F5 Acquires SurePath AI to Detect Unauthorized AI Tools on Networks

F5 has acquired SurePath AI, a Denver-based startup that detects artificial intelligence tools operating on corporate networks, as the Seattle company expands its foothold in enterprise AI security.

The acquisition, announced this week, brings SurePath's network monitoring capabilities into F5's newly launched AI security platform. SurePath's technology identifies which AI tools and agents employees are using—including unauthorized ones—and tracks their activity across an organization's infrastructure.

The shadow AI problem

François Locoh-Donou, F5's chairman, president and CEO, said the acquisition addresses a growing visibility gap for enterprises. "The more an enterprise adopts AI, the less visibility it has into what AI is operating in the organization," he told GeekWire in an interview.

Kunal Anand, F5's chief product officer, described the challenge as "shadow AI"—a phenomenon similar to the earlier wave of unauthorized cloud software adoption, but moving faster and carrying higher risks. The issue mirrors the shadow IT problem of the past decade, when employees adopted cloud applications faster than IT departments could track them.

Building an integrated security platform

F5 is incorporating SurePath into a broader AI security platform designed to discover AI models and agents running inside a company, test them for vulnerabilities, and apply guardrails. Locoh-Donou said customers previously had to assemble these capabilities from multiple vendors.

"Having four, five, six different tools to discover, test and secure your AI is a nightmare," he said.

The SurePath deal follows F5's acquisition of CalypsoAI last fall, which now operates as F5 AI Red Team and F5 AI Guardrails. Founded in 2023 and led by co-founder Casey Bleeker as CEO, SurePath had approximately 19 employees and had raised roughly $6 million in venture funding, according to PitchBook. F5 did not disclose financial terms.

Why it matters

As enterprises rapidly adopt AI tools, many are discovering employees have deployed models and agents without IT approval or oversight. This creates security, compliance, and data governance risks that traditional security tools weren't designed to address. F5's integrated approach reflects growing demand for purpose-built AI security platforms that can keep pace with the technology's rapid deployment.

Acquisition strategy

Locoh-Donou said F5 evaluates three factors in each acquisition: whether it can build the technology fast enough internally, whether the deal genuinely serves customers, and whether the team fits F5's culture.

"We have encountered companies in the industry that had great technology and brilliant people, but it was very clear to us that they would never be a great fit," he said. "And so we walked away."

F5, founded in Seattle in 1996, makes technology for securing and deploying applications across multiple platforms. The publicly traded company reported $3.1 billion in revenue in its most recent fiscal year and celebrated its 30th anniversary in May.

Details were first reported by GeekWire.