F5 and Red Hat Partner for Agentic Security on OpenShift
Dillip Chowdary • Mar 11, 2026 • 15 min read
As enterprises transition from simple AI experiments to full-scale agentic deployments, the underlying infrastructure must evolve to handle a new class of threats. On March 11, 2026, F5 and Red Hat announced a strategic partnership to bring AI Red Team Operators to the Red Hat OpenShift platform. This collaboration integrates F5’s advanced application security and traffic management with OpenShift’s robust container orchestration, creating an autonomous "Self-Defending" ecosystem. The goal is to provide platform teams with the tools needed to red-team their own agentic swarms in real-time, catching prompt injections, logic drifts, and unauthorized tool calls before they can be exploited by external adversaries.
1. The Problem: The Complexity of Agentic Swarms
In a modern Kubernetes-based AI environment, "The Application" is no longer a single container. It is a swarm of autonomous agents, each with its own context, tools, and permissions. This leads to three significant security challenges:
- Lateral Movement via LLM: An attacker might use a public-facing agent to "reason" its way into an internal, higher-privileged agent, bypassing traditional network-level segmentation.
- Prompt Injection at Scale: Standard WAFs (Web Application Firewalls) cannot distinguish between a legitimate complex query and a subtle prompt injection attack designed to exfiltrate data via a tool call.
- Infrastructure Drift: As agents autonomously create and modify resources (like temporary vector namespaces), the security posture of the OpenShift cluster can drift in minutes.
2. Technical Architecture: The AI Red Team Operator
The centerpiece of the partnership is the AI Red Team Operator, a native Kubernetes operator that runs alongside the customer's AI swarms. This operator uses a Digital Twin methodology to probe the environment.
The architecture consists of three integrated components:
- The F5 BIG-IP Next for AI: This is a specialized ingress controller that performs Semantic Inspection of all incoming and outgoing agentic traffic. It identifies the "intent" of a prompt before it reaches the model.
- The Red Hat OpenShift AI Shield: A hardened runtime environment that uses eBPF (Extended Berkeley Packet Filter) to monitor system calls made by agents. If an agent tries to use a "Tool" (like a database connection) in a way that wasn't predicted by its policy, the Shield kills the process.
- The Red Team Agent: An autonomous "Attacker Agent" that continuously attempts to "jailbreak" the production swarms. It uses the latest exploit models to find weaknesses in the system prompts and tool-call boundaries.
Visualize Your Red Team Operations
Complex Kubernetes security events are hard to explain to non-technical leaders. Use our AI Video Generator to create dynamic, real-time visualizations of your Red Team's attack paths and your infrastructure's autonomous defenses.
Generate Security Recap →3. "The How": Autonomous Vulnerability Discovery
The partnership introduces a new methodology called Adversarial Drift Detection (ADD). How it works is by leveraging F5’s telemetry data and Red Hat’s kernel-level monitoring.
When a developer deploys a new agent swarms to OpenShift, the AI Red Team Operator automatically spins up an "Adversarial Twin." This twin is fed the exact same system prompts and tool access as the production agent. It then uses Reinforcement Learning from Adversarial Feedback (RLAF) to find input strings that cause the production agent to violate its security constraints. Because this happens in a sandboxed namespace on the same cluster, the "Red Teaming" is continuous and context-aware, catching vulnerabilities that generic external scanners would miss.
4. Benchmarks: Security vs. Performance
F5 and Red Hat released performance benchmarks from their early access program, focusing on the overhead of "Semantic Inspection" on OpenShift nodes:
- Inference Latency: The F5 BIG-IP Next for AI adds less than 5ms to the request-response cycle for prompt sanitization.
- Threat Detection: The Red Team Operator identified 82% of novel prompt injections (zero-day attacks) before they were officially documented in the OWASP for LLM database.
- Resource Impact: The security infrastructure consumes less than 4% of total cluster CPU, even when performing continuous red-teaming across 100+ active agents.
5. Implementation Guide: Securing your OpenShift AI
For organizations already running OpenShift, the transition to agentic security involves three key steps:
Step 1: Install the F5-RedHat Operator. Deploy the unified operator from the OpenShift Marketplace to begin mapping your internal agent-to-agent traffic.
Step 2: Define "Tool-Call" Policies. Use the declarative YAML syntax to define exactly which external systems each agent namespace is allowed to interact with.
Step 3: Enable Continuous Red-Teaming. Set a "Security Budget" (in tokens) for the autonomous Red Team Agent to probe your environment daily, ensuring that no new logic drifts have introduced vulnerabilities.
Conclusion
The F5 and Red Hat partnership marks a turning point in hybrid cloud AI security. By moving from "Reactive Defense" to "Autonomous Offense," they are giving enterprises the confidence to deploy complex agentic swarms at scale. In the world of 2026, a secure cluster is not one that has never been attacked; it is one that attacks itself every day to find its own weaknesses before anyone else does. For OpenShift users, the future of AI is not just intelligent—it is resilient by design.