F5 report outlines three critical priorities for CISOs

F5 published insights from its newly released State of Application Strategy Report 2026, with Michael Montoya, Chief Technology Operations Officer at F5, highlighting the immediate priorities Chief Information Security Officers (CISOs) must address. As artificial intelligence models and automation tools expand, application security frameworks are shifting rapidly, placing increased pressure on cybersecurity teams to keep pace with infrastructure vulnerabilities.

According to the company, operating effectively within this landscape requires security leaders to accelerate the deployment of internal AI tools to detect and mitigate threats faster than AI-driven cyberattacks. Organizations are encouraged to embed AI into vulnerability management, security operations, and incident containment pipelines to improve overall system resilience. The report points to three foundational priorities that CISOs can no longer afford to delay.

Comprehending the Structural Impact of AI and Automation on Infrastructure

F5 research shows that 55% of modern enterprise application portfolios are AI-powered, with many models fully operational in production environments. Additionally, 67% of organizations utilize AI to drive automated workflows. The report notes that machine-to-machine data traffic generated by autonomous agents and automated systems via application programming interfaces (APIs) will soon surpass human-generated data traffic. To counter the security blind spots introduced by this shift, CISOs must accurately map these automated data paths, identify algorithmic touchpoints, and deploy adaptive protective policies.

Managing AI Models and Inference Workflows as Core Infrastructure Components

Inference operations have emerged as the primary AI activity within enterprise environments, with organizations running an average of seven distinct AI models to power their inference engines. The study highlights that 52% of companies connect and orchestrate multiple models simultaneously, introducing unique security risks such as prompt routing manipulation, data leakage across model chains, and inconsistent security policy enforcement. With 90% of enterprises expected to transition to shared infrastructure configurations for inference processing, security teams must treat model routing and inference layers as critical, highly monitored infrastructure segments.

Simplifying Distributed Infrastructure Management

The analysis reveals that 35% of organizations consider their digital infrastructure unprepared to support complex AI workloads. While readiness discussions frequently center on performance parameters—such as graphics processing unit (GPU) availability, raw compute capacity, and network bandwidth—the cyber security architecture poses an equal challenge. AI workloads add layers of complexity that increase the probability of hidden vulnerabilities. To streamline these environments, security leaders must move away from fragmented security tools and adopt a unified platform approach for end-to-end monitoring, preventing a reactive threat-response posture and enabling rapid remediation.

The report concludes that the accelerating integration of artificial intelligence and automation mandates that CISOs prioritize comprehensive visibility and central governance across hybrid and multi-cloud architectures. By treating AI security as an integrated layer within existing application and API protection suites, organizations can confidently leverage autonomous computing as a secure strategic asset.