As organizations rapidly shift from AI training to AI inference, an increasing number are deploying artificial intelligence models directly within their own infrastructure. From a business standpoint, this represents a significant step forward—enabling greater control over data, reducing reliance on external providers, and substantially enhancing data confidentiality.

At the same time, this transition introduces an inevitable consequence: a markedly expanded attack surface. Recent projects delivered by Datanet Systems highlight that AI systems are no longer isolated analytical components, but are evolving into dynamic interaction layers connecting users, applications, and enterprise data. As such, it is becoming increasingly evident that AI systems are – or will soon become – prime targets for cyber attackers.

 

 

To address this emerging reality, Datanet Systems is introducing to the local market an integrated solution from F5, purpose-built to secure private AI environments. This comprehensive AI security stack consists of two complementary components: F5 AI Guardrails and F5 AI Red Team. The former delivers real-time, runtime protection, while the latter proactively simulates attacks to identify vulnerabilities before they can be exploited. Together, they establish a continuous cycle of testing, protection, and ongoing AI security optimization.

 

Incidents to Avoid

The need to secure AI systems is no longer theoretical—it is a reality underscored by a growing number of recent incidents. Increasingly, these cases highlight how AI-driven systems can be exploited, often with significant financial and reputational impact.

One notable example is the incident involving “Lilli,” an internal AI platform used at McKinsey & Company. Security researchers were able to exploit an autonomous AI agent and gain access to sensitive data by combining techniques such as exposed API documentation and SQL injection. Within hours, the breach led to the exposure of millions of messages, hundreds of thousands of files, and tens of thousands of user accounts—demonstrating how quickly an AI ecosystem can be compromised when security controls are not sufficiently robust.

Another high-profile case involves Arup, where an employee in the finance function was deceived into transferring over $25 million. The attackers leveraged deepfake technology to simulate a video call with senior executives, effectively turning AI into a highly convincing and scalable social engineering tool.

A more recent example comes from the advanced AI domain, where Anthropic investigated unauthorized access to its Mythos model—specifically designed to identify cybersecurity vulnerabilities. This case highlights a broader shift in focus: organizations must now look beyond data protection and address the need to control access to AI models capable of generating or simulating increasingly sophisticated attacks.

 

A Paradigm Shift in AI Security with F5

 

In this context, F5 introduces a different approach to AI security—treating models not simply as applications, but as critical infrastructure that must be protected end-to-end.

 

F5 AI Guardrails – runtime protection

F5 AI Guardrails serves as the defensive layer of the architecture, acting as a control point between users and AI models. Its primary role is to manage interactions with the system in real time, across both input and output.

In practice, it functions as a filtering and enforcement layer that blocks prompt injection attempts, jailbreak techniques, and sensitive data exfiltration. At the same time, it enforces security and compliance policies—including regulatory frameworks such as GDPR and the EU AI Act—while providing full visibility into how the model generates responses.

A key advantage is its model-agnostic design, enabling it to work with any LLM, whether deployed in the cloud or on-premises. In essence, this layer continuously evaluates whether an interaction is safe and whether responses align with organizational policies.

Key capabilities:

• Mitigates risks such as data leakage, harmful content, and adversarial attacks, ensuring comprehensive runtime protection for AI models and agents;
• Assesses AI risk using tailored methodologies applicable to both public and proprietary models;
• Enables distributed data protection by inspecting interactions and preventing real-time DLP violations;
• Simplifies compliance through enterprise-wide policy alignment and automated auditing (GDPR, HIPAA, EU AI Act, etc.);
• Rapidly converts adversarial testing insights into active protection policies;
• Delivers low-latency runtime security with no impact on performance;
• Reduces harmful outputs through moderation filters for toxic, biased, or inaccurate content.

 

F5 AI Red Team – continuous offensive testing

F5 AI Red Team represents the offensive component of the ecosystem, functioning as an automated adversarial testing system designed to simulate real-world attacks on AI models. The platform continuously executes complex attack scenarios—including advanced prompt injection, chained jailbreak techniques, and the exploitation of autonomous agent behavior. These tests are conducted at scale, leveraging an extensive and constantly updated library of attack techniques.

Powered by one of the most advanced AI threat libraries—featuring over 10,000 new attack patterns added monthly—F5 AI Red Team delivers risk-scored, explainable insights that can be rapidly translated into active protection mechanisms. Its goal is to identify vulnerabilities before they can be exploited in production, effectively acting as a dedicated ethical hacking capability for AI.

Key capabilities:

• Proactive testing of AI models and applications through continuous threat simulation;
• Simulation of adversarial attacks using agents specialized in real-world attack techniques;
• Integration with AI Guardrails for rapid remediation of identified vulnerabilities;
• Resilience testing using an extensive, industry- and use-case-specific attack library;
• Detailed visibility into exploitation paths through comprehensive logs and audit trails.

The real value of this approach lies in how these two components work together. AI Red Team continuously identifies vulnerabilities through simulated attacks, and these findings are fed into AI Guardrails, which dynamically updates its protection policies at runtime. The result is a continuous security cycle: testing, protection, and optimization. Instead of relying on static defenses, organizations benefit from a system that continuously learns from attacks and strengthens its security posture in real time.

 

AI Security with Datanet Systems

 

In 2025, Datanet System introduced a „AI end-to-end” solution structured across three core layers, integrating hardware, orchestration, AI/ML pipelines, and application components into a unified, secure, and high-performance ecosystem. As enterprise adoption accelerates, AI security has rapidly emerged as the fourth critical layer—reflecting a shift where risks extend beyond performance and accuracy. Organizations are increasingly facing challenges such as data leakage, unpredictable AI agent behavior, uncontrolled model usage (“shadow AI”), and the integration of AI into business-critical systems.

The F5 solution outlined in this article directly addresses this evolving risk landscape by treating AI as a distinct attack surface. AI Guardrails delivers real-time control and protection at runtime, while AI Red Team enables continuous validation through realistic attack simulations. Together, they form a comprehensive, closed-loop security framework for modern AI environments.

For organizations adopting private AI infrastructures, this approach is becoming essential. With the support of Datanet Systems, companies can not only deploy AI models on-premises, but also secure them at an advanced level—aligned with the new generation of AI-driven threats. For more information on AI security with F5 AI Guardrails and F5 AI Red Team, please contact the Datanet Systems team at sales@datanets.ro.