F5 took advantage of its AppWorld event to unveil a new batch of security capabilities within its Application Delivery and Security Platform (ADSP), with a message very aligned with the current market moment: companies need to protect distributed applications, APIs, and AI workloads without continuing to accumulate disconnected tools. The company discusses a strategy that combines AI-driven protection, Zero Trust controls, and preparedness for post-quantum cryptography in hybrid and multicloud environments.
The core concept is straightforward to understand. As organizations distribute applications across data centers, multiple clouds, edge locations, and SaaS services, security can no longer rely on a single perimeter. In this context, F5 promotes ADSP as a unified layer to deliver and secure modern applications, including AI, reducing fragmentation among observability, WAF, secure access, bot defense, and API security. The announcement was made alongside another platform update focused on observability and operations, introducing F5 Insight for ADSP as a component for visibility and analytics.
One of the most striking new features is F5 AI Remediate. According to F5, this function aims to bridge the gap between detecting vulnerabilities in AI models with F5 AI Red Team and deploying runtime protections via F5 AI Guardrails. The goal is to automate the creation, optimization, and validation of guardrail packages focused on specific risks, enabling security teams to bring protections into production with human approval and without the need to redo repetitive tasks each time. On paper, F5 seeks to move from diagnosis to validated mitigation with less operational friction.
An additional update involves F5 Distributed Cloud WAF, now enhanced with AI-powered risk scoring and more outcome-oriented blocking policies. F5 claims this layer aims to reduce manual tuning of signatures and exceptions—often a challenge for organizations managing large application portfolios across on-premises hardware, virtual environments, SaaS, and container deployments. This promise of less manual fine-tuning and more multilayer analysis is a recurring theme in the WAAP market, but F5 positions it within a broader narrative: faster protection without increasing false positives.
Security for the agent era
Another key aspect of the announcement is the evolution of F5 Distributed Cloud Bot Defense. The focus is no longer only on differentiating humans from bots but now includes distinguishing between persons, bots, and AI agents. F5 states that the platform will provide improved visibility into application traffic and ensure that only trustworthy and verifiable AI agents interact with protected services, blocking malicious or unruly automation. This aligns with a growing concern: as agents operate over e-commerce, APIs, and internal applications, security can no longer treat all automation uniformly.
This approach is not isolated. In a technical blog published on March 11, F5 previewed that BIG-IP v21.1, expected soon, will expand traffic protection with Model Context Protocol (MCP), including WAF inspection for risks such as tool poisoning, secret exposure, injections, and session persistence for MCP flows. It also anticipates Dynamic Client Registration in BIG-IP Zero Trust Access, enabling agents or applications to securely register with the authorization server when creating new sessions or clients. This indicates F5’s intent to bring AI security from conceptual strategies into concrete traffic and authorization mechanisms.
BIG-IP APM rebrands and API security gains flexibility
Parallel to this, F5 is repositioning BIG-IP Access Policy Manager (APM) as BIG-IP Zero Trust Access. This is more than a branding change; the company emphasizes its role as a zero trust application access platform for modern, SaaS, cloud, and legacy applications, with continuous validation based on identity and context. F5 tries to differentiate it from purely SaaS ZTNA offerings by maintaining hybrid support for Identity Aware Proxy, SSL VPN, and IPsec VPN within the same family.
API security also gains prominence. F5 announced new options in Distributed Cloud API Security for out-of-band discovery across multiple data planes, including BIG-IP, NGINX, Kong, and Apigee, along with an on-premises deployment option suitable for highly regulated or air-gapped environments. This reflects a real market need: organizations want visibility and control over APIs without necessarily relying on external connections or purely SaaS architectures. F5’s strategy is to provide this coverage without forcing a complete infrastructure overhaul.
Once again, the BIG-IP v21.1 technical blog sheds light on the direction. F5 revealed that BIG-IP Advanced WAF will add protection for HTTP/3 traffic and support for APIs defined with OpenAPI 3.1. It will incorporate endpoint learning and security requirements to block non-conforming requests, thus making the promise of “modern security” more tangible.
Post-quantum: from futuristic rhetoric to crypto-agility
The third major aspect of the announcement addresses preparedness for the post-quantum era. F5 discusses a crypto-agile architecture supporting hybrid TLS cipher groups as a practical step toward quantum resistance without breaking compatibility with current cryptographic flows. This is no longer theoretical: in August 2024, NIST approved three post-quantum cryptography standards: FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA), providing a clearer framework for transition.
F5’s efforts align with this progress. In the preview of BIG-IP v21.1, the company notes that support was already added in v17.5.0 for X25519_ML-KEM-768 in TLS 1.3. The new version will introduce two post-quantum cipher groups aligned with NIST standards: SecP256r1ML-KEM-768 and SecP384r1ML-KEM-1024. Furthermore, BIG-IP Zero Trust Access will feature quantum-resistant TLS/SSL VPN tunnels supporting X25519 + ML-KEM-768. In other words, F5 is actively translating post-quantum threats into concrete access and delivery components.
Overall, F5’s announcements reflect a clear strategic direction: fewer isolated products and a unified platform to secure applications, APIs, and AI workloads in distributed environments. It remains to be seen how much of this vision translates into actual adoption and how much depends on future roadmaps and releases, like several features scheduled for BIG-IP v21.1. Nonetheless, the movement clearly aligns with market trends: more operational AI security, broader Zero Trust beyond traditional remote access, and a recognition of post-quantum cryptography as a transition plan rather than a future concept.
Frequent Questions
What did F5 announce at AppWorld 2026?
F5 introduced new security capabilities within its Application Delivery and Security Platform (ADSP), including AI Remediate, enhancements to Distributed Cloud WAF, new features in Bot Defense, additional options for API Security, an evolution of BIG-IP APM toward BIG-IP Zero Trust Access, and preparations for post-quantum cryptography.
What is F5 AI Remediate?
It’s a new feature aiming to automate the transition from detecting vulnerabilities in AI models with F5 AI Red Team to deploying validated runtime protections via F5 AI Guardrails.
What changes with BIG-IP Zero Trust Access?
F5 is repositioning BIG-IP APM as BIG-IP Zero Trust Access, emphasizing its role in providing continuous zero trust access for modern, SaaS, cloud, and legacy applications, based on identity and context validation.
How does this relate to post-quantum cryptography?
F5 is strengthening ADSP and BIG-IP with support for hybrid cipher groups and new options aligned with NIST’s post-quantum standards, such as ML-KEM. BIG-IP v21.1 will add new quantum-resistant cipher groups and support for VPNs resilient to quantum threats.
via: f5