Web App and API Protection (WAAP) blog posts(51)
API security risks persist across all environments, even when air-gapped
Internal APIs often have reduced governance and visibility, creating vulnerabilities that attackers can exploit even if air-gapped or protected on-premises.
By Ian Dinno
Why risk scoring matters in the age of AI–driven vulnerability hunting
Learn how AI-powered WAF solutions can assign a single, intuitive score to quantify threat severity, transforming how application security decisions are made.
By Jay Kelley, Debrup Ghosh
Virtual patching in practice with F5 BIG-IP Advanced WAF and F5 Distributed Cloud Web App Scanning
Virtual patching reduces risk when a patch isn’t immediately available for a vulnerability, providing an organization security and time to create, test, and deploy a patch.
By Jay Kelley, Ian Dinno
Why digital sovereignty is ratcheting up the priority list
Many organizations are rethinking where applications run, who controls critical services, and how dependent they have become on external technology providers.
By Bart Salaets
The post-Mythos era: Why AI-powered defense is no longer optional
Learn why your organization must move now to automate WAF enforcement
By Darshant Bhagat, Debrup Ghosh
The enterprise imperative for AI in a hybrid multicloud world
How AI reshapes traffic patterns, API risk, and compliance—and why the Distributed Cloud Services Enterprise package delivers the depth needed across hybrid multicloud environments.
By Debrup Ghosh, Bhushan Pai
IT/OT convergence: What’s happening and why security has to lead
As IT and OT systems converge, the attack surface grows. Learn how organizations can integrate securely—and how F5 ADSP helps protect operations at scale.
By Frank Yue
Managing AI agents with trust, control, and confidence
Agentic AI is reshaping applications. Learn how to establish trust, enforce boundaries, and safely enable AI agents at scale.
By Adam Martinetti, Robert Kusters, Randy Dizitser
From rules to risk: The evolution of WAFs and the rise of AI-powered outcomes
WAF programs stall in a familiar place: blocking mode is delayed because tuning is expensive.
By Debrup GhoshF5 Distributed Cloud Services: Security innovation built for operational scale
Learn how the latest upgrade to F5 Distributed Cloud Services advances AI driven security while strengthening the operational foundations teams need to run at scale.
By Derek Yee
Scanning for what matters most: OWASP Top 10 2025
The OWASP Top 10 2025 identifies the most critical web app security threats.
By Sebastian Brandes
Five tiers of antifragile cyber resilience turn practice into outcomes
Learn how five antifragile resilience tiers transform disruption into adaptive behaviors that constrain failures and strengthen hybrid multicloud architecture.
By Griff Shelley, Colin Clauset, Mark Menger
From dashboard fatigue to operational excellence: Why XOps needs F5 Insight for ADSP
Learn how F5 Insight for ADSP lays the visibility foundation for XOps—turning fragmented signals across applications and infrastructure into actionable intelligence.
By John Maddison
Independent tests reveal F5 provides strong protection against traditional, emerging, and targeted AI app attacks
In independent, third-party tests by SecureIQLab, F5 AI Guardrails earned a 98.36% total security score and F5 WAAP alongside F5 AI Guardrails earned a total security score of 97.09%.
By John Maddison
Securing web apps without complexity: How F5’s AI-powered WAF transforms WAF security
See why AI-powered WAF in F5 Distributed Cloud WAF is a true game changer for web application firewalls—addressing the need for higher threat protection and fewer false positives.
By Erin Verna, Debrup Ghosh
Four highlights from F5’s flagship AppWorld conference
Missed this year’s F5 AppWorld conference? Get the latest F5 news here.
By John Maddison
API security without compromise: Introducing flexible new discovery options with F5 API security
F5’s expanded API discovery options are designed to deliver maximum flexibility and meet organizations where they are.
By Ian Dinno
Hello, F5 BIG-IP Zero Trust Access. Long live F5 BIG-IP APM!
F5 BIG-IP Access Policy Manager (APM) is becoming F5 BIG-IP Zero Trust Access to emphasize one of its core use cases, which is zero trust application access.
By Jay Kelley
F5 AI Remediate: Closing the AI security gap
F5’s new offering, F5 AI Remediate, shortens the path from AI vulnerability discovery to deployable protection.
By Jessica Brennan
A sneak peek into F5 BIG-IP v21.1: AI security, PQC, and software enhancements
Learn how F5’s BIG-IP v21.1 delivers AI security and PQC-readiness.
By Tom Atkins
A new playbook for hybrid multicloud cyber resilience
Learn why traditional resiliency models fall short and how modern cyber resilience, using an antifragile approach, turns disruption into an advantage.
By Griff Shelley, Colin Clauset, Mark Menger
MazeBolt + F5: Partners for automated DDoS protection
Integrating MazeBolt DDoS testing technologies into the F5 Application Delivery and Security Platform (ADSP) delivers fully automated, AI-powered DDoS protections.
By Rona Rom Amram
Why BOLA’s "authorization gap" requires a runtime strategy
Broken object-level authorization (BOLA) is not a bug but a failure of access controls. Learn how a three-tiered runtime strategy can close the gap and protect data.
By Chaim Peer, Ian Dinno
F5 again recognized with six TrustRadius Buyer’s Choice Awards in 2026
F5 was once again honored with six TrustRadius Buyer’s Choice Awards—a testament to our continued commitment to delivering trusted, high-value solutions.
By Jay Kelley
From sprawl to strategy: Why a sound strategy for application delivery and security is key
This accumulation of disconnected tools comes at a high price. See how a unified approach to application delivery and security reduces your total cost of ownership.
By Greg Maudsley
Why take a platform approach?
Learn why a converged platform for application delivery and cybersecurity offers the best path to simpler operations and stronger protection.
By Greg Maudsley
OPSWAT and F5: Taking network traffic security to the next level
Integrating OPSWAT file security technologies into the F5 platform provides critical defenses to keep complex networks and sensitive data secure.
By George Prichici
F5 NGINX STIGs: A security blueprint for public sector and regulated environments
Learn how F5 NGINX STIGs provide a security blueprint for U.S. DoD and regulated environments, helping you achieve compliance while building robust, zero-trust infrastructure with enhanced visibility ...
By Bill Church
Rein in API sprawl with F5 and Google Cloud
Find out how F5 and Google Cloud can help you secure and manage your ever-increasing API integrations.
By Beth McElroyF5 secures today’s modern and AI applications
The F5 Application Delivery and Security Platform (ADSP) combines security with flexibility to deliver and protect any app and API and now any AI model or agent anywhere. F5 ADSP provides robust WAAP ...
By Jay Kelley, Ian Lauth