F5 launches AI Security Platform and acquires SurePath AI

F5 has launched the F5 AI Security Platform, a five-pillar enterprise AI security stack paired with the acquisition of SurePath AI, a Colorado-based AI discovery company. The launch follows the Linux Foundation Agent Name Service standard and the Pentagon Agent Network rollout, making it the third major agent governance move of the week. The combined F5 + SurePath AI pitch is the first vendor-consolidated answer to enterprise shadow AI security.

Shadow AI, the use of unauthorized AI tools that security teams cannot see, is the core problem the new F5 platform targets. SurePath AI deploys passively through network redirects and out-of-band analysis, detecting unauthorized activity and tracing agent tool calls and MCP server connections without touching existing application architectures. The passive approach is the same pattern that earlier network-discovery vendors used for cloud and SaaS governance, and it sidesteps the deployment friction that has slowed agent visibility tooling for the last 18 months. F5's own research states 98 percent of organizations are preparing for agentic AI, almost universally, but agent adoption is outpacing the controls designed to manage it, and 78 percent of organizations now run AI inference themselves with an average of seven AI models in production simultaneously. The gap between the 98 percent adoption curve and the 78 percent in-house inference curve is the gap the F5 platform is trying to close.

The F5 platform's five security pillars

The platform is built around five integrated components. AI Discovery maps every AI application, agent, and MCP tool call, whether approved or not, using the SurePath AI network-based detection layer. AI Security Testing stress-tests systems against more than 140,000 attack patterns, drawing on the F5 application delivery testing framework the vendor built for production traffic. AI Governance translates risk tolerances and regulatory requirements into enforceable boundaries for prompts, outputs, and data access, and is the closest fit to the governance checklist pattern that enterprise security teams have been writing off the back of the Forrester Identiverse recap and the enterprise AI governance checklist.

AI Runtime Protection delivers what the vendor describes as inline enforcement at the request and response layer, the same architectural slot as a web application firewall but for AI traffic. AI Data Protection addresses the data loss prevention side, which is the part of agent governance that has historically been the hardest to get right because the data flow goes through the model rather than the application. The five-pillar framing is the same shape Cisco, Palo Alto, and the cloud-native application protection platforms have adopted, and it is the shape enterprise procurement teams are now expecting to see in any agent security RFP. The order in which the five pillars are presented, with discovery first, testing second, and runtime last, is also the order in which enterprise security teams have been writing their own agent security playbooks, which means the F5 framework maps cleanly onto the existing procurement patterns and does not require a fresh internal taxonomy.

The platform extends F5's Application Delivery and Security Platform (ADSP) strategy into enterprise AI, supporting on-premises, air-gapped, cloud, and hybrid deployments. The on-premises and air-gapped support is the differentiator against cloud-native competitors, and the answer to the procurement teams in regulated industries who cannot run their agent traffic through a public cloud control plane. The F5 bet is that the same network equipment footprint that already terminates application traffic in every major enterprise is the right place to terminate agent traffic, and that the same vendor relationships that already cover load balancing, WAF, and API security are the right vendors to cover agent security. The vendor consolidation argument is the strongest procurement case, because it avoids the operational complexity of running five separate agent security tools in parallel with five separate application security tools.

The F5 bet on shadow AI security in 2026

F5 is not the only vendor racing to own the shadow AI visibility layer. Cisco, Palo Alto, Zscaler, and the cloud-native security platforms all have their own shadow AI products, and the network-based discovery pattern is the consensus architecture for the category. F5's move is differentiated by the combination of the SurePath AI acquisition, the on-premises support, and the integration with the ADSP control plane. The same network equipment that already terminates application traffic in every major enterprise is the control plane the F5 bet is anchored on, and the SurePath AI passive discovery layer is the visibility piece that the F5 platform was missing.

The timing also matters. The launch lands in a week that has already seen the Linux Foundation announce the Agent Name Service open standard, the Pentagon announce its Agent Network rollout, and a wave of secondary agent identity and governance launches from Cisco, AppViewX, and the rest of the agent IAM stack. F5 is positioning the F5 AI Security Platform as the operational enforcement layer that sits below the identity and governance frameworks, the same way that a WAF sits below the SSO and identity layer in a traditional application security stack. The same pattern that worked for application security, where identity sits at the top, governance in the middle, and runtime enforcement at the bottom, is the pattern the F5 team is betting on for agent security. The five-pillar product map is the implementation of that pattern.

The procurement implication for enterprise security teams is that the agent security RFPs that have been on hold waiting for a clear vendor landscape now have a real answer. The Linux Foundation Agent Name Service covers the identity and discovery standard layer, the Pentagon Agent Network rollout covers the public-sector case for portable agent identity, and the F5 platform covers the on-premises, regulated-industry, and shadow-AI discovery use case. The three pieces slot together into a procurement pattern that enterprise security teams can now write an RFP against. The full announcement is on the F5 platform launch coverage from Techzine dated June 22, 2026, and the SurePath AI acquisition is the second major agent security deal of the month. The first 12 months of the standard will tell whether the open federation model wins or whether the proprietary stacks pull the agent ecosystem into closed gardens.