"As AI moves into applications, the security architecture has also changed. Application users may not be humans but software. We need to rethink security, delivery, identity and governance overall."

Kunachilan Nallapan (쿠나칠란 날라판), vice president of marketing for F5 Asia Pacific, China and Japan (APCJ), held a press briefing on June 23 at the F5 AppWorld Seoul 2026 event. He shared security threat trends changed by AI and the company’s response strategy based on its Application Delivery and Security Platform (ADSP).

He said the security environment is changing rapidly as hybrid and multi-cloud, AI-based application architectures, and a rise in security threats advanced by automation and agents converge.

He said large language models (LLMs) are creating a new attack surface. Attackers use AI to strike at machine speed, while companies defend at human speed, increasing risk, he said. As applications connect to models, AI-based decision systems, APIs and user experience, companies must secure consistent control capabilities across an increasingly distributed environment, he added.

Nallapan said an integrated approach to AI security requires coverage of three control points: the front door, orchestration and inference.

The front door is where external parties first meet a system. Nallapan said user prompts pass through a web application before reaching a model. That part is the first attack gateway.

An F5 survey showed web attacks were up 77 percent from a year earlier this year, and bot attacks rose 157 percent. Companies use multiple LLMs, and AI agents have also emerged as entities that use applications.

Nallapan said web application firewalls (WAFs) are based on known threats and static rules, limiting their ability to respond to such changes.

Attackers who create new payloads every second cannot be blocked with static rules, he said. If attacks happen in real time, defenses must also be real time, he added.

With that in mind, F5 redesigned its existing WAF architecture. It kept a foundation based on signatures, indicators of attack and risk intelligence, while building a new neural network layer trained on its own data.

Nallapan said the added neural network analyses behaviour in real time and makes security decisions in microseconds. It runs on CPUs without GPUs and can be executed at the edge, he said, describing it as AI defense that operates within the traffic path while maintaining response speed. He added that F5 Distributed Cloud WAF detected 10 zero-day attacks without signature updates. The false-positive rate fell to less than 1 percent from 28 percent, and detection accuracy rose to 98 percent from 64 percent, he said.

The second control point is the orchestration domain, where integration with internal systems occurs to add context to prompts.

To strengthen security in this area, F5 acquired Calypso AI last year and introduced 'F5 AI Red Team' and 'F5 AI Guardrails'. AI Red Team finds vulnerabilities, and Guardrails blocks information leaks. In March, F5 also unveiled 'AI Remediate', an AI security automation tool that automatically applies red team training results to guardrails to update policies without manual intervention.

The third control point Nallapan cited is the AI inference stage. About 50 trillion tokens are generated globally each day, he said. Optimisation is needed across five dimensions: tokens processed per second, time to first token, cost per token, end-to-end latency and power constraints. He said F5 is investing in networking, security and load-balancing capabilities to help enterprise AI scale efficiently across the latest AI factory architecture.

At the event, Nallapan announced that F5 acquired Sure Path AI, which detects shadow AI outside corporate management. He said the acquisition gives F5 an integrated AI security platform spanning guardrails, red team, AI Remediate and Sure Path AI.