Real-time data leakage detection can help CISOs better secure AI workloads: F5 India MD

As businesses adopt AI and hybrid cloud technologies, sensitive data often moves across encrypted traffic and unapproved AI tools, creating security blind spots. Traditional security methods are often inadequate to prevent data leaks in these complex environments. In a TechCircle interview, Pratik Shah, Managing Director for India & SAARC of cybersecurity firm F5, discusses how companies can mitigate risks, including sensitive data leakage from AI systems, while maintaining compliance. He also outlines F5’s roadmap for India. Edited excerpts.  

With more enterprise security teams using tools such as agentic AI and GenAI, how is this changing the attack surface?

Agentic and generative AI can transform cybersecurity practices, particularly in addressing new and evolving threats. For example, unlike the traditional systems that follow predefined tasks, AI agents can trigger actions, initiate workflows, and even make decisions on their own in real time. At the same time, it does expand the attack surface significantly. If a single agent is compromised, it could unintentionally expose sensitive data, misuse APIs, or disrupt critical operations at scale. And that means security can no longer be perimeter-focused. It has to be continuous in nature – continuous monitoring, enforcing Zero Trust principles, and embedding AI-native defences that protect both human- and machine-led interactions. That’s the mindset security leaders will have to adopt.

Why are APIs becoming a critical control point, and how can firms secure them through proper validation and governance?

APIs today are no longer just technical connectors sitting in the background; they are the lifeblood of modern businesses. Every mobile transaction, cloud service, and AI workflow depends on them. This makes APIs both enablers of innovation and, unfortunately, prime targets for attackers. The complexity of multi-cloud environments amplifies the challenge, necessitating robust discovery, validation, and governance. Security tools and platforms that offer continuous visibility, behavioural analysis, and in-line protection reduce vulnerabilities, preventing data leakage, and enabling innovation.

How can CISOs secure the GenAI-enabled applications, APIs, and automation workflows?

Generative AI is rapidly becoming integral to enterprise operations, driving customer interactions, automation, and decision-making. This introduces new risks that traditional security models are ill-equipped to handle, such as prompt injection, data leakage, and model manipulation.
Security must be equally intelligent and real-time. For example, F5's Application Delivery and Security Platform (ADSP) unifies delivery and security for AI-era workloads. Its AI-powered Web Application Firewall (WAF) learns from traffic patterns, detects anomalies, and neutralises zero-day threats.

How can Indian CIOs and CISOs prevent AI-driven data leakage?

AI-driven data flows transcend traditional silos, cutting across APIs and multi-cloud environments. Preventing leakage requires an enterprise-wide framework built on Zero Trust principles, strong data classification and governance, and continuous discovery and monitoring. By integrating real-time data leakage detection into its platforms, security providers can offer greater visibility and control over AI's interaction with data to their clients. This is especially critical in India, where AI adoption is accelerating.

What are F5's current and upcoming plans for hiring, expansion, and product innovation in the Indian market?

India is a high-growth and strategic market for F5. The company has invested steadily, establishing R&D centres in Hyderabad in 2018 and Bengaluru in 2023. F5 aims to deepen its expertise in AI-enabled security, multi-cloud networking, and adaptive applications, making India a hub for innovation. We are also expanding our deep-tech talent pool and fostering a recognised workplace. Indian teams are contributing to adaptive applications and automation capabilities supporting secure AI adoption globally.

How large is the team at F5's India R&D centre, and what areas of innovation do they focus on?

We have close to 1,000 employees across our Hyderabad R&D Centre and Bengaluru Engineering Centre. These centres drive innovation in areas like application and API security, multi-cloud networking, automation, and adaptive app delivery. As AI continues to transform the industry, our India teams are right at the heart of building that future.

What strategic initiatives, product launches, or partnerships are planned for F5 globally and in India?

Globally, we’ve been very active in preparing for the AI era, and many of those innovations are also relevant for India. For example, we recently expanded our partnership with Equinix to accelerate AI-ready infrastructure across distributed environments. Our collaboration with MinIO is helping us enable secure, scalable data pipelines for AI factories. We’ve enhanced ADSP with real-time data leakage detection and launched the F5 AI Assistant to simplify configurations through natural language. We’re also preparing customers for the future with Post-Quantum Cryptography solutions. And our collaboration with NVIDIA strengthens performance and security for AI workloads at scale.

What gives F5 a competitive edge in the application and API security space?

F5's competitive edge stems from our strong expertise in securing and delivering applications and APIs. Unlike point-solution providers, we guarantee and deliver every app and API across on-premises, cloud, multi-cloud, and edge environments through a unique combination of software, SaaS, and hardware. 
Moreover, our cloud security portfolio, featuring advanced API endpoint discovery, anomaly detection, telemetry, and behavioural analysis, secures app-to-app communications through validated and monitored APIs, reducing false positives and accelerating deployment. F5 meets customers where they are, addressing their challenges as they enter the AI era.