Share with your CISO
F5 is betting that enterprise AI security has a visibility problem before it has a controls problem, and it’s acquiring SurePath AI to prove it. The F5 AI Security Platform combines network-based shadow AI discovery, automated red-teaming against 140,000 attack patterns, and runtime guardrails claiming 98.2% efficacy in independent testing. It runs across on-premises, air-gapped, and cloud environments, which matters for regulated industries where data can’t leave a defined perimeter. F5’s own 2026 survey puts 88% of organizations facing at least one AI-related security or operational failure already.
What this means for your business
The CISO who hasn’t mapped their shadow AI footprint is the primary audience here, and that’s most of them. Employees adopting unauthorized AI tools don’t file change requests, and most security stacks weren’t built to catch model-to-model API calls or MCP server connections, the lightweight links that let AI agents talk to external tools and data. If your organization is among the 98% F5 says is preparing for agentic AI, the gap between “preparing” and “governing” is exactly where this platform plants its flag.
F5’s framing, shaped by a vendor whose application delivery business depends on AI traffic flowing through its infrastructure, tilts toward positioning discovery as the hard part and governance as solvable once you can see what’s running. That’s a reasonable argument for brownfield enterprises with sprawling app estates, but it sidesteps the harder question of whether a network-layer observer can reliably classify intent behind encrypted, fragmented agent workflows. The 140,000 attack pattern claim and the 98.2% efficacy figure are the kind of numbers that need independent replication before a procurement team should treat them as benchmarks rather than marketing stakes.
The SurePath AI acquisition is the sharper signal here. Passive, out-of-band discovery requiring no application integration is a real differentiator if it works at scale, because it removes the political friction of asking every application owner to instrument their stack. CISOs evaluating this should pressure-test that claim specifically. If SurePath can surface shadow AI without touching application code, it solves a deployment problem that has killed competing governance tools before they got a foothold. That’s the falsification condition worth watching, not the platform’s feature count.
Concept deep-dive: Shadow AI
Shadow AI refers to AI tools, models, and integrations employees adopt without IT or security approval, the direct descendant of shadow IT but with higher stakes. Where unauthorized SaaS might leak a spreadsheet, an unsanctioned AI agent can authenticate to internal systems, call external APIs, and act autonomously on sensitive data before anyone notices. It exists because procurement cycles are slow and AI tools are fast to spin up. The business risk scales with how much access those tools can quietly accumulate.
Based on reporting from F5 launches AI Security Platform to uncover and secure shadow AI, originally published 2026-06-23 04:47:00.

