A new report by F5 indicates that only 2% of organizations worldwide are highly prepared to securely scale AI across their operations. The 2025 State of AI Application Strategy Report compiles insights from 650 global IT leaders and an additional 150 AI strategists, representing organizations with at least $200 million in annual revenue.
The report highlights current challenges in enterprise AI readiness and their capacity to adapt to rapid innovations. A significant finding is that while 77% of companies show moderate AI readiness, most lack robust governance and comprehensive cross-cloud security, increasing their exposure to risks. Conversely, 21% of companies are categorized as having low readiness, which limits their competitive advantage as AI reshapes industries.
F5’s research also identifies trends in the expansion of AI use within enterprises. Approximately 70% of moderately ready organizations are actively using generative AI, with nearly all others in the process of implementing it. On average, 25% of applications across organizations utilize AI. Highly ready organizations typically apply AI to a much higher percentage of their portfolios, with widespread saturation anticipated. In contrast, low-readiness organizations use AI in less than a quarter of their applications, often in isolated or experimental settings, while moderately ready organizations integrate AI into about one-third of their applications.
The report also provides insight into enterprises’ approaches to AI model adoption. Nearly two-thirds of surveyed respondents (65%) use at least two paid models along with one or more open-source models. The average organization employs three models, and the use of multiple models is correlated with deployments across various environments or locations. While paid models like GPT-4 are widely used, open-source alternatives such as Meta’s Llama variants, Mistral AI variants, and Google’s Gemma are also popular.
“As AI becomes core to business strategy, readiness requires more than experimentation—it demands security, scalability, and alignment,” said John Maddison, Chief Product and Corporate Marketing Officer at F5. “This report highlights actionable steps for organizations to operationalize AI with confidence. AI is already transforming security operations, but without mature governance and purpose-built protections, enterprises risk amplifying threats.”
The report also underscores critical cybersecurity concerns as organizations scale AI capabilities, noting challenges in securing AI workloads. Key cybersecurity trends identified include:
- Organizations view AI as a viable cybersecurity asset, with 71% of all respondents already using AI to augment security.
- However, AI-specific protections are largely absent, as only 18% of moderately ready organizations have deployed an AI firewall, though 47% plan to do so within a year.
- Data governance weaknesses are also apparent, with only 24% of organizations practicing continuous data labeling, which reduces transparency and increases risks of adversarial attacks.
Furthermore, hybrid environments introduce cross-cloud inconsistencies, leaving workflows and data vulnerable, and the use of diverse AI models expands the attack surface without proper control frameworks for open-source tools.
The report introduces the AI Readiness Index, a framework that measures six factors of operational maturity, including security and infrastructure alignment. F5 outlines key actions for enterprises to enhance AI scalability and security. These recommendations include diversifying AI models by using both paid and open-source AI tools while improving governance to mitigate risks.
Enterprises are also advised to expand AI use across workflows, moving beyond pilots to embed AI in operations, analytics, and security for enterprise-wide transformation. Additionally, integrating AI-specific security measures, such as deploying AI firewalls and formalizing data governance processes including data labeling, is crucial for safeguarding workflows.
Organizations with high AI readiness are better positioned to scale effectively, mitigate risks, and leverage innovation strategically. Conversely, those without mature frameworks may face operational bottlenecks, compliance challenges, and hindered growth. The AI Readiness Index is intended as a roadmap for enterprises to benchmark their progress and implement actionable changes for secure scalability.
“The research in the State of AI Application Strategy Report aligns with what we’re observing across the Middle East, where many organizations are increasingly integrating AI into their operations, often without all the necessary levels of governance or safeguards in place,” said Mohammed Abukhater, RVP for the Middle East, Türkiye, and Africa at F5. “While most companies demonstrate moderate AI readiness, they still need to ensure robust governance and comprehensive cross-cloud security to avoid exposure to significant risks. In line with the report’s AI Readiness Index, we are committed to empowering our customers to embed AI in their operations for seamless application delivery and security.”
