The Fontainebleau resort and casino in Las Vegas played host to F5 AppWorld 2025 this month as IT and security leaders gathered alongside other technology engineers and business professionals to take it all in. As a company known widely for its security-focused work in the realm of Application Delivery Controller (ADC) technology, F5 was keen to explain how its platform proposition has now been engineered to align with systems and network protection for the AI-empowered era. But what is an ADC and what happens next in this space?
Application Delivery Controllers
ADC technology has been through a number of evolutions. Application Delivery Controllers started as network-based purpose-built hardware appliances to provide load-balancing functionality. These were followed by a second era of application-neutral software-based ADCs that would act as a virtual server and allow access to applications as and when instructed. This means we can explain an ADC as a network device to oversee the way client machines connect to web-based and cloud-based enterprise application servers. The third era of ADC technology is based upon the virtualisation and abstraction principles of the cloud model even more directly.
“Virtual editions of application delivery services have the same breadth of features as those that run on purpose-built hardware and remove much of the complexity from moving application services between virtual, cloud and hybrid environments. They allow organisations to quickly and easily spin-up application services in private or public cloud environments,” states F5, on its DevCentral pages.
With the rush to deploy AI-powered applications, F5 says that enterprises today are poorly equipped to secure and deliver these enterprise apps and cope with the massive amounts of data they process through complex traffic patterns. This “predicament” then (so suggests F5) validates the need for the new (third era 3.0) of ADCs, which must be (and have been) engineered to support hybrid multi-cloud infrastructures, with API security, networking and AI gateway capabilities.
What’s in a name? The company’s F5 name brand is borrowed from the highest-intensity tornado on the Fujita scale. The suggestion here being: when faced with a tornado (of application vulnerabilities) pick the brand strong enough to work at the ferocious end of the spectrum.
A transformed technology portfolio
“The rise of AI and modern applications demands a fundamental rethinking of application security and delivery. Traditional approaches fall short in managing today’s complex, distributed systems. Organisations need solutions that provide consistency, flexibility and complete visibility across their IT landscape. F5 has transformed our technology portfolio to meet these challenges head-on, enabling our customers to confidently secure and deliver advanced digital experiences,” said Kunal Anand, chief innovation officer, F5.
Anand and team used the F5 AppWorld conference to talk about the way infrastructure (or we could say security infrastructure) has changed over the past 25 years on its journey from on-premises datacentres and monolithic applications (secured by basic rule-based WAF and DoS protection) to today’s public cloud environments with microservices and container-based applications.
“It’s a world where a more comprehensive approach to security that includes API protection and bot defence also needs to be prevalent,” said Anand, before pointing the fact that we’re now entering the AI era in computing environments where hybrid multi-cloud is the norm. Applications that reside across what are now highly topographies will need a deeper and more powerful set of security capabilities that protect against increasingly complex threats.
We created the ADC category
Anand’s CIO session ran in concert with the general session keynote from François Locoh-Donou in his role as president and CEO. The two F5 figureheads gave way to the solution keynote from Aparna Rayasam in her role as SVP and head of engineering with a session titled Uncovering the Growing Threats to Your Digital Domain.
Rayasam echoed one of the core F5 mantras i.e. that the company “created the ADC category” and now looks to use its engineering DNA in this space to align what is now a family of technologies in this space to serve the cloud AI era.
Zeus Kerravala, founder and principal analyst at ZK Research backs up the need for reinvention in the infrastructure security space and agrees that enterprise applications have become more dynamic and more distributed – and, crucially, this trend is expected to continue as AI becomes more ubiquitous throughout the enterprise.
“As the nature of applications has changed, the ADC naturally needs to evolve as well. The need for robust load balancing and application delivery techniques combined with robust security features that protect data at the application and API level is critical as we enter the era of AI. F5 has been a proven leader in this space and the company’s vision appears to meet the stringent delivery and security requirements that will be ever present in the AI era,” said Kerravala.
F5 Application Delivery & Security Platform
Centralising on this show’s main product announcement, Locoh-Donou and team used the keynote address period to detail the newly introduced F5 Application Delivery and Security Platform. This is an Application Delivery Controller (ADC) offering that fully converges high-performance load balancing and traffic management with advanced app and API security capabilities into a single platform for the era of ADC 3.0 i.e. it is purpose-built to meet the demands of modern apps.
“AI is accelerating innovation, but also intensifying the high costs, crushing complexity, and escalating cyber risks that have IT and security teams in crisis,” said Locoh-Donou. “F5 stands alone in its ability to address the challenges of hybrid multi-cloud architectures. The F5 Application Delivery and Security Platform represents a giant leap forward for organisations, enabling them to overcome complexity and unlock the full potential of AI.”
F5’s 2025 State of Application Strategy Report suggests that as many as 96% of organisations are deploying AI models. Further, says F5, the company estimates that within three years, 80% of all apps will be AI-enabled. But, states Locoh-Donou and team, despite the fact that AI is here, but most enterprises are ill-equipped to handle the massive amounts of data, complex traffic patterns and new attack vectors that are inherent in AI applications. The company says that the F5 Application Delivery and Security Platform has been built to address these challenges.
It provides delivery and security for all enterprise applications in a single platform that simplifies management for IT and security teams. It can straddle deployment anywhere in any “form factor” (a term used here to mean not just any device shape, but any environment from on-premises to SaaS public cloud and outward to the containerisation landscape of Kubernetes and outward to the edge compute space as well) to run seamlessly across today’s diverse IT environments. There is single policy unified management across all locations here to reduce complexity and improve efficiency. The platform offers analytics to assess (and manage and improve) network system performance and strengthen app security by doing so. It is also characterised by the nature of its fully programmable data planes that enable automated deployment and custom functionality so organisations can effectively adapt to changing needs. Last but not least, we should also note the platform’s capabilities in full lifecycle automation, a functionality that enables networking and security operations teams to perform maintenance tasks without drowning.
“AI is driving innovation while exposing businesses to unprecedented levels of complexity and risk,” said Christopher Rodriguez, research director for cybersecurity and trust at IDC. “The convergence of application delivery and security capabilities will be indispensable for companies striving to stay ahead in this rapidly evolving landscape.”
Looking to where it will now need to apply application security through ADC controls, F5 says that it is aware of AI applications now making larger and more frequent requests of enterprise data stores and AI models often housed in so-called AI factories… a space that it has identified as a key zone for robust reinforcement and protection due to the high-performance load balancing needed through what are complex data traffic patterns that need to execute without latency.
What is an AI factory?
Did we say AI factory? Yes, we did… but what does this term mean?
“An AI factory is a massive storage, networking and computing investment serving high-volume, high-performance training and inference requirements. Within these factories, networks of servers, GPUs, data processing units (DPUs) and specialised hardware work in tandem to process vast amounts of data, executing complex algorithms that train AI models to achieve high levels of accuracy and efficiency,” explained senior global product marketing for AI at F5 Hunter Smit. “These infrastructures are meticulously designed to handle the immense computational power required for training large-scale models and deploying them for real-time inference.”
Why do AI factories need protection? We’re glad you asked… it’s because AI cybersecurity threats such as model theft, training data poisoning and prompt injection are all real today.
NOTE: The F5 definition of an AI factory differs only slightly from that provided by the European Parliament Think Tank – “AI factories bring together three essential components: supercomputers, data and human capital – but the central meaning and reality of massive compute & connectivity is very real.
To serve this space, F5 recently introduced a new AI reference architecture designed to organise AI/ML workflows into seven core building blocks, offering guidance and best practices for security, application traffic management and platform optimisation. It also includes critical considerations such as F5’s Application Delivery Top 10 challenges, OWASP LLM’s Top 10 security risks and various deployment models. F5 AI Gateway is now generally available to organisations looking to streamline interactions between applications, APIs and large language models (LLMs) and drive wider enterprise AI adoption. This containerised software offering optimises performance, observability and protection capabilities.
Partnership protection promulgation
As the company now works to extend its AI reference architecture outwards and further engineer it to the AI ADC space, the company is working with its key partner roster to develop technology services that work at a number of levels. Today then, F5 states that it facilitates the integration of seven AI building blocks across hybrid and multi-cloud environments. As such, the company has detailed partnerships with a number of companies to support customer AI projects.
Working with the capitalisation enthusiasts at GPU specialist Nvidia, F5 says it will now aim to fuel AI application delivery for enterprises (and service providers alike) using Nvidia Bluefield-3 DPUs. This datacentre infrastructure chip from Nvidia combines compute power, high-speed networking and system-level programmability for software-defined, hardware-accelerated IT infrastructures for cloud-to-edge computing deployments.
The company has also worked with Intel on data and storage for AI services, collaborated with NetApp on streamlining large language model deployments and worked with MinIO to enhance AI workloads with high-performance object storage. Last but not least, F5 has teamed with French web hosting and cloud services company OVHcloud to help engineer advanced multi-cloud application security.
Takeaway taste?
After a couple of days working closely with a company at a technology conference, there’s always a kind of “taste in the mouth” feel that you get from being exposed to so many of a technology vendor’s core messages and platform propositions. Some big database companies leave you feeling a little used up and worn out, while other data platform players leave you feeling positively warm and closer to their DNA and raison d’être. Some big players make you feel like you’re a minion in the shadow of the behemoth, yet some heavyweights (a well-known cloud services company with a history in book sales for example) come across as surprisingly accessible and engaging.
The takeaway “taste” with F5 is a mixed but largely positive experience i.e. this is a company that clearly knows a good proportion of technical users will think of the F5 of a decade ago when it was a solid enough security firm, but one that was focused on securing web and still-emerging cloud technologies. The F5 of today is an enterprise that appears to have worked hard to reimagine and reposition itself for the post-cloud era with an absolutely innate appreciation for (and competency with) the world of AI applications and the need to shoulder the data complexities within. There’s a little more swagger now, almost as if the company took its time before wanting to look good when showcasing its wares on the big stage in the way it has done this year. That being said, the firm is still enough down-to-earth geek-chic to see company CEO François Locoh-Donou sporting his casual look while on stage and mingling with attendees.
Named after a tornado scale or not, Yahoo! Finance this year says that F5 has managed to grow earnings per share (EPS) by 23% per year over three years. Top all that with the fact that Locoh-Donou co-founded Cajou Espoir, a cashew-processing facility in Togo (the name means cashew of hope) that employs a significant number of women in its workforce and it’s hard not to say that there are some positive moves here in terms of strengthening ADC controls for the AI age.
