Agentic commerce has a trust problem, and it’s not the one most people expect.
The challenge isn’t that merchants don’t want to transact with AI agents. It’s that the infrastructure they’ve spent decades building to protect their platforms was specifically designed to stop automated traffic. Bot defense systems, web application firewalls, and fraud detection layers aren’t bugs; they’re some of the most effective enterprise security technologies ever deployed. They work, in large part, because they’ve been trained to treat non-human traffic as a threat.
That’s the wall AI agents keep running into. And it’s exactly the problem Skyfire and F5 are addressing together.
Today, we’re announcing a technology partnership that integrates Skyfire’s Know Your Agent (KYA) protocol directly into F5 Distributed Cloud Bot Defense. The result: verified AI agents can now be verified and the appropriate level of access can be provided to the world’s most security-conscious commercial platforms.
Understanding the F5 Footprint
To appreciate why this partnership matters, you need to understand what F5 actually is and how deeply embedded it is in enterprise web infrastructure.
F5, Inc. is one of the foundational companies of the modern internet. F5 built and operates the platform layer that sits between the public internet and the applications running global commerce. If you’ve transacted with a major bank, shopped at a large retail platform, or used a healthcare portal in the last thirty years, there’s a good chance F5 infrastructure was involved.
F5’s core product family, now unified under the F5 Application Delivery and Security Platform (ADSP), handles the hard problems of enterprise-scale application traffic: load balancing, SSL/TLS orchestration, API gateway management, DDoS protection, web application firewalls, and bot management. These aren’t lightweight tools. F5’s deployments operate at the edge, in the cloud, on-premises, and across hybrid multicloud environments for some of the most technically demanding organizations on earth.
The bot management component, F5 Distributed Cloud Bot Defense, is where the Skyfire integration lives. Bot Defense is one of the most sophisticated automated threat detection systems in production today. According to F5’s own research, sneaker or scalper bots already account for roughly one in five add-to-cart transactions in e-commerce. The platform has been hardened against years of adversarial pressure from attackers who actively work to evade detection.
When F5 Distributed Cloud Bot Defense determines that traffic isn’t human, that traffic doesn’t get through. And until now, that included legitimate AI agents.
The Bot Defense Problem for Legitimate Agents
The behavioral signals that indicate a malicious bot also describe a perfectly legitimate AI agent completing a task on behalf of a real user: speed of navigation, absence of mouse movement patterns, headless browser signatures, and non-human session timing. A Skyfire-powered agent shopping for software subscriptions, booking travel, or managing procurement looks, at the HTTP layer, nearly indistinguishable from a scraper or a credential-stuffing bot.
F5’s own security researchers have explored this problem with some urgency. The company has written about what they call the “lethal trifecta” of agentic risk: AI agents that combine access to private data, untrusted inputs, and external communication channels create structurally dangerous environments. F5 Labs has been tracking the rapid evolution of agentic platforms, the explosion of MCP-connected tooling, and the challenge of distinguishing legitimate automation from malicious automation at scale.
Their conclusion is straightforward: existing paradigms weren’t built for a world in which a significant and growing portion of web traffic originates from authorized, accountable AI agents acting on behalf of real people and enterprises. As F5 has noted in its analysis of the agentic AI era, bot management tools must evolve. Not just to detect new attacker techniques, but to recognize and authorize legitimate non-human principals.
That’s not a small ask. It requires an identity layer that didn’t previously exist.
How F5 Bot Defense Actually Works
F5 Distributed Cloud Bot Defense operates at the edge of enterprise infrastructure. It intercepts web and API traffic before it reaches application servers, applies ML-based behavioral analysis, checks signals against known threat intelligence, and makes real-time allow/block/challenge decisions at scale.
The platform is designed to be transparent to end users and to require minimal integration work from protected applications. Merchants configure policies through the Bot Defense management console; enforcement happens automatically at the network layer.
What makes Bot Defense particularly difficult to work around, from an AI agent perspective, is that its detection models are trained on real-world behavioral data from billions of transactions. Unlike simple IP-blocklist or user-agent-string approaches, Bot Defense looks at holistic behavioral patterns: the cadence of requests, the ordering of operations, and the consistency between declared identity and observed behavior. Forging a human-looking user agent string won’t get you through.
This is a feature. It’s what makes Bot Defense effective against sophisticated adversaries who have spent years trying to defeat it. But it also means that legitimate AI agents, even ones with clean IP reputations and properly configured headers, will trigger detection. Because they genuinely are automated.
The Skyfire integration changes the policy-layer decision logic. Rather than asking “does this traffic look human?”, the system can now ask “does this traffic carry verified identity for a known, accountable AI agent?” When the answer is yes, the platform can route the agent through to the application instead of blocking it.
F5’s Evolving Thinking on Agentic Infrastructure
This partnership sits within a broader shift in F5’s approach to agentic AI across its product portfolio.
On the API management side, F5 has been exploring how the infrastructure must evolve to accommodate MCP-based agent communication, particularly in high-throughput environments where agents must dynamically discover and invoke capabilities. F5’s position is that MCP alone, as a protocol, lacks the enterprise-grade security, scaling, and governance features required for production deployment. It needs an enforcement layer. F5 has been building that layer for decades, and the company sees its role in the agentic era as the same one it played in the cloud transition: providing the security and traffic management infrastructure that makes new paradigms viable at enterprise scale.
On the threat intelligence side, F5 Labs researchers have been examining how the same capabilities that make AI agents useful for legitimate commerce also make them potent attack vectors. Agentic frameworks that combine file system access, untrusted web inputs, and external API communication create what F5’s researchers describe as a structural vulnerability. Agents have stateful memory; malicious payloads can persist across sessions. Standard firewall rules and CVE-based defenses weren’t designed for this attack surface.
F5 is navigating all of this by extending its core platform capabilities into the agentic layer. That means AI guardrails, red teaming tools for AI systems, MCP-aware API management, and now, through the Skyfire partnership, a way to selectively allow verified agent traffic through F5’s bot defense without compromising the broader security posture.
The commercial logic is simple. The same blocks that stop fraud also stop legitimate revenue. Merchants running Distributed Cloud Bot Defense currently face a binary choice: accept the security risk of allowing unverified automated traffic, or incur revenue loss by blocking all non-human traffic indiscriminately. Neither is a good answer as agent-driven commerce scales.
How the KYA Integration Works
Skyfire’s Know Your Agent protocol is built on standard web identity infrastructure: JSON Web Tokens (JWTs) conforming to existing OAuth2, HTTP, and JWKS specifications. This was a deliberate design choice. KYA tokens can be verified using the same public key infrastructure enterprise environments already use for OAuth2 and OpenID Connect. No custom integration work required.
When a Skyfire-verified agent makes a request to an F5-protected application, it presents a KYA token as part of the request. The token contains a structured identity claim covering three layers: the AI platform originating the agent, the specific agent identity, and the human or enterprise principal that authorized the agent to act on their behalf. The full provenance chain is cryptographically signed.
Distributed Cloud Bot Defense, configured with the Skyfire integration, interprets this token at the edge. When it finds a valid KYA token whose signature verifies against Skyfire’s public key infrastructure, it applies the merchant’s configured policy for verified agents. This can be a full allow, a conditional allow with additional logging, or any other policy the merchant defines. Enforcement happens in real time, at the point of ingress, before the request reaches the application layer.
No re-platforming required on the merchant side. The integration works within F5’s existing bot defense management console. Merchants who are already F5 customers can enable support for Skyfire-verified agents through their existing management interface.
What F5 Customers Get
For merchants and content providers running F5 Distributed Cloud Bot Defense, the practical changes are concrete.
They can configure allow policies for Skyfire-verified agents within their existing bot defense management console, without changes to downstream applications. They gain visibility into the full identity stack behind each agent request: the platform, the agent instance, and the human principal. This supports both security auditing and business intelligence. Skyfire’s tokenized payment credentials enable agents to complete standard e-commerce checkout flows using existing payment infrastructure, without building parallel checkout paths for agent traffic. And because each agent request is tied to an accountable principal with a real payment relationship, merchants can link agent-driven transactions to revenue.
Converting previously untraceable automated traffic into attributable business is, in practical terms, what this partnership enables.
The Skyfire Piece: Identity That Travels With the Agent
The core problem in agentic commerce isn’t technical. It’s accountability. Merchants aren’t worried about bot traffic just because it consumes server resources. They’re worried because unverified automated traffic has no person behind it. There’s no human who authorized the session, no financial relationship to trace, and no recourse if the agent misbehaves.
KYA changes that. Every Skyfire-verified agent carries a token attesting to who built the platform on which it runs, which agent is making the request, and which human or enterprise authorized that agent to act. That attestation is cryptographically signed and verifiable in real time without a round-trip to Skyfire’s servers.
When that token is presented to F5 Distributed Cloud Bot Defense, it transforms the request from anonymous automation into accountable commerce. The merchant knows who is on the other side of the transaction: not just a user agent string or an IP address, but a verified identity chain with a financial relationship attached.
Getting Started
The Skyfire integration with F5 Distributed Cloud Bot Defense is planned to be available by April 30, 2026. F5 customers will be able to enable Skyfire-verified agent traffic through the F5 Distributed Cloud Bot Defense management console.
Merchants and developers interested in integrating the Skyfire KYAPay protocol can learn more at [skyfire.xyz](https://skyfire.xyz).
The agentic web is already here. The question for every merchant operating at scale is whether their security infrastructure treats legitimate AI agents as threats — or as the next generation of customers.
F5 customers now have a third option.
Read the joint press release [here].
For more on F5 Distributed Cloud Bot Defense, visit https://www.f5.com/products/distributed-cloud-services/bot-defense
