BLOG | OFFICE OF THE CTO

AI Changes Nothing and Everything

Lori MacVittie Miniatur
Lori MacVittie
Published September 19, 2024

The impact of AI on application delivery and security is as confusing as a quantum mechanics thought experiment.

Without rehashing Schrödinger’s famous cat in simultaneous quantum states thought experiment, there seems to be similar confusion regarding what, exactly, the impact of generative AI will be on application delivery and security.

This stems primarily from two core characteristics of AI applications:

  1. They are modern applications
  2. They are heavily dependent on APIs

This leads to the conclusion that, for the most part, application delivery and security are not really all that affected by generative AI. After all, the same API security services can be used to protect AI APIs, and the tech stack still includes the same old protocols that can be defended by DDoS protection and a good old WAF. Concerns about bots? Bot defense has that covered, too.

Are there new capabilities needed for API security? Yes, some. Specifically, around the shift to sharing unstructured data. Do application delivery services (like load balancing) need to evolve to deal with AI inferencing peculiarities? Yes, some. But the services themselves are still pretty much…the same.

But—and here’s where the second of our quantum states comes in—deploying AI applications generally means a change in architecture. So, AI changes everything and nothing at the same time.

After all, AI inferencing servers are not just web servers or app servers and are generally following an architectural pattern that expands the modern application architecture with a new tier dedicated to AI inferencing. Without rehashing the details, here’s a refresher on the evolution of application architectures:

There are a whole lot of changes in the components within that modern application—and where they reside—that change application delivery a whole lot more than application security.

For example, when we look at the possible insertion points for application delivery and security, we can see that points deeper in the architecture are less likely to need what are traditionally “front door” services. Those are capabilities like global server load balancing, DDoS protection, and multicloud networking. So, at the front door, nothing really changes all that much.

But that inferencing tier? It’s going to need load balancing, and not just load balancing but intelligent load balancing. That’s application delivery. An AI gateway that can monitor and protect outbound AI traffic is probably a good idea here, too, as well as a whole lot of security services. In fact, a market survey we did earlier this year told us exactly which services folks want to use and where they want to deploy them. When it comes to delivery and security at the “North-South AI” insertion point they want:

  1. 44% AI gateway
  2. 21% API security
  3. 13% Load balancing
  4. 29% Bot defense

Now, those same services are desired at the “North-South Front Door” insertion point, too, but at different rates. And the deeper into the AI inferencing tier you go, the fewer services are needed, and yet it is those services that will be impacted most by the need to adjust algorithms, monitoring, and routing to address the differences that exist in that tier. The service may be the same—it’s good old load balancing—but its capabilities will evolve to meet the unique needs of AI factories.

And that’s where the confusion comes in, I think. The market understands that AI applications are modern applications that depend on APIs. That means the market is quite capable of recognizing that existing application delivery and security services are going to work just as well for AI as they do for other modern applications and APIs.

But the market also understands that AI is changing their architecture and introducing new insertion points where those services might be better deployed. And that’s the biggest change caused by AI: architecture.

That’s not a small thing. Architectural changes impact everything from application delivery and security to monitoring, automation, and networking. It means that even if the application delivery and security services don’t change that much, where and how they’re deployed changes a lot.

Getting that right is an important part of readiness to scale AI in a meaningful way.