Partner POV | Your next million customers will be AI. Security must evolve.
This article was written by Ahmed Dessouki, Senior Principal Business Development Manager at F5, and Robert Kusters, Senior Product Marketing Manager at F5.
The agentic AI era has arrived, and it's reshaping traffic patterns across the Internet.
Enterprises are seeing a fast-rising mix of human users, automation, and, increasingly, autonomous agents making legitimate requests for data, API calls, and services. The opportunity for commerce growth is enormous as organizations welcome verified agents and monetize their demand. But this also brings a risk that is just as large: keeping out AI-created malicious bots that drive account takeover, inventory hoarding, payment fraud, and scraping.
To address the opportunity and challenges, F5 and Skyfire are partnering to bring these two imperatives together. By aligning F5 Distributed Cloud Bot Defense functionality with Skyfire's agentic commerce platform, organizations can block abuse while safely selling to human-directed agents. This single motion protects experiences and opens revenue opportunities.
Bot defense meets emerging agentic AI commerce
For years, F5 has tackled the hardest problems in bot detection and mitigation by combining deep client-side telemetry, advanced behavioral analysis, and expert-curated detections that keep pace as attackers retool. That's how our platform mitigates automated threats across the web, mobile devices, and APIs with near-zero false positives and without resorting to user friction. It's also why global brands trust F5 to keep their most visible digital channels clean as adversaries adapt.
At the same time, the definition of a "good" request is expanding. Skyfire is building the identity and payments fabric for autonomous commerce: verifiable AgentID, developer and provider verification, enterprise budgets and policies, and instant global micropayments so legitimate AI agents can pay for what they need, pull data, run LLM inferences, and interact with premium endpoints without human intervention. This flips the script from "block all automation" to "allow automation enabling business"—aligning security with growth.
Consider a common journey: A popular retail site faces waves of credential-stuffing and cart-hoarding bots each time a high-demand product drops. F5 Distributed Cloud Bot Defense sits at the edge, collecting rich device and behavioral signals from browsers and mobile SDKs, classifying traffic in real time, and intercepting automated attacks before they distort inventory and frustrate real customers. Where once AIs easily solved CAPTCHA or mimicked clicks, F5's obfuscated clients and adaptive models make evasive automation markedly harder, while policy-based mitigations neutralize threats without dragging down the user experience.
Welcoming verified AI agents, not malicious automation
Now introduce agentic traffic: verified AI agents aiming to purchase product availability feeds, premium pricing APIs, or fulfillment slots on behalf of legitimate buyers and partners. With Skyfire, these agents can showcase a unique, verifiable identity, operate within strict enterprise-defined budgets, and complete payments instantly—no credit cards on file, no fragile subscription hurdles, and no manual approvals. This creates a trusted pathway for non-human customers to discover, access, and pay for value, while Distributed Cloud Bot Defense prevents unverified or malicious automation from reaching those entry points.
Bringing clarity and confidence to automated traffic
This partnership also answers a deeper operational need: clarity. Security teams and platform owners have long lacked a common language to describe automated traffic in business terms. F5's dashboards and forensics improvements provide granular visibility into who (or what) is hitting which endpoints, how often, and with what intent. Skyfire complements that view with transaction history, policy decisions, and identity-verification signals. Together, they create an evidence trail that lets organizations separate abusive scripts from revenue-generating agents—and tune policies accordingly, from login to checkout to premium APIs.
The promise is straightforward: Enterprises don't have to choose between safety and growth. They can deploy battle-tested bot defense to keep attackers out while laying down verified identity and payment rails for trusted AI agents. In practical terms, that means fewer chargebacks and false declines, less scraping and inventory distortion, and a cleaner runway for machine-to-machine commerce that was previously infeasible due to fraud risk and payment friction.
How to get started with F5 + Skyfire
From a deployment standpoint, getting started follows a familiar arc. Organizations enable F5 Distributed Cloud Bot Defense at the application edge—via F5 Distributed Cloud, BIG-IP integrations, or connector-based insertion points —to begin classifying and mitigating automated traffic across web, mobile, and API channels. In parallel, they integrate Skyfire for agent verification and payments, defining which endpoints clients can access and at what spending thresholds.
As traffic flows, the combined telemetry and policy signals guide real-time decisions: verified agents proceed and pay; suspicious automation is challenged or blocked; business owners gain line of sight to both protection outcomes and new, agent-driven revenue.
This F5 and Skyfire partnership is ultimately about confidence—confidence that your applications and APIs are protected against the evolving tactics of malicious automation, and confidence to lean into the agentic AI economy with identity, controls, and payments built for non-human customers. If you're ready to secure the edge and open the door to verified agents, we're ready to help you navigate the path from risk management to increased revenue.