Safeguarding AI systems: Why security must catch up to innovation

To continue reaping the benefits of AI, organizations must treat its security with the same urgency they bring to networks, databases, and applications. But the current imbalance between adoption and protection suggests a different story.

F5’s 2025 State of AI Application Report underscores this point. Only 2% of organizations surveyed were considered highly secure and ready to scale AI safely. Meanwhile, 77% faced serious challenges related to AI security and governance.

The report also revealed that only a fraction of moderately prepared companies have deployed foundational safeguards. Just 18% had implemented AI firewalls, and only 24% practiced continuous data labeling, a key method for detecting adversarial behavior. Compounding the issue is the growing use of Shadow AI: unauthorized or unsanctioned AI tools that create dangerous visibility gaps in enterprise environments.

In the race to deploy AI for competitive gain, many organizations are inadvertently expanding their attack surface.

AI’s unique characteristics expose it to novel forms of attack. Some of the most pressing vulnerabilities include:

• Data poisoning: Attackers subtly inject corrupt or misleading data into training sets, compromising the behavior of AI models. In 2024, University of Texas researchers demonstrated how malicious content embedded in referenced documents could influence model outputs—persisting even after the documents were removed.
• Model inversion and extraction: These attacks allow adversaries to reconstruct sensitive training data or replicate proprietary models. Real-world cases include the recovery of patient images from diagnostic systems and the reconstruction of private voice recordings and internal text from language models.
• Evasion attacks: By making minute, often imperceptible changes to input data, attackers can trick AI models into producing incorrect outputs. One example: researchers fooled an autonomous vehicle’s vision system into misclassifying a stop sign as a speed limit sign by adding innocuous-looking stickers.
• Prompt injection: Large language models (LLMs) are susceptible to carefully crafted input that manipulates their behavior. In one case, a ChatGPT-powered chatbot used by Chevrolet dealerships was tricked into agreeing to sell a car for $1—an outcome that exposed both reputational and legal risks.

These threats are not theoretical. They are active, and they are already undermining AI’s safety and reliability across industries.

To meet these challenges, organizations must adopt a well-rounded defense strategy that addresses both general cybersecurity and AI-specific risks. The following five steps can help enterprises secure their AI systems:

1. Strengthen data governance
   Build a clear inventory of AI assets—including models, APIs, and training datasets—and enforce tight access control policies. Data is foundational to AI, and its integrity must be protected at every level.
2. Test continuously
   Move beyond traditional code reviews and implement adversarial testing and red teaming. These methods help uncover weaknesses such as model inversion and prompt injection before attackers exploit them.
3. Embrace privacy-first design
   Incorporate encryption, data minimization, and differential privacy techniques. These approaches limit the risk of sensitive data exposure, even if a breach occurs.
4. Adopt zero trust architecture
   Apply a “never trust, always verify” philosophy across all AI systems. Grant the minimum access necessary to every component and user and rigorously verify all activity.
5. Monitor AI behavior in real time
   Implement tools and systems that watch for anomalies in model behavior or input patterns. Monitor for things like excessive API calls, suspicious prompts, or abnormal outputs—all of which could signal active threats.

As more organizations embrace hybrid and multicloud environments, F5 through our  Application Delivery and Security Platform (ADSP) is delivering AI-native security capabilities designed to protect modern infrastructure.

Part of this platform, F5 AI Gateway provides defense against prompt injection and data leakage by intelligently inspecting and routing LLM requests. Advanced API security solutions—available via F5 Distributed Cloud API Security and NGINX App Protect—safeguard APIs from misuse, exfiltration, and abuse.

Also a part of F5 ADSP, F5 Distributed Cloud Bot Defense uses machine learning to detect and block automated threats like credential stuffing with minimal false positives. And F5 BIG-IP Advanced WAF solutions secure applications and APIs while offloading security tasks from GPUs, improving performance in AI-intensive workloads.

In addition, F5’s AI Reference Architecture offers a blueprint for secure, reliable AI infrastructure across hybrid and multicloud environments. F5 also collaborates with leading AI innovators, including Intel, Red Hat, MinIO, and Google Cloud Platform, among many others, to help customers scale securely and efficiently.

AI is transforming every industry it touches—but its potential comes with unprecedented risks. As threats grow more sophisticated, security leaders must move with urgency and foresight, embracing proactive tools, smarter architecture, and policy-driven protection.

AI security must be integrated into the very fabric of enterprise strategy. With the right combination of regulation, technology, and culture—anchored by proven frameworks like the U.S. National Institute of Standard and Technology’s AI Risk Management Framework and supported by platforms such as F5 ADSP—organizations can harness the full promise of AI while defending against its darker edge.

The AI frontier has arrived. The time to secure it is now.