I recently met with a financial services firm that’s working to automate everything from executing trades to performing analysis at scale. And to do that, the firm is planning to deploy 100,000 AI agents—five times the number of employees who work for the company.
And they aren’t alone. Many companies encompassing a variety of industries are turning to AI to improve business efficiency.
This dramatic increase in the use of AI is going to have profound implications on how organizations secure their environments. I often tell enterprises that they can’t simply secure just a single aspect of their AI infrastructure. Enterprise AI requires a new architecture, which, in turn, necessitates a new security model that protects infrastructure and workloads across the full, end-to-end AI journey.
“By securing the new control points, organizations can make enterprise AI safer, faster, and more reliable at scale.”
So where exactly should security be applied? To better protect their AI architecture, organizations need to secure the emerging control points along the AI pathway.
Here’s a simple way to understand that path: The prompt hits an application first. That’s what we’ll call ingress. From there, workflows assemble context, call internal APIs and coordinate agents. The enriched prompt then moves to the model layer, where inference converts it into tokens, and those tokens become outcomes that travel back to the user.
This is the new supply chain of value, and I’ll show you how F5 is helping secure critical control points along the way.
Where it all starts: The prompt
The AI journey begins with a prompt, which is the first interaction point between the outside world and the AI system. A prompt might come from a user query entered into a chat interface, an API call, or a machine-generated event. The prompt itself may contain natural language, structured or system instructions, or consist of photo, audio, or video inputs.
Ingress: The prompt enters the system
Prompts enter your AI infrastructure through the ingress layer, which is the first line of defense and traffic management for the AI system, where inspection, policy enforcement, sanitization, and traffic routing come together.
This is the front door. And here’s the thing: the visitors knocking on that door aren't just humans anymore. They also include automated adversarial systems powered by AI to bypass endpoint security and traditional WAF protections and target data and application security systems.
AI-powered attackers can now generate novel payloads on the fly. If threat actors can learn and pivot in real time, your defenses also need to do the same.
That's why F5 is developing a new generation of WAF solutions powered by a neural network built from the ground up, trained on real-life, live attack data to detect and respond to threats without reliance on prior signatures or static WAF rules. We’re building defense systems that can learn and adapt in real time, with AI-powered capabilities that can identify new attacks and take action immediately.
The results we've seen from our internal tests are significant—catching zero-day attacks without pre-existing definitions, with false positive rates dropping from 28% to 1%, and out-of-box accuracy jumping from 64% to 98%. This isn't a traditional WAF. It's something fundamentally different, and we’re bringing it to F5 Distributed Cloud Services and other parts of the F5 Application Delivery and Security Platform (ADSP).
Workflows: Prompts become actions
A prompt is typically enriched with additional context to generate helpful outputs, and this is derived from workflows that connect data sources, applications, agents, and APIs. These workflows also introduce significant security vulnerabilities, including insecure output handling, data leakage, and other threats that are difficult to detect due to system complexity and limited observability.
Because new threats emerge daily, organizations need to secure and govern AI workflows across every environment, with layered protections that work together seamlessly to defend against complex, AI-driven attacks. And that is exactly what we’re offering. F5 AI Red Team provides automated, multi-step adversarial testing, working in tandem with F5 AI Guardrails to ensure that AI systems operate securely and responsibly within defined boundaries. When these solutions identify a weakness, F5 AI Remediate automatically turns prioritized adversarial findings into validated, optimized runtime protections.
The real value of these interlinked solutions isn't just faster detection. It's shrinking the time between finding a vulnerability and fixing it. When risk discovery flows directly into risk mitigation, you've fundamentally changed the AI security equation.
Inference: Tokens become value
The enriched prompt, now converted into numeric tokens, then reaches the trained model. Here the tokens are processed through a series of probabilistic calculations that perform classification or reasoning tasks, evaluate probabilities, make predictions, and generate outcomes.
Tokens represent the cost of running AI, and are governed by five variables: throughput, time to first token, cost per token, latency, and tokens per watt. For each of these, energy is the ultimate constraint. If your AI infrastructure is not optimized, you're burning power and destroying margins. In AI, performance is economics, and economics is leverage.
This is where F5 helps change the narrative by ensuring AI data and workloads are processed and transported with minimal latency and power consumption, reducing operational costs and promoting efficient AI factory scaling. By offloading energy-hungry networking, management, and security tasks to high-efficiency DPUs, modern AI architectures based on F5 and NVIDIA technologies enable data pre-processing with minimal latency and power consumption before inference requests ever reach resource-intensive GPUs.
Organizations that have deployed this joint solution are seeing up to a 40% increase in token throughput, a 61% reduction in time to first token, and a 34% improvement in response time—verified by independent testing from The Tolly Group. That's the kind of transformation that comes from understanding that AI factories need to be programmable and governable, not just fast.
Pursuing AI initiatives with confidence
The reality is that AI innovation requires solid, adaptable architecture. By understanding and securing the new control points organizations can make enterprise AI safer, faster, and more reliable at scale.
F5 led the charge in protecting IT architecture during the internet and the cloud eras. Now, as enterprise architecture is again evolving with AI, F5 ADSP offers a converged platform designed to help organizations protect their data, models, and systems across the entire AI journey, with defenses that can learn, adapt, and respond immediately to real-time threats.
To learn more, I encourage you to visit our AI security solutions webpage.
About the Author

Kunal Anand leads the F5 product organization as Chief Product Officer. Responsible for product vision, strategy, and execution, he ensures development of breakthrough solutions that solve critical challenges and create exceptional experiences for customers. In his previous role as Chief Technology and AI Officer, Kunal charted the company’s technology and AI strategy and vision. Prior to F5, Kunal held the dual role of Chief Technology Officer and Chief Information Security Officer at Imperva. His journey to Imperva began in 2018 with the acquisition of Prevoty, an application security startup he co-founded in 2013. Before joining Prevoty, he was the Director of Technology at BBC Worldwide. Kunal has a deep history of innovation and technical expertise, and has held roles leading security, data, technology, and engineering teams at Gravity, MySpace, and the NASA Jet Propulsion Lab. Kunal has over 15 years of experience in AI and machine learning, ranging from model training, employing AI-driven algorithms to enhance products, and designing and implementing AI architectures. Kunal holds a Bachelor of Science degree in computer science from Babson College.
More blogs by Kunal AnandRelated Blog Posts

Securing the new control points in the AI journey
AI architecture is fundamentally different than traditional IT environments and requires a different security strategy to protect critical AI workloads.

The patch window has closed. Here is how F5 is built for what comes next.
As AI models have changed software security, the industry needs to adapt.

Best practices for optimizing AI infrastructure at scale
Optimizing AI infrastructure isn’t about chasing peak performance benchmarks. It’s about designing for stability, resiliency, security, and operational clarity

Datos Insights: Securing APIs and multicloud in financial services
New threat analysis from Datos Insights highlights actionable recommendations for API and web application security in the financial services sector

Secrets to scaling AI-ready, secure SaaS
Learn how secure SaaS scales with application delivery, security, observability, and XOps.

How AI inference changes application delivery
Learn how AI inference reshapes application delivery by redefining performance, availability, and reliability, and why traditional approaches no longer suffice.
