F5 brings new visibility and AI controls to Big-IP, NGINX

F5 has built its business on application delivery and security across distributed environments.

At its AppWorld conference in Las Vegas this week, F5 announced a broad set of updates to its Application Delivery and Security Platform (ADSP). The platform provides a unified policy and management layer across F5’s three data plane products: Big-IP, NGINX, and Distributed Cloud.

The announcements include a new observability product called F5 Insight, AI-powered WAF risk scoring, a new AI security remediation tool, post-quantum cryptography support in BIG-IP v21.1, AI agent traffic visibility in NGINX, and an accelerated NGINX Gateway Fabric for customers navigating the Kubernetes ingress controller end-of-life.

“Our application delivery and security platform is really meant to help simplify operations and accelerate secure AI adoption, and ultimately help our customers have highly available and secure applications for their end users and their end customers,” Shawn Wormke, senior vice president and general manager at F5, told Network World.

F5 Insight grew out of a field team project

F5 Insight is a new observability and analytics product built into ADSP, initially targeting Big-IP deployments. Its origins are unusual for a commercial software release. Wormke said the product started as a project written by F5 field engineers who were helping customers solve end-to-end visibility problems.

“It got a lot of traction with our customers,” he said. “At this point, we’ve had over 400 customers who were demoing and using and giving feedback on the product.”

The demand came from a gap that general-purpose observability tools were not filling. Customers running tools like Datadog and New Relic told F5 they needed something different.

F5 Insight pulls from technology acquired through the Threat Stack and Fletch acquisitions and runs on F5’s AI data fabric. It includes an AI assistant trained on F5’s product knowledge base. Capabilities include explaining what an existing iRule does when pasted in or generating a new iRule from a natural language description. F5 Insight is generally available now as self-managed software for Big-IP. A SaaS delivery model is planned, and coverage will extend to NGINX and Distributed Cloud Services in future releases.

Big-IP v21.1 modernizes the control plane

The Big-IP application delivery controller (ADC) has long been at the foundation of F5’s technology stack. The new Big-IP v21.1 update addresses two areas: control plane scalability and post-quantum cryptography readiness. On the control plane side, customer automation requirements drove the work.

“Customers were relying more and more on automated workflows,” Wormke said. “They needed a control plane that could scale with it.”

The goal, he said, was to make sure F5 was not the bottleneck in customers’ automation strategies. The release introduces the Big-IP Declarative API, designed for customers running automation at scale across large or frequently changing environments. TMOS, the underlying Linux-based operating system for Big-IP, continues to be updated as part of the same modernization effort. Wormke noted that most customers run both hardware and software deployments depending on workload.

On the security side, v21.1 adds NIST-compliant post-quantum cryptography ciphers using hybrid TLS cipher groups, which allow organizations to enable PQC support while maintaining compatibility with existing cryptographic configurations. Big-IP Zero Trust Access, formerly Big-IP Access Policy Manager, gains quantum-resistant TLS and SSL VPN tunneling. Wormke said the intent is to give customers an on-ramp before Q-Day arrives.

F5 extends AI security

Security is also getting a boost with F5 adding AI-powered risk scoring to its Distributed Cloud WAF service.

The scoring delivers faster detection and classification of anomalies without requiring teams to manually tune individual rules. The system produces a contextual risk score of high, medium, or low, and teams can block based on those scores—rather than managing hundreds or thousands of individual WAF rules.

“The number of alerts it’s firing, the number of things that SecOps teams who manage these products have to deal with, is much lower,” Wormke said. “The alert fatigue has gone way down.”

On the remediation side, F5 is introducing AI Remediate to connect two existing products in its AI security portfolio. F5 AI Red Team, which came to F5 through the Calypso AI acquisition in fall 2025, tests AI models for vulnerabilities specific to a customer’s deployment. F5 AI Guardrails enforces runtime protections. AI Remediate sits between them, automating the creation of custom guardrail packages based on Red Team findings.

“They’re able to use Red Team to test their models, find the vulnerabilities that are custom to their use case, and then automatically create custom guardrails and deploy those into production,” Wormke said.

F5 is also updating Distributed Cloud Bot Defense to classify AI agents as a distinct traffic category alongside human users and conventional bots. The update targets automated abuse and impersonation attempts generated by AI agents, with only verified, trusted agents permitted through. Wormke described the visibility problem that the feature is meant to address.

“Is it a human? Is it a bot? Is it an agent? What exactly is interacting with my applications?” he said. “Once we’ve identified that, we can allow only trusted AI agents to interact with those things and block a lot of malicious activities.”

NGINX Gateway Fabric moves forward

Another big area that F5 is advancing is with NGINX, especially for cloud native Kubernetes deployments.

For the last five years, the Ingress-NGINX controller had been one of the most popular traffic technologies in Kubernetes, but it recently reached its end of life. That technology was built by the community. F5 now has a replacement that it’s backing, using the newer Kubernetes Gateway controller approach.

Wormke noted that the legacy ingress controller was rigid and difficult to extend, limiting how much of NGINX Plus’s enterprise capabilities customers could surface in front of their Kubernetes clusters. The Gateway API removes that constraint. Wormke said F5 has been investing in the Gateway API since it first appeared and has seen a significant uptick in open-source adoption since the ingress controller end-of-life.

“It really helps customers maintain the trusted technology they’ve been building these clusters on for years, but make sure they have a safe place to land,” he said.

F5 has added automation tooling to help customers migrate existing configurations to the new API. An open-source version is available alongside a commercial version bundled with NGINX Plus as part of the NGINX One package.

NGINX is now also getting a series of enhancements to help it better handle AI traffic. NGINX now parses MCP metadata directly in the traffic path to surface per-agent request patterns, latency, throughput, and error signals. This gives DevOps, site reliability engineering, and platform teams visibility into both sanctioned and shadow AI agent activity without requiring a separate AI gateway.

Wormke said the underlying motivation across all of the announcements is all about enabling production deployments of AI at scale.

“You can have all kinds of experiments. But you can’t scale it, and you can’t secure it; it’s not going to happen,” he said. “It’s been great to see the engineering teams respond to the challenge.”