F5 and Skyfire Partner to Enable AI Agent Authentication for Secure Agentic Commerce

Key Takeaways

F5 and Skyfire form a strategic partnership to integrate KYA protocol-based AI agent authentication into bot defense infrastructure
The solution blocks malicious bots while safely permitting legitimate AI agent commerce transactions
E-commerce operators can capture AI agent-driven sales opportunities starting late April 2026 without modifying existing infrastructure

Network Security Leader and AI Payments Startup Join Forces

F5 and Skyfire Partner to Advance Secure Agentic Commerce for the Enterprise

F5 and Skyfire partner to advance secure agentic commerce

On March 18, 2026, F5 (NASDAQ: FFIV), a global leader in application delivery and security, and Skyfire, a startup providing payment infrastructure for AI agents, announced a technology partnership. They will integrate Skyfire's open protocol "Know Your Agent (KYA)" into F5's unified platform, the Application Delivery and Security Platform (ADSP).

The purpose of the partnership is clear: enabling e-commerce operators to distinguish between "legitimate AI agents" and "malicious bots." This allows AI agent traffic that was previously blanket-blocked by bot defense measures to be safely accepted as authenticated commerce transactions.

Background and Industry Trends

The agentic commerce market is expanding rapidly. According to Morgan Stanley's analysis, AI agent-driven U.S. e-commerce spending is projected to reach $190 billion to $385 billion by 2030. IBM research shows that 45% of consumers already use AI in some part of the purchasing process.

Meanwhile, a serious security contradiction has emerged. Bot defense systems designed to protect e-commerce sites from unauthorized access and scraping are also blocking legitimate AI agents that search for and purchase products on behalf of consumers. F5 CMO John Maddison states in the press release: "Merchants need the ability to differentiate between malicious agents and bots and authenticated AI agents acting on behalf of actual customers."

This challenge is a structural industry-wide problem. Other security vendors such as Akamai have also addressed bot management in the agentic era, and trust-based traffic control — rather than a binary "block or allow" — is becoming the next-generation standard.

Technical Architecture of the KYA Protocol

At the core of this integration is Skyfire's "Know Your Agent (KYA)" protocol. Named after the financial industry's "KYC (Know Your Customer)," it implements "identity verification" for AI agents.

Technically, the KYA protocol uses standard JSON Web Tokens (JWT). It is compatible with existing OAuth2, HTTP, and JWKS (JSON Web Key Set) infrastructure, meaning no large-scale system modifications are required on the e-commerce operator side. F5's bot defense capabilities interpret these tokens at the edge, applying access policies in real time.

The specific capabilities e-commerce operators gain are:

Enhanced AI agent traffic authentication: Through existing F5 bot defense infrastructure, selectively identify authenticated agents rather than blanket-blocking automated requests
Agent identity visibility: Centrally understand AI-based traffic, the agents themselves, and the humans or organizations behind requests via KYA tokens
Secure agentic commerce enablement: Using Skyfire's tokenized payment credentials, agents complete purchases through existing e-commerce checkout flows
AI traffic monetization: Link agent requests to responsible paying entities

Skyfire CEO Amir Sarhangi explains: "AI agents are the new consumers of the internet, but they've been locked out by security measures designed exclusively for humans."

Notably, in December 2025, Skyfire integrated with Visa's Intelligent Commerce Suite and Trusted Agent Protocol, demonstrating an AI agent evaluating products on Consumer Reports and completing a purchase on Bose.com. The F5 partnership represents the next step: bringing this payment infrastructure onto enterprise-scale security infrastructure.

Impact on E-commerce Businesses and How to Leverage

The most notable aspect is the low barrier to adoption. E-commerce operators already using F5 Distributed Cloud Bot Defense will be able to enable agent authentication without additional steps. To accept agentic payments via Skyfire, configuration through the F5 Distributed Cloud Console is all that's needed. "No replatforming required" is explicitly stated in the official announcement.

Availability is scheduled for by April 30, 2026.

E-commerce operators should consider three key points. First, review your bot defense rules. If you're currently blanket-blocking AI agents, you may be losing legitimate purchase traffic. Second, frame agentic commerce readiness as a "security investment." Treating it as an extension of existing security infrastructure rather than mere new channel exploration makes internal decision-making smoother. Third, track the KYA protocol's development. Skyfire has published KYAPay as an open protocol, with potential to expand beyond F5 to other security vendors.

Summary

The F5 and Skyfire partnership provides a concrete solution to the industry's biggest challenge: "balancing security and commercial opportunity" in agentic commerce. The concept of "KYA (Know Your Agent)," modeled after KYC, has the potential to become a new standard for trust-building in the AI agent economy.

The next thing to watch is how many e-commerce operators add agentic traffic to their "allow lists" after the integration release in late April 2026. Also noteworthy is F5's broader AI infrastructure positioning, including this week's announcements on AI inference infrastructure collaboration with NVIDIA and AI security research with AWS and Microsoft.