F5 Advances Security For The AI Era And The Post‑Quantum One Coming Next

F5 expanded application and API security within ADSP because as F5’s Joel Moses put it, the industry’s “all gas, no breaks” approach to AI is raising serious concerns about safety and security, the company revealed at AppWorld 2026.

Artificial intelligence (AI), machine learning and modern computer technologies concepts. Business, Technology, Internet and network concept.

F5 sharpened its focus on application and API security across its flagship application delivery and security platform (ADSP) at AppWorld 2026 to help enterprises secure distributed applications in the age of AI and to prepare for emerging post-quantum risks.

“I do think that we’re running really fast in the AI space right now. It’s kind of an all gas, no breaks scenario going on, which doesn’t instill a lot of confidence in the safety of some of these things,” Joel Moses, vice president of strategic engineering and CTO of platforms and systems for F5, told CRN. “I sometimes worry that if we rush too quickly into something with such a huge blast radius that that we are not going to understand the impacts until they’ve already occurred.”

It’s why enterprises need dynamic, programmable platforms to respond to emerging threats, he said.

[Related: F5 To Acquire CalypsoAI For GenAI Security Push]

New to the F5 ADSP that was announced on Wednesday at AppWorld 2026 is F5 AI Remediate, a feature that closes the gap between identifying AI model vulnerabilities with the F5 AI Red Team offering and enforcing validated runtime protections with F5’s AI Guardrails. AI Remediate can help automate the creation, optimization, and validation of targeted guardrail packages. As part of the ADSP, AI Remediate helps organizations reduce exposure quickly without disrupting live AI applications and eliminating repetitive tasks, the company said.

AI remediate, a malleable new feature, will allow partners to construct new services offerings around it, such as model vulnerability management, Moses said.

“That’s definitely a role for partners to play, and they can get substantial value out of that,” he said. “One of the reasons I came to F5 is that the existing platform that they had was highly dynamic and programmable and I think in the era of fast expanding technologies and rapidly emerging threats, the platform that is the most programmable will eventually win.”

F5 also took to the event to showcase the latest release of its F5 Distributed Cloud WAF offering, now with AI-powered risk scoring and the ability to change once manual processes into automated protections using outcome-based blocking policies across clouds on-premises and edge locations, the company said.

Enterprises are taking API security much more seriously right now, especially as AI models have become an attack surface, F5 President and CEO François Locoh-Donou told CRN during AppWorld 2026.

“Customers realize that anytime an AI application calls an AI model, or anytime an AI agent is going to call a tool, it’s an API that’s doing the work, so knowing where all their APIs are, knowing whether their APIs are configured properly and the data flowing in and out of these APIs are right, all of these issues around securing APIs have become really more important for customers in the last couple of years,” he said.

Enterprises on average have seven AI models in production, and every model itself has vulnerabilities, Locoh-Donou added.

All customers that solution provider giant WWT are working with today are looking at AI and digital transformation, said Chris Konrad, vice president of global cyber for F5 partner WWT. While cybersecurity, AI and digital transformation were once separate business concerns, they can’t be siloed conversations any longer, he said.

“Most of our customers are facing challenges around infrastructure modernization [and] where F5 comes in is helping with that through secure applications and scalable solutions that can deploy those AI workloads that many of our customers struggle with,” he said. “With F5 we are, from a partnership standpoint, serving as strategic advisors for AI infrastructure and that whole modernization campaign — it goes beyond just implementation [to include] AI data processing, secure API services. We can really help move people fast from pilot to production.”

Agentic AI Security

On the agentic AI front, F5 is introducing new capabilities within its F5 Distributed Cloud Bot Defense offering, part of its Distributed Cloud Services suite, aimed at addressing the emerging challenges of AI-driven automation, F5 said. Distributed Cloud Bot Defense now offers deeper visibility across application traffic to more clearly delineate between humans, bots, and AI agents. This makes it so that trusted, verifiable AI agents are allowed to interact with applications while other activity is blocked via unified governance and consistent policy controls for human, bot, and AI agent interactions, the company said.

ADSP also now integrates F5 Distributed Cloud Web App Scanning with F5 BIG-IP Advanced WAF, which F5 said provides scalable, automated vulnerability detection for BIG-IP customers.