keyfactor and F5 redefine how organizations protect and deliver digital services at enterprise scale.
Architecting for AI: Secure, scalable, multicloud
Operationalize AI-era multicloud with F5 and Equinix. Explore scalable solutions for secure data flows, uniform policies, and governance across dynamic cloud environments.
Nutanix and F5 expand successful partnership to Kubernetes
Nutanix and F5 have a shared vision of simplifying IT management. The two are joining forces for a Kubernetes service that is backed by F5 NGINX Plus.
AppViewX + F5: Automating and orchestrating app delivery
As an F5 ADSP Select partner, AppViewX works with F5 to deliver a centralized orchestration solution to manage app services across distributed environments.
F5 NGINX Gateway Fabric is a certified solution for Red Hat OpenShift
F5 collaborates with Red Hat to deliver a solution that combines the high-performance app delivery of F5 NGINX with Red Hat OpenShift’s enterprise Kubernetes capabilities.