F5 Overhauls ADSP With AI Observability, Post-Quantum WAF, and NGINX Convergence
F5 announced major updates to its Application Delivery and Security Platform at AppWorld, including a new observability tool, post-quantum cryptography for BIG-IP WAF, and agentic AI support for NGINX.
F5 Overhauls Its Security Platform
F5 used its AppWorld conference to announce a major update to the Application Delivery and Security Platform (ADSP). The headline addition is F5 Insight, a new observability layer that pulls telemetry from BIG-IP deployments and turns it into actionable dashboards and AI-driven guidance.
"Most operations teams are stuck babysitting complexity they did not sign up for," said Kunal Anand, F5's Chief Product Officer. "F5 ADSP collapses that mess into a platform."
What Changed
The update touches several areas:
F5 Insight for ADSP delivers unified visibility across application and infrastructure layers. It uses OpenTelemetry under the hood and supports MCP integration with popular LLMs for natural language queries against operational data. Available now for BIG-IP, with NGINX and Distributed Cloud support coming later.
BIG-IP v21.1 (expected Q2 2026) brings post-quantum cryptography readiness with NIST-compliant ciphers, quantum-resistant VPN tunneling, and protections for agentic AI workloads. The F5 WAF now covers OpenAPI 3.1 specs and blocks attacks targeting HTTP/3 traffic, including XSS and SQL injection.
NGINX gets agentic observability by parsing MCP metadata in the traffic path. F5 is positioning NGINX as a single gateway for application, API, and AI workloads, arguing there is no need for a separate AI gateway. This is available now in NGINX Open Source with enterprise support through NGINX Plus.
Distributed Cloud Services gets simplified packaging aimed at reducing SaaS deployment friction.
WAFplanet Take
F5 is clearly betting that observability is the missing piece in WAF and app security. The Insight product could genuinely help teams that are drowning in BIG-IP telemetry but struggling to act on it. The post-quantum moves are forward-looking and smart positioning even if nobody needs quantum-resistant WAF today.
The real question is whether F5 can execute on the NGINX convergence story. Promising one gateway for everything, from traditional apps to AI agents, is ambitious. If they pull it off, it simplifies the stack. If they do not, it is just another product announcement from AppWorld.
The HTTP/3 WAF coverage is notable. As more CDNs and providers push QUIC adoption, WAFs that cannot inspect HTTP/3 traffic will have a blind spot. Cloudflare and Akamai already handle this at the edge, but for on-prem F5 shops, this closes a real gap.
