At a time when buzzwords dominate boardrooms and AI is touted as the cure-all for every digital ailment, Chuck Herrin, field CTO of security at F5, is advocating for something refreshingly simple: Go back to basics. “We need to know four things: assets, actors, interfaces and actions. Who’s doing what to what via what? That’s how you secure modern applications,” he said in a recent conversation following the RSA Conference 2025.
This ethos resonates throughout F5’s 2025 State of Application Strategy Report, a sprawling analysis of how enterprise IT teams cope with today’s most complex application delivery and security challenges. Based on interviews with global security leaders, the report reveals a familiar tension: The pace of innovation continues to accelerate, while many defenders are still catching up to the last wave.
Repatriation, Complexity and Multicloud Reality
Among the headline findings from the report: At least 94% of organizations are now deploying applications across multiple environments, and almost 80% have repatriated workloads from public cloud back to on-premises infrastructure for reasons tied to cost, compliance or security.
That tracks with what Herrin has seen firsthand. “Everybody’s landed in multicloud,” he said. “There’s no longer any question about whether it’s AWS, GCP or Azure. It’s all the above, and on-prem, too.”
That sprawl has consequences. The attack surface has ballooned with microservices, unmanaged APIs, and rapidly expanding DevOps pipelines. According to Herrin, nearly half of APIs discovered in the field are completely unmanaged, and about a third are operating without encryption.
“You can’t defend what you don’t understand and cannot see,” he said. “And most organizations don’t have visibility into what APIs even exist in their environments.”
AI’s Double-Edged Sword
The report notes that while only 26% of enterprises deployed generative AI in production in 2024, that number is projected to hit 96% in 2025. As organizations race to embed AI into everything, they’re also unintentionally multiplying their attack surfaces.
“As everyone goes AI-all-the-things, we’re seeing a 5x explosion in APIs and endpoints,” said Herrin. “Architecture changes your attack surface. And the more we consolidate into large language models, the more valuable, and vulnerable, that single source of truth becomes.”
The risks are especially acute in regulated industries. Herrin, a former CISO in banking and financial services, said regulators were among the most engaged participants during his RSA session. “Seventy-five percent of my follow-ups came from regulators, especially the Federal Reserve and the OCC,” he said.
They’re asking the right questions: How do organizations ensure AI security and data privacy at scale? Are current governance models capable of handling AI’s velocity? What happens when models trained on sensitive IP are inadvertently exposed?
The AI Factory is Real and Growing Fast
Herrin also pulled back the curtain on F5’s involvement in what he calls the “AI factory,” massive compute environments powering the next generation of LLMs and machine learning pipelines.
One of F5’s customers in the southeastern U.S. is operating a facility that manages traffic across 200,000 GPUs. “You can’t just feed all that data into the GPUs at once,” Herrin explained. “You have to cluster and load balance across groups of 576 GPUs at a time.”
F5’s entire WAF (Web Application Firewall) and application delivery stack can run on NVIDIA’s Bluefield DPU architecture, offloading networking and security tasks from the GPU and freeing up 30–40% of compute capacity. That optimization can mean massive cost and performance improvements in AI-intensive environments.
Beyond compute efficiency, F5 is positioning itself as a critical enabler for sovereign AI initiatives in countries like Singapore, Indonesia and Saudi Arabia. These regions want locally governed LLMs that support native languages and adhere to national compliance mandates.
A Gateway to AI Security
To address AI-specific risks, F5 launched an AI Gateway earlier this year. Herrin likens the emerging risk to what happened when web apps gave way to microservices; the security model must evolve in tandem. “There’s a fundamental characteristic of machine learning, where, if you don’t control how your model is used, I can steal it,” he said. “This is what allegedly happened with DeepSeek against OpenAI. We’ve already seen signs of model theft, data leakage and prompt injections. You can’t protect what you can’t observe.” F5’s gateway aims to give defenders visibility into model usage, restrict function calls and enforce policy, even when traffic is routed across clouds or on-prem.
Partnering for the Long Game
Despite its deep-tech stack, which includes BIG-IP, NGINX, and its distributed cloud platform, F5 doesn’t see itself as a monolithic vendor. Herrin emphasizes partnership and flexibility, especially in navigating compliance challenges like Europe’s DORA regulation or the forthcoming EU AI Act. “Multinational companies need agility. They need to meet local compliance needs without spinning up four separate security teams for four different cloud providers,” Herrin said. “F5 helps you enforce policy consistently, no matter where the workloads are running.”
And while F5’s primary focus is enterprise “top 15 banks, top 10 automakers,” as Herrin puts it, their reach is growing through OEMs, partners and services. F5 also believes the future of security lies in fewer tools with more value. “We’re not here to replace your stack. We’re here to help you rationalize it.”
Final Word: Augmentation, Not Replacement
As the AI hype cycle intensifies, Herrin maintains a balanced perspective rooted in experience. “We need to stop selling the dream and start showing real use cases with real business value and ensure the new technology is secure at the same time.” For F5, the mission is crystal clear: Enable and accelerate human-led innovation, automate the grunt work and make sure AI delivers real value without proliferating new security risks.
