CalypsoAI
Also known as: Calypso AI, F5 AI Guardrails
Enterprise AI security platform that red teams, defends, and monitors AI models, apps, and agents at the inference layer. Now an F5 company.
CalypsoAI is an enterprise AI security platform that protects AI models, applications, and agents at the inference layer, the live moment when a model takes input and produces output. The company was founded in 2018 and began with national security work in Dublin and Washington before expanding into the commercial market. In September 2025 it was acquired by F5, the application delivery and security vendor, for $180 million, and its technology is being folded into the F5 Application Delivery and Security Platform under the F5 AI Guardrails name while keeping its model agnostic, vendor neutral approach.
The platform is organized as an inference perimeter built from three modules. Inference Red Team runs autonomous adversarial testing, firing thousands of attack prompts at a system to surface prompt injection, jailbreaks, and bias, and generates more than 10,000 fresh attack patterns each month to produce a risk score. Inference Defend applies real time guardrails and scanners that block prompt injection, sensitive data leakage, and policy violations as they happen. Inference Observe gives security teams centralized visibility, policy control, and audit logs across their whole AI estate.
Because protection sits at the inference layer rather than inside any one model, the same controls apply across providers, clouds, and environments, which matters to buyers who do not want to be locked to a single AI vendor. A process the company calls MutAIt lets defenses adapt as new attacks appear, rather than relying on static rules. The platform exposes a model agnostic API and connects natively to SIEM and SOAR tools, along with ticketing, identity, and notification systems, so AI specific threats show up in the same workflows security teams already run.
CalypsoAI is used by Fortune 500 organizations in financial services, consumer goods, critical infrastructure, and healthcare, and its centralized observability and audit trails are aimed at GDPR and EU AI Act obligations. It deploys as SaaS, on premises, or hybrid. Pricing is subscription based and sold through sales, scaled by inference volume, data processed, and the modules a customer turns on, with no public price list. Following the F5 acquisition, the capability is increasingly delivered as part of F5 AI Guardrails.
Vendor details
Canonical URL
https://calypsoai.com
Category
Agent infrastructure
Subcategory
AI security and red teaming
Funding status
Founded 2018 (Dublin, Ireland and Washington, DC), originally serving national security use cases before expanding to the commercial market. Acquired by F5 (NASDAQ: FFIV) for $180M in a deal announced September 2025, and being integrated into the F5 Application Delivery and Security Platform as F5 AI Guardrails.
Company status
acquired
Use cases & customers
Primary use cases
Target customers
Deployment options
Integrations
Model agnostic API that works across AI providers and clouds, with native integration into SIEM and SOAR, plus ticketing, identity, and notification systems. Now being embedded into the F5 Application Delivery and Security Platform alongside WAF and API security.
In practice
Your security team needs to know whether your production LLM can be jailbroken before attackers do. CalypsoAI's red team fires thousands of evolving attack prompts at it and returns a risk score.
You are rolling out agents across several model providers and cannot bolt a different security tool onto each one. You put CalypsoAI at the inference layer so one set of guardrails covers every model and cloud.
Compliance is asking how you monitor and audit AI use across the company. Inference Observe gives you centralized visibility, policy control, and audit logs across the whole AI estate for GDPR and EU AI Act reporting.
Sources & related URLs
Related / legacy domains
Capability coverage
7.5 / 14 capabilities · 54%
| Integrations & Tool CallingModel agnostic API with native integration into SIEM, SOAR, ticketing, identity, and notification systems, but it does not provide agent tool calling. | Partial |
|---|---|
| Workflow OrchestrationEnforces security policies and guardrails at the inference layer but does not orchestrate agent workflows or runtime execution. | Unable to verify |
| Knowledge Grounding & RAGA security and guardrails layer with no retrieval or knowledge grounding capability of its own. | Unable to verify |
| Human Oversight & GuardrailsCore product. The Inference Defend module applies real time guardrails and scanners that block prompt injection, sensitive data leakage, and policy violations, with human defined policies and centralized policy control. | Full |
| Security, Identity & GovernanceThe entire product is AI security and governance: runtime threat defense, RBAC, audit logs, identity integration, and compliance support for GDPR and the EU AI Act. | Full |
| Observability & AuditabilityThe Inference Observe module provides centralized visibility into AI usage, policy control, and audit logs across the AI estate. | Full |
| Memory & State PersistenceLogs and audits AI interactions for security, but does not provide a runtime memory or state layer for agents. | Unable to verify |
| Deployment & Data ResidencyDeploys as SaaS, on premises, or hybrid across cloud and on premises environments, giving regulated buyers control over where data and inference are processed. | Full |
| Prebuilt Agents, Templates & PacksShips customizable defensive scanners and a continuously growing library of more than 10,000 attack patterns a month, which are prebuilt security content rather than prebuilt agents. | Partial |
| Triggers & Channel CoverageReal time defenses trigger blocks and alerts on detected threats and route to notification and SIEM channels, but it provides no agent invocation channels or schedulers. | Partial |
| Model Flexibility & RoutingModel and provider agnostic, applying the same controls across any model and cloud at the inference perimeter, but it does not route model traffic. | Partial |
| APIs, SDKs & MCP ExtensibilityExposes a model agnostic API and customizable, extensible scanners and policies with broad security tool integrations, but published SDK and MCP extensibility is limited. | Partial |
| Testing, Debugging & OptimizationThe Inference Red Team module runs automated adversarial testing at scale, firing thousands of attack prompts and generating over 10,000 new attack patterns monthly to surface vulnerabilities and produce a risk score that drives hardening. | Full |
| Browser & Computer UseNot applicable. CalypsoAI is an AI security platform and does not provide browser automation or computer use. | Unable to verify |
Pricing
Contact sales
Subscription scaled by inference request volume, data processed, and modules enabled
Included quota
Not publicly disclosed. Allowances are set per contract based on inference volume and data processed.
What is public
Publicly, CalypsoAI is described as a subscription product sold by quote, scaled by inference volume, data, and modules. No dollar figures are published.
Billing mechanics
Subscription priced by usage tiers tied to inference request volume and data processed, plus the modules a customer enables (Inference Red Team, Inference Defend, Inference Observe). Sold and quoted through sales rather than self serve.
Cost watchouts
Total cost scales with inference volume, data processed, and the number of modules (Red Team, Defend, Observe) enabled. Post acquisition packaging may shift to F5 AI Guardrails licensing.
Variable cost rationale
Cost is tied to inference request volume and data processed, which grow with production AI usage, and to how many modules are enabled. With no public rates, exposure is hard to bound in advance.
Additional watchouts
Pricing and packaging are in flux due to the F5 acquisition. Buyers should confirm whether they are purchasing the standalone CalypsoAI platform or F5 AI Guardrails.
Overage / add-ons
Not publicly disclosed; usage tiers and overage are negotiated in the subscription.
Sales call required
Yes — required for paid access
Free / trial
No public free tier; demos and evaluations arranged through sales
Lowest paid plan
None published; pricing is by quote
Commercial notes
Aimed at large enterprises and regulated industries with dedicated security operations. Sold with vendor support and SLAs. Now an F5 company, with the capability moving into F5 AI Guardrails and the broader F5 Application Delivery and Security Platform.
Key ambiguities
No public pricing exists, and packaging is in transition as the product is integrated into the F5 Application Delivery and Security Platform.
Cancellation / refund
Enterprise contract terms; not publicly disclosed.
Support SLA / resale
Vendor support and SLAs are part of the commercial offering; specifics are negotiated per contract.
Missing data
No public price points, tier thresholds, or overage rates. Current packaging under F5 is not yet publicly detailed.
Related vendors
- AgentOps — Agent observability and reliability platform with broad model and…
- Agno — High-performance agent runtime and framework (formerly Phidata) with…
- Apify — Cloud platform for web scraping and automation with 45,000+ prebuilt…
- Arcade — Authenticated tool calling platform and MCP runtime that handles…
- Arize AI — AI observability and evaluation platform that traces, evaluates, and…
- Braintrust — AI evaluation and observability platform with self-serve pricing,…