As enterprises push agentic AI out of the proof-of-concept phase and into production, AI runtime security — the ability to enforce policy at the exact moment an agent acts — is proving to be the bedrock that makes autonomous systems safe enough to trust.

The shift from cloud-native to AI-native is accelerating across every business function, spanning front-office automation to back-office process redesign. Yet most organizations are discovering that bolting security onto existing workflows after the fact is no longer viable. Agents that cross system boundaries, assume user identities and execute business processes in milliseconds demand a fundamentally different control architecture, according to Ram Poornachandran (pictured, right), vice president of AI and architecture at F5 Inc., a multicloud application security and delivery company.

“It’s an incredibly hard problem,” Poornachandran said. “It’s not just the data. It’s getting data to the agents and applying proper rule-backed access security to it. Is the agent working on my behalf and is it able to see only the data that I’m allowed to access? How do you then have the agent take an action on behalf of you and have the proper audit trail?”

Poornachandran and Gary Newe (left), vice president of solutions engineering at F5, spoke with theCUBE’s John Furrier and Alison Kosik at Google Cloud Next, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed AI runtime security, agentic governance and F5’s role in securing enterprise AI deployments on Google Cloud. (* Disclosure below.)

AI runtime security demands observability at the inference layer

Securing agentic workloads requires a new lens on observability — one that moves beyond inspecting packets or application programming interface calls to understanding intent, context and the reasoning behind every agent decision, according to Newe. In response to emergent security demands, F5 recently introduced a series of updates as part of its broader Application Delivery and Security Platform to deliver that layer of runtime visibility and policy enforcement at the inference point.

“We believe that these guardrails are best suited at the inference layer,” Newe said. “Where the actual agents are making these decisions and interpreting this data, that’s where we believe is kind of the place to secure this at scale.”

Continuous testing is the second pillar, with F5’s AI Red Team built to stress-test agent behavior across attack vectors before deployments go live. An IBM Corp. report found that 97% of compromised organizations had zero AI access controls in place — a statistic that underscores why pre-production adversarial testing has become a non-negotiable step. AI Red Team creates a continuous security feedback loop by feeding its findings directly into AI Guardrails, another F5 offering focused on runtime policy enforcement in production, Newe noted. Agent drift poses an equal threat, as new data and models can silently erode an agent’s effectiveness over time, Poornachandran added.

“You need to continuously monitor,” Poornachandran said. “You don’t want drift in the system. New data comes in, new models come in and the agent could not necessarily produce the effectiveness as when you [started] building it. That’s why observability is important.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of Google Cloud Next:

(* Disclosure: F5 sponsored this segment of theCUBE. Neither F5 nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE