AI applications are modern applications, and modern applications increasingly integrate AI-powered features. In many ways, modern applications and AI applications are two sides of the same coin. While AI applications specifically focus on using artificial intelligence to perform and deliver tasks, modern applications represent a broader category. They may incorporate AI, but they also blend it with other modern application technologies. Although there is overlap between AI and modern applications, it is clear that they require similar, yet distinct, approaches to security.
Today’s modern applications are built using a foundation of many different libraries, operating systems, frameworks, and more. And so are AI applications. Both also leverage large numbers of APIs in their development, so they have that in common. And both are designed to work in distributed, cloud-native, and multi-platform environments.
“F5 Application Delivery and Security Platform—through its WAAP solution and F5 AI Guardrails—delivers the comprehensive security organizations demand to protect their modern and AI applications from today’s ever-changing threat landscape.”
AI and modern apps need to be protected from many of the same attacks. Whether it’s zero-day vulnerabilities, bots, or APIs, attackers will use the same means to exploit applications whether they include AI or not. Any app, regardless of its function, is fair game for cyber threats and malicious attacks. Which is why both AI and modern apps are best secured by a web application and API protection (WAAP) solution.
For modern applications, but especially those integrating AI, a standalone web application firewall (WAF) or other security point products may provide a false sense of protection without a solution that addresses the hornet’s nest of APIs springing out of AI deployments. The attack surface most shared between modern apps and AI apps is APIs. APIs are already the connective tissue to exchange information between modern apps. And the use of APIs is set to explode in the coming years as the connective tissue for model and agent workflows. As API pathways proliferate, new endpoints will need to be discovered and secured.
The need for unique security protections
As more applications trust AI with complex integrations that handle sensitive and personal data, their attractiveness to attackers only increases. These AI applications require unique security protections, given the nature of the data they handle and the difference in insertion points: WAAP is best placed in front of the AI application, while AI guardrails are most efficient when inserted between the AI application and the LLM model. This difference is also reflected in the type of traffic that is being secured. Instead of packets, we are securing tokens, or, essentially, written language as it relates to LLMs.
Incorporating AI models and agents has already led to a rise in AI-related security incidents, such as privacy violations, misinformation amplification, and more, which surged by over 56 percent in 2024. These were serious security compromises that put sensitive data and personal information at grave risk. AI applications require guardrails to secure the data and information they use and that is in motion, protect against adversarial threats, and adhere to strict compliance regulations. Injection attacks are a problem for both modern and AI apps: for modern apps, it’s SQL and other injection attacks and for AI apps, it’s prompt injections. A more unique issue for AI apps it how to detect and prevent sensitive corporate or critical personal data from being leaked. There is also the need to enforce and restrict least privilege on AI models and agents.
An application delivery and security platform, which includes at least a WAAP solution composed of a WAF, API protection, bot protection, and DDoS mitigation, combined with a purpose-built AI guardrails solution, delivers a layered security approach for AI and modern applications across a broad range of potential attack vectors. The blend of security capabilities available in WAAP provides the robust protection required by all modern applications, while the additional safeguards offered by AI-specific guardrails deliver stronger protection and defense against application-level attacks.
Robust WAAP and AI Guardrails to secure AI workloads
The F5 Application Delivery and Security Platform (ADSP) combines security with flexibility to deliver and protect any application and API, and now any AI model or agent, anywhere. F5 ADSP provides robust WAAP protection at the front door to defend against application-level threats, while F5 AI Guardrails operates deeper in the stack, securing AI interactions by enforcing controls against model- and agent-specific risks. Together, these distinct but complementary security layers deliver end-to-end protection across traditional and AI-driven workloads.
- F5 ADSP’s WAAP capabilities, composed of Distributed Cloud WAF, Distributed Cloud API Security, Distributed Cloud DDoS Mitigation, and Distributed Cloud Bot Defense deliver application-layer protection and security at a global scale with unmatched performance. Modern applications are centrally managed with security applied consistently and observability delivered across virtually any environment. F5 ADSP’s Distributed Cloud Services offer a single, SaaS-based control plane, with services to deploy, manage, secure, and observe applications and APIs anywhere.
- F5 ADSP enables secure and compliant AI application deployment through advanced capabilities such as F5 AI Guardrails. F5 AI Guardrails protects sensitive data, mitigates emerging AI threats, and enforces runtime controls for AI models and agents. It defends against risks such as prompt injection, jailbreaks, and data leakage, while ensuring real-time policy enforcement. With audit-ready observability, scanning, and logging aligned to global compliance standards, F5 AI Guardrails simplifies AI governance and helps organizations maintain regulatory adherence and safe AI outcomes.
F5 ADSP—through its WAAP solution and F5 AI Guardrails—delivers the comprehensive security organizations demand to protect their modern and AI applications from today’s ever-changing threat landscape.
To learn more, see our F5 ADSP webpage.
Also, be sure to check out our F5 WAAP solution and F5 AI Guardrails.
About the Authors
Related Blog Posts
F5 secures today’s modern and AI applications
The F5 Application Delivery and Security Platform (ADSP) combines security with flexibility to deliver and protect any app and API and now any AI model or agent anywhere. F5 ADSP provides robust WAAP protection to defend against application-level threats, while F5 AI Guardrails secures AI interactions by enforcing controls against model and agent specific risks.
Govern your AI present and anticipate your AI future
Learn from our field CISO, Chuck Herrin, how to prepare for the new challenge of securing AI models and agents.
New 7.0 release of F5 Distributed Cloud Services accelerates F5 ADSP adoption
Our recent 7.0 release is both a major step and strategic milestone in our journey to deliver the connectivity, security, and observability fabric that our customers need.
Stay ahead of API security risks with our latest F5 Distributed Cloud Services release
This release brings exciting, new API discovery options, expanded testing scenarios, and enhanced detection capabilities—all geared toward reducing API security risks while improving overall visibility and compliance.
F5 provides enhanced protections against React vulnerabilities
Developers and organizations using React in their applications should immediately evaluate their systems as exploitation of this vulnerability could lead to compromise of affected systems.
Build secure and resilient digital experiences with F5’s enterprise application delivery and security architecture
F5’s application services architecture is designed to help customers maximize performance, control, and security, while simplifying their day-to-day operations.