Back to all videos

The Bad Guys Have AI Too: What That Means for Bot Defense in 2026

By F5 DevCentral Community

Bot DefenseCybersecurityAI SecurityCloud Security
Share:

Key Concepts

  • Bot Defense: F5’s security solution designed to detect and mitigate automated malicious traffic.
  • Agentic Browsers/Agents: AI-driven software capable of performing autonomous tasks, which can be leveraged for both legitimate and malicious purposes.
  • Credential Stuffing: A cyberattack where stolen account credentials are used to gain unauthorized access to user accounts.
  • AI-Driven Attacks: The use of AI to enhance traditional attacks, such as identifying password patterns to guess similar credentials rather than just using leaked ones.
  • Distributed Cloud: F5’s platform-agnostic deployment model for security services.

1. The Evolution of Bot Defense in the AI Era

Robert Custer, Product Marketing for F5’s Bot Defense, emphasizes that while AI is a major industry focus, it is a "double-edged sword." Malicious actors are increasingly utilizing AI to automate and refine cyberattacks. F5’s strategy is to integrate AI-detection capabilities directly into their Bot Defense solution to counter these sophisticated threats.

2. Addressing AI-Powered Threats

F5 is focusing on two primary vectors regarding AI and agentic traffic:

  • Agentic Browser Management: Organizations now face the challenge of "agentic browsers"—AI agents that can navigate the web autonomously. F5 provides the capability to identify these agents and allows administrators to explicitly "allow" or "disallow" them on their network based on organizational policy.
  • Enhanced Credential Stuffing: Traditional credential stuffing relies on static lists of leaked passwords. AI-driven attacks can now analyze password patterns to generate "similar" credentials. If a user employs a password structure that is predictable, AI can test variations against login pages. F5’s Bot Defense is designed to detect these AI-generated patterns and block the automated attempts before they compromise user accounts.

3. Deployment and Platform Integration

A key advantage of F5’s Bot Defense is its flexibility. It is not tied to a single hardware or software stack; it can be deployed across F5’s entire breadth of platforms, including:

  • BIG-IP: F5’s traditional application delivery controller.
  • NGINX: F5’s high-performance web server and reverse proxy.
  • F5 Distributed Cloud: The modern, cloud-native platform for security and application delivery.

4. Strategic Partnerships: The Skyfire Integration

F5 has announced a partnership with Skyfire to enhance visibility into AI traffic. This integration allows F5 to:

  • Recognize AI Traffic: Identify and categorize traffic originating from AI agents.
  • Pattern Analysis: Utilize historical data and robots.txt standards to understand the behavior of specific agentic paths or workflows.
  • Actionable Policy: Once identified, administrators can apply standard Bot Defense actions to AI traffic, such as allowing, blocking, or transforming (redirecting) the traffic to a specific page.

5. Synthesis and Conclusion

The core takeaway is that F5 is shifting its Bot Defense strategy to treat AI-driven agents as a distinct class of traffic that requires granular control. By moving beyond simple bot detection to identifying the intent and origin of "agentic" traffic, F5 enables organizations to harness the benefits of AI while mitigating the risks of automated credential stuffing and unauthorized AI-driven scraping. The integration with partners like Skyfire further strengthens the ability to distinguish between beneficial AI agents and malicious ones, providing a robust framework for modern web security.

Chat with this Video

AI-Powered

Hi! I can answer questions about this video "The Bad Guys Have AI Too: What That Means for Bot Defense in 2026". What would you like to know?

Chat is based on the transcript of this video and may not be 100% accurate.

Related Videos

Ready to summarize another video?

Summarize YouTube Video