Network and security teams managing enterprise applications face two emerging challenges: AI security and multi-cloud operations. F5 is addressing both with product announcements that extend its Application Delivery and Security Platform into AI runtime protection and multicloud managed services.

The company announced F5 AI Guardrails and F5 AI Red Team on January 14, following the January 13 launch of F5 NGINXaaS for Google Cloud. The AI security products came through F5’sacquisition of CalypsoAI in September 2025. NGINXaaS is a web-server-as-a-service offering that is now expanding beyond its initial Azure deployment in May 2025, with AWS support in development.

“We’ve never been a walled garden—we believe in meeting customers where they are and integrating with their existing stack, whether that stack is F5 products or other vendors,” Shawn Wormke, senior vice president of product management at F5, told Network World.

Why network security can’t protect AI systems

AI security requires a different approach than traditional network defenses. Web application firewalls (WAF) inspect HTTP requests for SQL injection. Intrusion detection systems analyze packet headers for known attack signatures. These tools operate at the packet and protocol level.

AI systems present a different attack surface. A malicious prompt that tricks a model into revealing training data looks like legitimate traffic at the network layer. Wormke explained that AI security is another layer of security just like WAF. Where it differs is that traditional security threats live in packets, whereas AI threats live in the words, prompts and context exchanged between users, models and agents.

“AI models can be manipulated into exposing sensitive data or generating harmful outputs impacting brand reputation and trust,” he said. “So you need a solution that’s purpose-built to secure and govern these new threats like prompt injection, new jailbreak techniques and model distillation.”

F5 AI Guardrails deploys as a proxy between users and AI models. Wormke describes it as being inserted as a proxy layer at the “front door” of AI interaction, between AI applications, users and agents. It intercepts prompts before they reach the model and analyzes outputs before they return to users. The system applies policy rules to actual content rather than transport-layer characteristics.

Policy enforcement covers several categories. Guardrails blocks prompts that attempt jailbreaks or injection attacks, scans outputs for sensitive data patterns, and enforces compliance requirements including GDPR and the EU AI Act.

Red Team automation creates continuous testing

AI Red Team automates adversarial testing against AI systems. It maintains a database of attack techniques that grows by 10,000 entries monthly as researchers discover new vulnerabilities.

Results from Red Team testing feed directly into Guardrails policies. When Red Team discovers a vulnerability pattern, security teams create corresponding guardrails to block similar attacks in production.

“It’s a very synergistic pairing wherein with AI Red Team you can send a team of agents to discover vulnerabilities in AI systems, and with AI Guardrails you can transform those insights into threat-informed defenses,” Wormke said.

NGINXaaS delivers enterprise load balancing as a managed service

F5 acquired NGINX back in 2019 and has been expanding the capabilities of the web server platform ever since.

NGINXaaS first became generally available on Microsoft Azure in 2023 and is now coming to Google Cloud. The Google Cloud expansion addresses customer demand for consistent tooling across cloud providers. “Customers have been asking for NGINXaaS across additional cloud platforms,” Wormke said. “Google Cloud was the next and now we are working with AWS.”

The service combines Layer 4 and Layer 7 load balancing with security and observability, available through Google Cloud Marketplace.

“NGINXaaS is built on the pedigree of the enterprise version of NGINX, NGINX Plus,” Wormke said. “It has open-source roots and will support your open-source configurations, but it gives you all the capabilities of commercial NGINX Plus.”

Wormke noted that those capabilities include visibility into over 240 deep application metrics, intelligent load balancing algorithms, traffic optimization, in-memory state sharing, AuthN & AuthZ and it’s ready to go F5 WAF for NGINX.

NGINX roadmap points toward AI-aware infrastructure

The NGINX project celebrated its 20th anniversary in October 2024 and is one of the most widely used web server and application delivery technologies. Beyond just the core web server, it is also used as a load balancer, reverse proxy, programmability layer, API Gateway, Ingress Controller and Kubernetes Gateway.

“It continues to power a significant portion of the internet and API traffic today,” Wormke said. “It is far more than the web server that many think open-source NGINX is.”

F5 continues development on both open-source NGINX and commercial versions. For instance, he noted that F5 recently announced Encrypted Client Hello (ECH) support for enhanced privacy as well as support for PQC (Post Quantum Cryptography). Looking forward, AI is going to play a big role in the future direction.

“We are evolving toward AI-aware application delivery and security to enable secure, scalable and performant, agentic AI operations,” he said.

SUBSCRIBE TO OUR NEWSLETTER

From our editors straight to your inbox

Get started by entering your email address below.