F5 acquires SurePath AI to anchor a new platform built for the security blind spot agents have opened
F5 used a single announcement to make two connected statements about where enterprise AI security is heading, unveiling its AI Security Platform alongside the acquisition of SurePath AI, a company built around network-based discovery of the unsanctioned AI tools that most security teams cannot currently see. The publicly listed application delivery and security company, trading on the NASDAQ as FFIV, framed the combination as an extension of its existing Application Delivery and Security Platform strategy into a category that has so far been served mostly by lightweight add-ons rather than infrastructure-grade controls. For a vendor that has spent three decades sitting in the traffic path between applications and the networks they run on, the logic is that the same vantage point now applies to models, agents, and the APIs threading them together.
The strategic weight of the announcement sits with SurePath AI rather than the platform packaging around it. Enterprises are confronting a visibility gap that conventional security tooling was never designed to close, because employees are quietly adopting AI tools and stitching together unsanctioned integrations faster than governance functions can catalogue them.
SurePath AI addresses this through network redirects and out-of-band analysis, an approach that detects AI usage, classifies the intent behind each workflow, and traces agent tool calls and connections to MCP servers without demanding direct integration into the applications themselves. That deployment model matters because it sidesteps the architectural friction that has slowed adoption of integration-dependent security products, and it gives F5 a data source that feeds the rest of the platform.
The scale of the underlying problem is what gives the acquisition its commercial rationale. F5 cited its own 2026 State of Application Strategy Report, which found that 88% of organisations reported at least one AI-related operational or security challenge, a figure that establishes shadow AI not as an edge case but as a near-universal condition. By acquiring the discovery layer rather than building it, F5 has compressed the time it would have taken to reach the unified visibility that the rest of its security stack depends on.
Why the agent threat reshapes the security conversation
The announcement leans heavily on a shift like what security teams are now defending against, and the argument is more pointed than the usual vendor messaging. AI systems now operate with more access, autonomy, and speed than even the most over-privileged human users, which means a prompt injection, a data leak, or an agent acting beyond its authorised scope can expose sensitive information and disrupt operations in ways that traditional identity and access controls were never built to contain. Kunal Anand, Chief Product Officer at F5, was sharply dismissive of the prevailing approach, arguing that most AI security today amounts to a wrapper around a chatbot and that this does not constitute security at all.
Anand grounded the critique in the operational reality of large enterprises, noting that they run AI inside regulated networks, behind APIs, and across agents that authenticate and act on their own, and that the platform is intended to give security leaders continuous control over every model, agent, and API regardless of where the AI runs. The framing draws a deliberate line between consumer-grade safety features and the infrastructure-level enforcement that regulated organisations require, and it reflects a broader contest among security vendors to define what enterprise AI protection should actually mean as the technology moves from experimentation into production.
A continuous loop replaces the one-time compliance check
The platform itself is structured around four integrated pillars and an observability layer, a design choice meant to replace point-in-time compliance exercises with a persistent security lifecycle. Governance translates risk tolerances, privacy requirements, and regulatory obligations into enforceable boundaries for prompts, outputs, tool use, and data access, while discovery, powered by the newly acquired SurePath AI capability, maintains continuous visibility into every application, agent, and tool call and classifies activity by use case so teams understand not only what is running but why. Security testing stress-tests systems against more than 140,000 attack patterns before they reach production, and runtime protection deploys guardrails defined in plain language at the point of interaction, where F5 reported up to 98.2% security efficacy in independent testing against threats including prompt injection and data leakage.
Deployment flexibility is the thread F5 has chosen to differentiate the offering, and it speaks directly to buyers in regulated sectors. The platform supports on-premises, air-gapped, private cloud, hybrid, and public cloud environments, which matters most to Chief Information Security Officers operating under exacting data residency and sovereignty requirements where moving AI workloads to a public cloud is not an available option. SurePath AI's lightweight network-based model reinforces that positioning by requiring no changes to existing application architectures, an attribute that lowers the barrier to deployment in precisely the environments where F5 has historically been entrenched.
The agentic wave is the timing argument
The urgency in F5's pitch rests on the trajectory of agentic AI, and the company's own research supplies the supporting evidence. The 2026 State of Application Strategy Report found that 98% of organisations are preparing for agentic AI, yet the pace of agent adoption is outrunning the controls meant to manage it, a mismatch that defines the window F5 is attempting to occupy. When agents can authenticate, call tools, access data, and take actions autonomously, the blast radius of a single misconfiguration or exploit expands in a way that static, perimeter-oriented defences cannot absorb.
That gap between adoption and control is the strategic space the acquisition is meant to claim. By embedding discovery at the network layer and connecting it to testing and runtime enforcement, F5 is betting that the enterprises racing toward agentic deployments will need a security model that watches AI behaviour continuously rather than auditing it after the fact, and the SurePath AI acquisition is the component that makes that continuous posture possible at the point where unsanctioned activity first becomes visible.
