F5 Strengthens Security Capabilities in the F5 Application Delivery and Security Platform

• Enhancements include cloud-native protection, web application scanning for LLM vulnerabilities, expanded API discovery tools, and enhanced client-side detection
• F5’s Application Delivery and Security Platform named to 2025 Vendor Vision Report from analyst firm EMA; singled out for robust AI-driven security architecture and API protection capabilities
• F5’s 2025 State of Application Strategy Report reveals expanded AI and API sprawl significantly impacts enterprise cybersecurity strategies

SEATTLE--(BUSINESS WIRE)-- F5 (NASDAQ: FFIV), the global leader in delivering and securing every app and API, today unveiled broad cybersecurity enhancements to the F5 Application Delivery and Security Platform (ADSP) that significantly improve organizations’ ability to identify and remediate vulnerabilities and threats to AI and other modern applications. These new enhancements enable enterprises to strengthen security for business-critical applications in an increasingly risky threat landscape. The F5 ADSP is the industry’s only platform that fully converges high-performance load balancing and traffic management with advanced app and API security capabilities.

The F5 ADSP is the most complete application security offering for enterprises looking to address the increasingly complex cybersecurity challenges inherent in today’s AI-driven hybrid multicloud world. Similar to Endpoint Protection Platforms (EPP) built to secure endpoints and Secure Access Service Edge (SASE) platforms built to secure network access, F5’s ADSP is built to consolidate disparate tools for securing apps and APIs into a single comprehensive platform, enabling organizations to simplify their security footprint while offering broader protection against enhanced threats.

New cybersecurity capabilities for the F5 ADSP include:

• Cloud-Native Protection with F5 NGINXaaS for Azure with NGINX App Protect: NGINX App Protect as an add-on to NGINXaaS (NGINX as a Service) is now available for Azure deployments. NGINX App Protect is a modern application security solution designed to provide robust protection against an array of threats, including sophisticated attacks, data breaches, and other malicious activities. By integrating NGINX App Protect with NGINXaaS, customers have access to advanced threat protection against modern threats such as the OWASP Top Ten vulnerabilities and zero-day attacks, real-time traffic inspection, and automated security policy management.
• Scan LLMs for Vulnerabilities: The F5 ADSP now features web app scanning functionality that has been purpose-built to scan for, identify, and assess security vulnerabilities in large language model (LLM) deployments. This new functionality enables organizations to scan LLMs and run penetration testing to uncover LLM-specific vulnerabilities that map to the OWASP Top Ten for LLM Applications.
• Expanded API Discovery Tools: APIs have become the connective tissue for most of today’s digital experiences, and the explosion of API use has made it difficult for security teams to keep pace. Unmonitored and unprotected APIs lead to substantial security exposure, opening organizations to threats such as injection attacks, data exfiltration, unauthorized access, and denial-of-service (DoS) attacks. F5 has expanded its powerful API discovery tools for use across the ADSP platform to include all F5 BIG-IP deployments, enabling organizations to get full API visibility for applications that utilize BIG-IP. This allows organizations to easily identify exposed APIs for applications in production, without having to migrate them to the F5 Distributed Cloud Console.
• Enhanced Client-Side Defense Capabilities for Greater Compliance: As threat actors search for new attack vectors, client-side browser-based attacks are becoming increasingly prevalent. The latest revision of the Payment Card Industry Data Security Standard (PCI DSS) v4.0 now requires businesses to have client-side protections deployed to mitigate the risks associated with data exfiltration and malicious JavaScript attacks. F5’s enhanced client-side defense capabilities bolster defense postures by delivering greater visibility into malicious scripts and the actions that they are taking—identifying risky scripts and where they send data.

“Security teams are in crisis as they deal with an expanded attack surface that is fueled by the explosion of APIs and the rise of LLMs and other generative AI tools. As applications become more data-intensive and distributed, the complexity of protecting them becomes even more daunting,” said Kunal Anand, Chief Innovation Officer at F5. “The F5 ADSP is purpose-built to tackle these challenges head-on with new security capabilities that empower CISOs and their teams with greater visibility into their threat exposure, an easier path to compliance, and a more robust defense posture that will allow them to secure every app, anywhere it’s deployed.”

F5 ADSP Featured as Visionary Cybersecurity Solution in 2025 EMA Vendor Vision Report

The F5 ADSP is featured in the 2025 Vendor Vision Report from analyst firm Enterprise Management Associates. The report identifies cybersecurity vendors that show exemplary vision in their product offerings, singling out “must see” solutions at the RSA Conference, taking place April 28–May 1 in San Francisco.

The EMA Vendor Vision Report highlights the vision behind the F5 ADSP, stating that the solution “represents a significant advancement in addressing the contemporary challenges of application security and management.”

“The platform’s robust Al-driven security architecture, particularly its comprehensive API protection, underscores F5’s commitment to proactive threat mitigation,” the report continues. “By integrating security measures throughout the application lifecycle, from development to runtime, F5 ensures a fortified defense against evolving cyber threats. This holistic approach, coupled with the platform’s sophisticated analytics, empowers organizations with actionable insights, enabling them to optimize resource allocation and enhance application performance.”

Additional details on the EMA Vendor Vision Report can be found in an F5 companion blog.

F5 2025 State of Application Strategy Report Reveals Explosion of Enterprise AI Adoption Fueling Cybersecurity Concerns, Impacting Tools and Strategies

F5 also released its 2025 State of Application Strategy (SOAS) Report. For more than a decade, the SOAS Report has compiled data from enterprises to reveal their biggest challenges for application delivery and security. The 2025 SOAS Report reveals data and trends around how enterprises are entrenched in hybrid multicloud environments; the biggest blockers and challenges inherent in enterprise AI adoption; and the impact of AI and API proliferation on application delivery and security strategies.

Key trends identified in the report include:

• The AI Explosion Fuels Cybersecurity Concerns: The report reveals that 96% of organizations are currently deploying AI models. As organizations rush to realize the benefits of AI, they also recognize growing cybersecurity challenges inherent in the distributed nature of AI apps. 96% of organizations reported having concerns about their ability to secure AI models. In fact, security is the number one concern about AI models, followed by cost of compute and performance.
• Enterprises are Increasingly Deploying AI Gateways: The report finds that AI gateway adoption has grown significantly, with 50% of organizations having deployed the technology in their environments.
• Generative AI Solves Pressing Need of Security Policy Maintenance: According to the report, more than half of respondents (51%) prioritize using generative AI to automatically adjust security policies, workflows, and configurations to respond to threats or new vulnerabilities. Only one-third (34%) consider it more valuable to explore and analyze security data using natural language.

Supporting Resources:

• Resource: 2025 State of Application Strategy Report
• Blog: F5 Research Shows AI Has Arrived and It’s Clashing with Manual IT Ops
• Media Alert: F5 2025 State of Application Strategy Report Reveals Talk Becomes Action as AI Gets to Work
• Resource: F5 Application Delivery and Security Platform
• Blog: Augmenting the Power of F5 NGINXaaS for Azure with One-Click WAF Protection
• Blog: F5 Distributed Cloud Web App Scanning: Safeguarding AI-Enabled Web Applications
• Resource: F5 Distributed Cloud Client-Side Defense
• Blog: F5 Distributed Cloud Client-Side Defense Prepares Customers for PCI DSS v4.0.1

About F5

F5, Inc. (NASDAQ: FFIV) is the global leader that delivers and secures every app. Backed by three decades of expertise, F5 has built the industry’s premier platform—F5 Application Delivery and Security Platform (ADSP)—to deliver and secure every app, every API, anywhere: on-premises, in the cloud, at the edge, and across hybrid multicloud environments. F5 is committed to innovating and partnering with the world’s largest and most advanced organizations to deliver fast, available, and secure digital experiences. Together, we help each other thrive and bring a better digital world to life.

For more information visit f5.com
Explore F5 Labs threat research at f5.com/labs
Follow to learn more about F5, our partners, and technologies: Blog | LinkedIn | X | YouTube | Instagram | Facebook

F5, NGINX, NGINXaaS, and BIG-IP are trademarks, service marks, or tradenames of F5, Inc., in the U.S. and other countries. All other product and company names herein may be trademarks of their respective owners.

Source: F5, Inc.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250422154658/en/

Dan Sorensen

F5

(650) 228-4842

d.sorensen@f5.com

Holly Lancaster

We. Communications

(415) 547-7054

hlancaster@wecommunications.com

Source: F5, Inc.

FAQ

What new security features has F5 (FFIV) added to its Application Delivery and Security Platform?

F5 added cloud-native protection via NGINXaaS for Azure, LLM vulnerability scanning, expanded API discovery tools, and enhanced client-side defense capabilities for PCI DSS v4.0 compliance.

How many organizations are deploying AI models according to F5's 2025 State of Application Strategy Report?

According to the report, 96% of organizations are currently deploying AI models, with security being their primary concern.

What percentage of organizations use AI gateways according to F5's latest report?

50% of organizations have deployed AI gateway technology in their environments.

How does F5's ADSP address API security challenges?

F5's ADSP includes expanded API discovery tools across all BIG-IP deployments, enabling full API visibility for applications in production without requiring migration to the F5 Distributed Cloud Console.

What is the primary use of generative AI in security according to F5's report?

51% of organizations prioritize using generative AI to automatically adjust security policies, workflows, and configurations in response to threats or new vulnerabilities.