For those who haven’t seen it, last year we compiled a top 10 list of application delivery challenges derived from nearly thirty years of experience delivering and securing applications in every kind of environment.
Among them was ADC09 Bespoke application requirements. Which is a fancy way of saying some applications have quirks like odd protocols, legacy headers, or nonstandard API behavior, and you need the ability to intercept and modify traffic on the fly to handle those quirks.
That’s a challenge solved by data plane programmability. You know, things like iRules or Lua that can intercept, inspect, and modify application and API traffic in flight. That gives you the ability to rewrite headers, transform payloads, inject auth, or patch behavior without rebuilding the app or waiting for the vendor to catch up.
For example, say an API suddenly requires a new auth token format. Instead of rewriting every app that calls that API, you inject a data plane rule that rewrites the token in-flight. That’s “supporting bespoke application requirements.” It just means you can bend the network logic to fit the weird shape of the app.
Now, that’s (data plane programmability) the capability most folks talk about when the benefits of programmability “in the network” come up. But control plane programmability is just as important.
You know, that’s the APIs that let you manage, operate, and otherwise interact with application delivery and security infrastructure. They’re what more than 50% of organizations use to automate operations to accelerate the deployment and management of everything from load balancers to web application firewalls to API and, more recently, AI security services. Those are things like iControl and FAST and every cloud API out there.
When it comes to scaling and securing all the AI agents and apps you’re starting to deploy, both data and control plane programmability are going to be paramount to your success. Because at scale, static configuration and manual operations simply can’t keep up with the velocity or risk surface of AI-driven systems. Programmability is what breaks that bottleneck.
Why programmability is vital to scaling and securing AI
When you start deploying AI agents and AI-backed applications at any real scale, the old way of managing infrastructure (you know, static configs and human in the loop automation) collapses under its own weight. Things move too fast. Programmability isn’t just helpful; it’s the only way you stay ahead of the chaos.
AI blows up your change rate. Agents come and go, APIs shift, traffic patterns mutate by the hour. Data plane programmability gives you the ability to keep up in real time without waiting on code pushes or release cycles. Meanwhile, control plane programmability lets you orchestrate it all from the top down. Instead of humans scrambling through YAML, your systems can automatically register new agents, push security policies, and reroute traffic as the environment shifts.
And then there’s security. Every new agent is another attack surface, another trust decision that has to be made fast and enforced everywhere. Programmable data planes let you embed security controls directly into the traffic path. Programmability can manage mTLS, WAF rules, and token handling without touching the application. The control plane can then act as the brain, automating those trust decisions, revoking credentials, isolating misbehaving agents, and rotating certs without waiting on human hands.
Data plane programmability becomes even more critical in AI-driven systems because so much of the real decision-making is embedded in the payload itself. These aren’t just payloads moving from point A to B anymore. AI agent traffic carries policies, instructions, and behavioral triggers right alongside the data.
That means command and control has to happen in context, not after the fact in some control-plane dashboard. You can’t wait for a central controller to notice something’s off and push a new config because by the time it does, the bad instruction has already propagated. The data plane has to be smart enough to inspect, interpret, and act on those policies in-flight.
In short, the control plane sets the intent, but the data plane enforces reality. If you don’t have programmability in the data path itself, all that policy just rides along as decorative metadata and your “control” never actually controls anything.
On a small scale, you can fake it with scripts and manual reviews. Once you have dozens or hundreds of AI-driven components, you can’t. Programmable data planes are your precision tools. Programmable control planes are your command structure. Without both, the whole system eventually outruns your ability to govern it.
That’s why we believe programmability must be a key capability in any modern application delivery and security platform. Because without it, you’re stuck with static policy in a dynamic world and that’s not control, that’s wishful thinking.
About the Author
Related Blog Posts
Programmability is the only way control survives at AI scale
Learn why data and control plane programmability are crucial for scaling and securing AI-driven systems, ensuring real-time control in a fast-changing environment.
The top five tech trends to watch in 2026
Explore the top tech trends of 2026, where inference dominates AI, from cost centers and edge deployment to governance, IaaS, and agentic AI interaction loops.
Managing context windows in AI isn’t magic. It’s architecture.
Discover why AI app builders must manage context, memory, and infrastructure while evolving delivery and security to prevent drift, latency, and prompt attacks.