CISOs can no longer postpone in the age of AI
As artificial intelligence and advanced AI models develop, the ways in which applications are protected are evolving just as quickly as the technologies they are designed to secure. According to Michael Montoya, Chief Technology Operations Officer at F5, chief information security officers are under enormous pressure to keep up with this pace.
Increasingly, this means using AI not only to support the business, but also to protect organizations against new threats.
F5’s recently published “2026 State of Application Strategy Report” analyzes new trends related to applications, APIs, and artificial intelligence that are changing the scope of CISO responsibility. Based on a survey of IT decision-makers from around the world, the author identifies three priorities that can no longer be postponed.
1. Understanding the impact of AI and automation on infrastructure
According to F5 research, more than half of the applications used by organizations, 55%, are already supported by AI, while experiments involving artificial intelligence are increasingly moving into production environments. In addition, 67% of organizations use AI to accelerate automation processes. Soon, the volume of machine-generated traffic will exceed human-generated traffic.
The transformation linked to AI and automation is progressing very quickly. However, most IT environments were not designed with enough flexibility to withstand such dynamic change, which poses a significant challenge for security teams.
AI systems introduce new types of activity into IT environments. Applications communicate with models, agents launch additional services and functions, and automation systems generate constant traffic across APIs. As a result, the number of dependencies and connections between individual elements of the IT environment is growing, and the resulting communication paths must be taken into account when designing security measures.
The first step should be to determine where and how the organization uses AI and automation mechanisms. A full map of dependencies, communication paths, and endpoints makes it possible to assess potential risks and implement appropriate safeguards and security policies.
2. Managing AI models and AI inference as part of infrastructure
According to the F5 report, AI inference has now become the dominant way in which organizations use artificial intelligence. The average enterprise today uses seven AI models to analyze data and generate responses based on new information. Although organizations benefit from AI’s ability to analyze data, forecast trends, and support decision-making processes, the infrastructure behind these solutions is becoming increasingly complex.
The F5 report also shows that 52% of organizations use multiple AI models that work together. This creates new security threats, such as manipulation of the way queries are routed to models, data leakage as information is processed by successive models, and inconsistent application of security policies across different AI systems.
In addition, 9 out of 10 organizations will soon support AI model operations through shared infrastructure. Although this approach brings economic benefits, it also increases security and performance risks.
All of this increases the level of complexity that CISOs are already facing. Effective risk management requires treating communication between AI models and data flows as elements subject to the same oversight and protection rules that organizations currently apply to applications and network traffic.
Organizations should also recognize that the security boundary is shifting from the AI models themselves to the way they are used and the communication between systems. As a result, data and queries processed by AI models should be subject to the same analysis, authentication, and control as any other critical business process carried out through applications.
3. Simplifying infrastructure management
According to F5 research, 35% of organizations believe their infrastructure is not yet ready to support AI-related workloads.
Discussions about AI readiness often focus on performance, access to GPUs, sufficient computing power, storage throughput, or network capacity. While these are real challenges, the issue is not only about available resources. From a CISO’s perspective, security architecture and the ability to effectively implement and maintain control mechanisms in an environment where AI introduces an additional layer of complexity are equally important.
The use of artificial intelligence increases the number of potential areas lacking adequate visibility and control. Preparing an organization for broader AI implementation therefore means simplifying increasingly complex IT environments and adopting a consistent management model.
Without a unified platform for monitoring and managing these dependencies, organizations will find it increasingly difficult to respond effectively and strategically. As a result, problems may emerge in enforcing security policies, detecting fraud and cyberattacks, and removing vulnerabilities as they are identified.
How to meet the challenges of AI security
The rapid development of artificial intelligence and automation is changing the way organizations think about security. Full visibility across the environment, effective control, and the ability to manage increasingly complex hybrid and multicloud infrastructure are now becoming critical.
If AI-related security measures are fully integrated with existing application and API protection processes, organizations will gain greater flexibility in responding to threats and will be able to use artificial intelligence more safely as a tool for building competitive advantage.
(F5)