F5's CalypsoAI adds Model Risk Leaderboards and Threat Intelligence

Key Takeaways

• CalypsoAI introduced two benchmarking systems, CASI and ARS, to evaluate AI model security.
• The leaderboards use continuously updated attack data and autonomous agent testing.
• Enterprises gain new tools to assess AI model risk before deployment, complementing CalypsoAI owner, F5.

Organizations racing to deploy artificial intelligence often find themselves asking a deceptively simple question: how secure is the model at the center of their workflow? Until recently, the industry lacked a standardized way to compare AI model risk or understand how these systems behave under real, adaptive threat pressure. That gap is what CalypsoAI is aiming to close with its new security leaderboards and threat intelligence resources.

The announcement centers on two metrics: the Comprehensive AI Security Index (CASI) and the Agentic Resistance Score (ARS). Both are intended to give enterprise security teams clearer visibility into the behavior of popular AI models when exposed to a growing landscape of adversarial tactics. While AI performance benchmarks have existed for years, comparable measures of security have lagged behind, often leaving teams to run bespoke testing or rely on vendor assurances.

Here is where the story becomes more interesting. These new capabilities stem from CalypsoAI's extensive work in building one of the largest libraries of AI vulnerabilities and adversarial prompts. According to the details shared, that library grows by more than ten thousand attack prompts per month. The idea that a vulnerability dataset can expand this quickly underscores just how fast generative AI attack techniques are evolving.

CASI is designed as a broad index, ranking AI models based on several factors. It includes an average performance baseline across standardized tasks, a risk-to-performance ratio that shows how safety tradeoffs may affect output quality, and a cost-of-security metric that puts financial impact into perspective. For buyers trying to balance model accuracy with resilience, this mix of measurements can help them weigh competing priorities. The interplay between performance and hardening is rarely simple, so having a quantified comparison can support better decisions.

ARS, on the other hand, takes a different angle. Instead of testing a model with one-off adversarial prompts, the score examines how well a model withstands ongoing interaction with an autonomous agent trained to compromise it. These agents use multi-step reasoning, pattern inference, and psychological manipulation techniques to bypass guardrails. It is the type of stress test that tries to mirror how attackers actually behave. ARS looks at how clever an attacker would need to be, how long the system stays secure during persistent attacks, and whether rejected attempts reveal subtle clues that could be weaponized later. That last point is often overlooked; many systems unintentionally leak signals that help future exploitation even when an individual attack fails.

There is a broader market context here. As businesses embed AI into customer support, development workflows, and internal decision systems, the risk of a compromised model becomes more consequential. Industries with regulatory requirements or sensitive data face even higher stakes. So the push for security validation is not just a compliance exercise; it is increasingly a core operational requirement. One may ask whether enterprises will truly adopt standardized security rankings for procurement, but the momentum behind model governance suggests they might.

These benchmarks complement broader security infrastructure. For instance, the F5 Application Delivery and Security Platform handles API protection, DDoS mitigation, and traffic inspection. With new visibility tools, such platforms can better integrate runtime AI governance, giving teams insight into model behavior during real interactions. The combination of static rankings—like those provided by CASI—and live monitoring helps security leaders frame a more complete picture of model risk. It is one thing to score well in a benchmark and another to behave safely when integrated into production workflows.

Another part of the rollout involves two related tools: AI Guardrails and AI Red Team. AI Guardrails allow organizations to define rules for how their AI systems interact with people and data, either through built-in or custom policies. Meanwhile, AI Red Team uses waves of autonomous agents to test models with adaptive attacks. Essentially, this testing feeds into the CASI and ARS scoring pipeline. It creates a feedback loop where real-world attack simulations continually refine the benchmarks.

CalypsoAI plans to update the leaderboards monthly. That cadence is notable. Threat landscapes in AI do not shift slowly, and a static benchmark could become quickly outdated. Regular updates help capture emerging vulnerabilities or improvements in model hardening. Similarly, groups like F5 Labs continue to publish threat intelligence that explains shifting security scores, providing additional context for teams that need to understand trends rather than just raw numbers.

For security practitioners, this may mark a shift toward treating model selection as a measurable risk decision rather than a performance-driven procurement discussion. Tools like CASI and ARS do not eliminate the need for internal testing, but they can provide a consistent starting point. Some organizations will likely use the leaderboards as a filtering mechanism before investing time in deeper evaluation.

The complexity of modern AI systems means there will never be a single number that captures security posture perfectly. Still, standardized measures can help normalize expectations and improve communication between technical teams and business stakeholders. The release of these new leaderboards signals that AI security benchmarking is becoming more formalized, which may encourage broader knowledge sharing among practitioners.

As more enterprises adopt AI at scale, the ability to compare model risk with a common reference point could make a meaningful difference. Whether these benchmarks become an industry standard is yet to be seen, but they offer a structured approach at a moment when many organizations are searching for clarity.