Digital Transformation in the Age of Modern AI Applications

AI is transforming enterprise applications at unprecedented speed – but with this opportunity comes a surge in complexity and risk. At eco’s Internet Security Days (ISD) 2025, I spoke on the key stage about how today’s digital architectures are becoming a “ball of fire” of interconnected applications, APIs, and data flows – and why defending against AI-driven threats now requires AI-powered defenses. My talk focused on how concrete strategies organizations can adopt to secure their digital services while preparing for an AI-driven future.

Digital transformation continues to accelerate across enterprises, fundamentally changing how organizations deliver digital services to customers, employees, and business partners. From online portals and mobile applications to API-driven platforms, today’s digital services must run somewhere – and securing their delivery while maintaining high availability has become increasingly complex.

As F5’s Product Sales Specialist for Central and East Europe, I work with organizations across multiple countries, helping them navigate this evolving landscape, particularly as they invest in AI-powered applications and web services. Over more than 25 years, our focus has remained consistent: how do we deliver digital services properly, securely, quickly, and with high availability so customers can consume them reliably?

The growing complexity challenge: Welcome to the “Ball of Fire”

What we are witnessing today is an explosion in the number of environments, applications, and digital services driven by ongoing digital transformation initiatives. This creates what I call a “Ball of Fire” – a complex, interconnected web of applications, APIs, data sources, and infrastructure spanning multiple environments.

The challenge lies not just in the complexity itself, but in achieving proper visibility, having the right personnel to manage diverse environments, and understanding exactly what happens during security incidents or attacks. Organizations struggle to manage this complexity while remaining secure and continuing to deliver applications effectively.

The distributed application landscape

The way applications are deployed and consumed has fundamentally shifted. In 2017, traditional on-premises installations dominated with 65% of deployments. Today, the distribution looks very different, with only 17% of all apps remaining on-premises and all others evenly distributed to public cloud providers, colocation or edge.

This diversification means applications require increasingly specialized expertise to operate effectively, often leading to higher costs and complexity. Organizations need experts for each environment type, creating operational challenges and skills gaps.

AI applications: the next complexity multiplier

When we discuss modern AI and machine learning applications, complexity increases exponentially. AI applications don’t just add to the existing “Ball of Fire” – they require integration of distributed data sources and mixing proprietary internal data with publicly available datasets.

This creates several new challenges:

• Data integration complexity: AI adds more data points to the equation, requiring secure monitoring of data streams to understand what is accessed and processed.
• Enhanced monitoring requirements: Organizations must ensure that flows are properly supervised – knowing what goes out, what gets requested, and what should actually be permitted.
• New security categories: AI shifts interactions from human-to-system toward machine-to-machine and database-to-AI-factory communications, creating entirely new attack surfaces.

According to F5’s analysis, by 2028 around 80% of all enterprise applications will contain some form of AI. What begins today with Generative AI and Large Language Models will expand into more domains of business-critical services.

The rise of AI-powered attacks

As organizations deploy AI, attackers are simultaneously leveraging the same technologies for malicious purposes. We already see sophisticated bot networks built from small software components, centrally orchestrated, and used at scale for credential stuffing, fraud, and web scraping.

Our F5 Labs have had a closer look at today’s AI-powered threats and came to the conclusion that we will most likely see more and more attacks which are planned, orchestrated, and executed by autonomous AI-systems.¹

This development means we must now defend against AI-powered attacks with AI-powered defenses.

APIs as the backbone of AI applications

A central insight is that API security is AI security. APIs are the backbone of AI applications: they connect datasets for training, link models with inference applications, and integrate services into broader ecosystems. Without secure APIs, the integrity of AI systems collapses.

This requires protecting AI-related APIs against malicious data injection, adversarial manipulation of models, and unauthorized access to proprietary data. Securing APIs is no longer just a technical detail – it is the foundation of trustworthy AI adoption.

The platform approach: Consolidation and Integration

Given the impossibility of securing every component in isolation, the industry is moving toward consolidated security platforms that integrate multiple capabilities:

• Security Service Edge (SSE): protecting remote workforce access.
• Web Application and API Protection (WAAP): defending core business logic.
• Endpoint Security (EPP): safeguarding devices.
• DDoS Mitigation and Bot Defense: ensuring availability and resilience.

The recommendation is clear: build on open architectures that enable integration, data extraction, and internal processing. Each organization has unique requirements, and flexibility is critical.

Security and networking convergence

We are also seeing convergence between security and networking technologies. Security components are being embedded into the data plane, enabling faster detection and response.

• SSE is merging with SD-WAN into SASE solutions.
• WAAP capabilities are increasingly integrated with delivery networks.
• Networking and security are no longer separate domains – they are converging into unified platforms for secure connectivity.

At F5, our approach focuses on exactly this convergence: bringing security and networking together to ensure applications and data sources are securely connected and delivered – a necessity in AI-driven environments.

Looking forward to building resilient digital architectures

The convergence of AI adoption, distributed infrastructure, and emerging threats requires organizations to rethink digital service delivery. Success will depend on:

• Platform integration to reduce complexity.
• Open architecture for interoperability and flexibility.
• AI-ready infrastructure that anticipates the ubiquity of AI in enterprise apps.
• Collaboration across the ecosystem to develop shared defenses and best practices.

Digital transformation isn’t slowing down – it’s accelerating. Only organizations that build flexible, integrated, and AI-ready architectures today will be able to master tomorrow’s complexities while safeguarding the security, performance, and reliability that their customers expect.

Many of our internal case studies show that customers hardly consider advanced application security unless they are faced by a real external threat. For most of them, this comes as a surprise, because they believed in the power of existing tools and processes. In reality, only the right tools can protect against emerging and automated threats, so many of our customer engagements (with more or less convincing sales arguments) eventually end up in “emergency onboardings” with little or no time for strategic decisions. My recommendation: Act now and do not wait until your digital services are cut off from the Internet by attackers or precious user accounts get hijacked!

With over 10 years of experience at F5, Markus Hennig is a seasoned sales professional specializing in SaaS platforms that help businesses secure web applications and API interfaces. As a Distributed Cloud Evangelist, he drives adoption of F5’s cutting-edge solutions, ensuring seamless security integration for enterprises. Beyond his expertise in SaaS security, Markus plays a pivotal role in complex bids, providing strategic guidance and specialized support to regional sales teams in more than 20 countries. His deep understanding of cloud technologies and enterprise security makes him a valuable asset in navigating the evolving digital landscape.