Enterprise technology is entering a state of deeper amalgamation and flux. Not because data integration suddenly became important (spoiler alert, it is… and we don’t have enough of it), not because we’re fixing broken data sovereignty issues to address the new world order for information governance (same spoiler, mostly)… and not because the humble application programming interface has reached a new level of de facto acceptance in the containerised world of Kubernetes and cloud (again, same reveal there).

No, well okay yes… software amalgamation is happening for all of those reasons, but there is also a new coming together as a result of the intersection point between AI models and data, APIs, data repositories, other applications and components, plus of course users themselves.

F5 says it is fully aware of these trends and is now extending its core technology proposition to accommodate the way computing entities are interacting. The F5 Application Delivery and Security Platform (ADSP) platform is designed to deliver and secure every app, every API, anywhere: on-premises, in the cloud, at the edge and across hybrid, multicloud environments. As such, the company is now announcing F5 AI Guardrails and F5 AI Red Team.

Guardrails: Ready-Baked or Custom-Built

These services have been engineered to secure mission-critical enterprise AI systems with what F5 insists is a comprehensive end-to-end “lifecycle approach to AI runtime security” today. This means an enhanced set of abilities to connect and protect AI agents with both out-of-the-box and custom-built guardrails. 

 But why both?

In some cases, out-of-the-box guardrails work because a deployment is running standardised cloud (and other)  platform technologies in a narrowly enough defined use case to apply controls that would fit any other similar codebase, dataset and workflow.

Perhaps more commonly, these more pioneering security offerings are needed to align with customer needs for flexible deployment i.e. to span model-agnostic protection where the deployment itself is more composable and complex… and where teams need the ability to tailor and adapt AI security policies in real time. Crucially, this level is also where software engineering units need to be able to apply controls at the application layer, where AI interactions occur, hence our initial new flux and amalgam emphasis. 

F5 AI Guardrails and F5 AI Red Team are already deployed at leading Fortune 500 enterprises across multiple industries globally, including in highly regulated financial services and healthcare organizations. 

Data Leaks & Unpredictable Models

“Traditional enterprise governance cannot keep up with the velocity of AI,” said Kunal Anand, chief product officer at F5. “When policy lags adoption, you get data leaks and unpredictable model behaviour. Organisations need defences that are as dynamic as the models themselves. F5 AI Guardrails secures the traffic in real time, turning a black box into a transparent system, while F5 AI Red Team proactively finds vulnerabilities before they reach production. This allows organisations to stop fearing risk and start shipping apps and features with confidence.” 

As enterprises accelerate AI adoption across internal workflows and mission-critical decision-making, the risk landscape is rapidly shifting. Anand suggests that organisations now grapple not only with external attackers, but also adversarial manipulation of models, data leakage, unpredictable user interactions and growing compliance obligations. 

By pairing F5 AI Guardrails and F5 AI Red Team with traditional infrastructure protection – including API security, web application firewalls and DDoS defences, enterprises can secure AI systems alongside existing applications, improving visibility and policy consistency without relying on fragmented point solutions.

Transforming Risk Into Confident AI Deployment 

“As organisations race to operationalise AI, many security tools address only fragments of the rapidly expanding attack surface. F5 is one of the first vendors delivering a complete AI security solution – combining real-time runtime defences with offensive security testing and pre-built attack patterns to help organisations deploy AI with confidence. Doing so requires addressing the risks inherent in how AI systems operate in practice, where models vary widely in capability and behavior, and also interact with sensitive data, users, APIs, and other systems in ways legacy tools weren’t built to manage,” noted Anand and team.

As described, F5 AI Guardrails provides a “model-agnostic runtime security layer” designed to protect every AI model, app and agent across every cloud and deployment environment with consistent policy enforcement. 

As the number of models grows into the millions, the company says that AI Guardrails delivers consistent protection against adversarial threats such as prompt injection and jailbreak attacks, prevents sensitive data leakage… and it enforces corporate and regulatory obligations, including GDPR and the EU AI Act. Uniquely, AI Guardrails also delivers in-depth observability and auditability of AI inputs and outputs so teams can see not just what the model did, but why it did it, which is a core need for governance and compliance in regulated industries. 

Continuous Sustained Assurance

Complementing runtime protection, F5 AI Red Team delivers scalable, automated adversarial testing that simulates both common and obscure threat vectors, powered by what is said to be a preeminent AI vulnerability database – adding over 10,000 new attack techniques every month as real-world threats evolve. AI Red Team reveals where models can provide dangerous or unpredictable outputs, and its insights feed directly back into AI Guardrails policies so defenses evolve as threats and models themselves change. 

Together, F5 is telling us that AI Guardrails and AI Red Team establish a continuous AI security feedback loop: proactive assurance, adaptive runtime enforcement, centralised governance and ongoing improvement.