F5 launches AI security platform, buys SurePath AI

F5 has launched the F5 AI Security Platform and acquired SurePath AI, adding the company's technology to the new offering.

The platform targets Chief Information Security Officers seeking oversight of AI applications, models, agents and the application programming interfaces connected to them. F5 is positioning it around continuous visibility, governance, testing and runtime protection for AI systems used within large organisations.

The acquisition adds SurePath AI's network-based discovery tools, which can identify approved and unapproved AI usage across an enterprise without direct integration into each application. That includes shadow AI, where staff use unauthorised AI tools or connect unsanctioned services to company systems.

Large companies face a growing range of AI-related security concerns as software agents gain the ability to authenticate, call tools, access data and take actions with limited human intervention. Risks include prompt injection, data leakage and agents acting beyond the scope intended by administrators.

F5 cited its 2026 State of Application Strategy report, which found that 88% of organisations reported at least one AI-related operational or security challenge. The report also found that 98% are preparing for agentic AI, suggesting demand for governance and oversight tools is rising as deployment expands.

Platform scope

The platform is designed for on-premises, air-gapped, private cloud, hybrid and public cloud environments. That focus reflects demand from regulated sectors, where data residency, sovereignty and operational controls limit how security tools can be deployed.

F5 has structured the offering around four areas: governance, discovery, security testing and runtime protection, with an observability layer spanning the whole system. In practice, organisations can set policy boundaries for prompts, outputs, tool use and data access while also tracking AI interactions and testing systems before production deployment.

SurePath AI's tools are intended to provide the discovery layer by analysing network traffic and classifying AI-related activity by use case and intent. That information can then feed into F5's existing AI Red Team and AI Guardrails products, which test for weaknesses and enforce protections at runtime.

The platform includes an audit trail across AI interactions, a feature likely to appeal to sectors with strict compliance requirements. SurePath AI's deployment model can also work through network redirects and out-of-band analysis, which may reduce the need for changes to existing application architecture.

Executive view

Kunal Anand outlined the company's case for a broader approach to AI security than consumer chatbot controls.

"Most AI security today is a wrapper around a chatbot. That is not security. Enterprises run AI inside regulated networks, behind APIs, and across agents that authenticate and act on their own. The F5 AI Security Platform gives CISOs and security leaders what they have been missing: continuous control over every model, agent, and API, wherever the AI runs, delivered on the same F5 platform that has secured and delivered enterprise applications for three decades," said Kunal Anand, Chief Product Officer, F5.

That framing points to a wider shift in cybersecurity spending as companies move from experimenting with public AI tools to embedding models and agents in internal processes. For vendors, the commercial opportunity lies not only in protecting models but also in monitoring usage, enforcing policy and tracing machine-led actions across networks.

F5 is already established in application delivery and security, and the launch extends that position into AI oversight. By adding SurePath AI's discovery technology, the company is seeking to address one of the main challenges facing security teams: identifying where AI is being used before trying to govern or secure it.

According to F5, its testing component can assess AI systems against more than 140,000 attack patterns, while its runtime controls are designed to block prompt injection, excessive agent autonomy and data leakage. The company also said independent testing showed up to 98.2% security efficacy for its guardrail approach.

The launch comes as security teams face pressure to enable AI adoption without losing visibility into how models and agents interact with sensitive systems. F5 said the platform is intended to provide "continuous control over every model, agent, and API, wherever the AI runs, delivered on the same F5 platform that has secured and delivered enterprise applications for three decades."