F5 Battles Cyber Breach, Pushes AI-Driven Multicloud Security Platform
Ticker: FFIV · Form: 10-K · Filed: Nov 25, 2025 · CIK: 1048695
| Field | Detail |
|---|---|
| Company | F5, INC. (FFIV) |
| Form Type | 10-K |
| Filed Date | Nov 25, 2025 |
| Risk Level | high |
| Pages | 14 |
| Reading Time | 17 min |
| Sentiment | mixed |
Sentiment: mixed
Topics: Cybersecurity, Multicloud, Application Delivery, SaaS, AI, Data Breach, Enterprise Software
Related Tickers: FFIV, PANW, CRWD, NET
TL;DR
**FFIV is a buy on the dip; the cyber incident is a short-term blip in a strong long-term multicloud security play.**
AI Summary
F5, Inc. (FFIV) reported a fiscal year ending September 30, 2025, focusing on multicloud application delivery and security. The company disclosed a significant 'Cyber Incident' on October 15, 2025, where a threat actor maintained persistent access and exfiltrated files, posing a material risk. F5's strategy centers on solving multicloud challenges with its F5 BIG-IP, F5 NGINX, and F5 Distributed Cloud Services, leveraging AI and machine learning. In 2025, F5 introduced the F5 Application Delivery and Security Platform (ADSP) to unify traffic management and security. The company is actively investing in SaaS-based F5 Distributed Cloud Services and expanding its security offerings, including Web App and API Protection (WAAP) and advanced bot mitigation. F5's market value of common stock held by non-affiliates was $15,351,963,269 as of March 31, 2025, with 58,089,614 shares outstanding as of November 12, 2025.
Why It Matters
F5's disclosure of a 'Cyber Incident' where files were exfiltrated is a critical concern for investors, potentially impacting customer trust and future revenue in a highly competitive cybersecurity market. For employees, it signals increased scrutiny and potential shifts in security protocols. Customers, especially those relying on F5 for application security, will be evaluating the company's ability to protect their data and maintain service integrity against rivals like Palo Alto Networks and CrowdStrike. The broader market will watch how F5 manages this breach, as it could set precedents for incident response in the cloud security sector.
Risk Assessment
Risk Level: high — The 'Cyber Incident' disclosed on October 15, 2025, where a threat actor maintained 'long-term, persistent access' and 'exfiltrated certain files,' presents a high risk. This type of breach can lead to significant financial costs, reputational damage, and potential loss of customer confidence, directly impacting future revenue and market share in the competitive cybersecurity landscape.
Analyst Insight
Investors should closely monitor F5's subsequent disclosures regarding the 'Cyber Incident' and its financial impact. While the company's strategic pivot to AI-driven multicloud security is promising, the immediate focus should be on how effectively F5 mitigates the breach's fallout and restores customer trust.
Key Numbers
- $15.35B — Market Value of Non-Affiliate Common Stock (As of March 31, 2025, indicating significant public float.)
- 58.09M — Shares Outstanding (As of November 12, 2025, representing the total shares available.)
- 2025 — Fiscal Year End (The period covered by this 10-K filing, ending September 30, 2025.)
- October 15, 2025 — Cyber Incident Disclosure Date (Date F5 disclosed a security breach with persistent access and data exfiltration.)
Key Players & Entities
- F5, Inc. (company) — Registrant and multicloud application delivery and security provider
- NASDAQ Global Select Market (regulator) — Exchange where F5's common stock is traded
- Securities and Exchange Commission (regulator) — Regulatory body for F5's filings
- $15,351,963,269 (dollar_amount) — Aggregate market value of common stock held by non-affiliates as of March 31, 2025
- 58,089,614 (dollar_amount) — Number of shares of common stock outstanding as of November 12, 2025
- F5 BIG-IP (company) — Product family for essential application delivery and security services
- F5 NGINX (company) — Product family for modern, container-native applications and APIs
- F5 Distributed Cloud Services (company) — Portfolio of SaaS and managed services
- F5 Application Delivery and Security Platform (ADSP) (company) — New platform introduced in 2025 to unify traffic management and security
- October 15, 2025 (date) — Date of disclosure of the 'Cyber Incident'
FAQ
What was the 'Cyber Incident' disclosed by F5, Inc. in its 10-K filing?
F5, Inc. disclosed a 'Cyber Incident' on October 15, 2025, where a threat actor maintained long-term, persistent access to F5 systems and exfiltrated certain files. This incident is detailed in Item 1A. Risk Factors and Item 7. Management's Discussion and Analysis of Financial Condition and Results of Operations.
How is F5, Inc. leveraging AI in its product strategy?
F5, Inc. is leveraging AI in a four-pronged strategy: solving security and performance challenges for AI workloads, enhancing existing products with AI models, innovating new offerings based on evolving security landscapes, and pursuing partnerships with global AI leaders. This is integrated into their F5 BIG-IP, F5 NGINX, and F5 Distributed Cloud Services product families.
What is the F5 Application Delivery and Security Platform (ADSP)?
The F5 Application Delivery and Security Platform (ADSP) was introduced in 2025 to unify high-performance traffic management with advanced application and API security at scale across hybrid and multicloud environments. It aims to simplify hybrid multicloud complexity and enhance security, scalability, and operational efficiency.
What are F5, Inc.'s primary geographic regions for business operations?
F5, Inc. conducts its business globally and manages operations across three primary geographic regions: Americas; Europe, the Middle East, and Africa (EMEA); and the Asia Pacific region (APAC).
What was the market value of F5, Inc.'s common stock held by non-affiliates as of March 31, 2025?
As of March 31, 2025, the aggregate market value of F5, Inc.'s common stock held by non-affiliates was $15,351,963,269, based on the closing sales price on the NASDAQ Global Select Market.
How many shares of F5, Inc. common stock were outstanding as of November 12, 2025?
As of November 12, 2025, the number of shares of F5, Inc.'s common stock outstanding was 58,089,614.
What are the key product families offered by F5, Inc.?
F5, Inc.'s key product families include F5 Distributed Cloud Services, F5 NGINX, and F5 BIG-IP. These families offer solutions for web application and API protection, hybrid multicloud networking, enterprise AI delivery and security, and more.
What is F5 Distributed Cloud WAAP?
F5 Distributed Cloud Web App and API Protection (WAAP) is a comprehensive SaaS-based security solution. It provides advanced Web Application Firewall (WAF) capabilities, DDoS mitigation, enhanced API security, and AI-enabled bot mitigation to protect applications and APIs from automated attacks.
Where is F5, Inc. headquartered?
F5, Inc. is headquartered in Seattle, Washington, at 801 5th Avenue, Seattle, Washington 98104.
What is F5, Inc.'s fiscal year end?
F5, Inc.'s fiscal year ends on September 30. For example, 'fiscal year 2025' refers to the fiscal year ended September 30, 2025.
Risk Factors
- Cyber Incident [high — operational]: F5 disclosed a significant security incident on October 15, 2025, where a threat actor achieved persistent access to F5 systems and exfiltrated files. This incident poses a material risk to the company's operations and reputation.
Industry Context
F5 operates in the dynamic multicloud application delivery and security market, facing increasing complexity as organizations adopt hybrid IT environments. The industry is characterized by a strong trend towards cloud-native solutions, SaaS offerings, and advanced security measures like WAAP to protect against sophisticated threats. Key competitors likely include other major cloud infrastructure providers and specialized security vendors.
Regulatory Implications
The disclosed cyber incident on October 15, 2025, could trigger regulatory scrutiny from bodies like the SEC, FTC, or international data protection authorities, potentially leading to investigations, fines, and increased compliance requirements. Companies are increasingly subject to data breach notification laws and cybersecurity regulations.
What Investors Should Do
- Monitor the impact of the Cyber Incident
- Evaluate the growth of F5 Distributed Cloud Services
- Assess competitive positioning in the multicloud security space
Key Dates
- 2025-10-15: Cyber Incident Disclosure — F5 disclosed a security breach where a threat actor maintained persistent access and exfiltrated files, indicating a significant operational and security risk.
- 2025-09-30: Fiscal Year End — Marks the end of the reporting period for the 10-K filing, providing the latest financial and operational data.
- 2025-03-31: Market Value of Non-Affiliate Common Stock Measurement — Indicates a market capitalization of $15.35 billion as of this date, reflecting investor valuation.
- 2025-11-12: Shares Outstanding Measurement — Reports 58,089,614 shares outstanding as of this date, crucial for per-share calculations and ownership analysis.
Glossary
- Multicloud
- An IT environment that utilizes services from multiple cloud providers (e.g., AWS, Azure, Google Cloud). (F5's core strategy is to provide application delivery and security solutions across these complex multicloud environments.)
- API
- Application Programming Interface, a set of rules and protocols that allows different software applications to communicate with each other. (F5 optimizes and secures APIs, which are critical for modern application integration and functionality.)
- SaaS
- Software-as-a-Service, a software distribution model where a third-party provider hosts applications and makes them available to customers over the Internet. (F5 is investing in SaaS-based F5 Distributed Cloud Services, indicating a shift towards cloud-native delivery models.)
- BIG-IP
- F5's flagship application delivery controller (ADC) product, providing services like load balancing, security, and performance optimization. (A core product in F5's portfolio for managing and securing applications.)
- NGINX
- A web server and reverse proxy software, known for its high performance and scalability, acquired by F5. (A key component of F5's strategy, particularly for modern application architectures and cloud deployments.)
- WAAP
- Web Application and API Protection, a comprehensive security solution that combines WAF, bot mitigation, API security, and DDoS protection. (F5 is expanding its security offerings in this area, highlighting its focus on advanced application security.)
Year-Over-Year Comparison
This filing covers the fiscal year ending September 30, 2025. Specific comparative metrics against the prior fiscal year (ending September 30, 2024) such as revenue growth, net income changes, and margin trends are not detailed in the provided text. However, a significant new risk factor has emerged with the disclosure of a major cyber incident on October 15, 2025, which was not present in previous filings.
Filing Stats: 4,261 words · 17 min read · ~14 pages · Grade level 16 · Accepted 2025-11-25 13:00:17
Filing Documents
- ffiv-20250930.htm (10-K) — 1717KB
- ffivex191f5insidertradingp.htm (EX-19.1) — 41KB
- ffiv10kex2119302025.htm (EX-21.1) — 12KB
- ffiv10kex2319302025.htm (EX-23.1) — 2KB
- ffiv10kex3119302025.htm (EX-31.1) — 9KB
- ffiv10kex3129302025.htm (EX-31.2) — 10KB
- ffiv10kex3219302025.htm (EX-32.1) — 7KB
- ffiv-20250930_g1.jpg (GRAPHIC) — 29KB
- ffiv-20250930_g2.jpg (GRAPHIC) — 22KB
- ffiv-20250930_g3.jpg (GRAPHIC) — 124KB
- image_0.jpg (GRAPHIC) — 5KB
- image_1.jpg (GRAPHIC) — 23KB
- 0001048695-25-000157.txt ( ) — 10553KB
- ffiv-20250930.xsd (EX-101.SCH) — 65KB
- ffiv-20250930_cal.xml (EX-101.CAL) — 105KB
- ffiv-20250930_def.xml (EX-101.DEF) — 287KB
- ffiv-20250930_lab.xml (EX-101.LAB) — 867KB
- ffiv-20250930_pre.xml (EX-101.PRE) — 619KB
- ffiv-20250930_htm.xml (XML) — 1465KB
Risk Factors
Item 1A. Risk Factors 12
Unresolved Staff Comments
Item 1B. Unresolved Staff Comments 27
Cybersecurity
Item 1C. Cybersecurity 27
Properties
Item 2. Properties 29
Legal Proceedings
Item 3. Legal Proceedings 31
Mine Safety Disclosures
Item 4. Mine Safety Disclosures 31 PART II
Market For Registrant's Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities
Item 5. Market For Registrant's Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities 32
[Reserved]
Item 6. [Reserved] 34
Management's Discussion and Analysis of Financial Condition and Results of Operations
Item 7. Management's Discussion and Analysis of Financial Condition and Results of Operations 35
Quantitative and Qualitative Disclosure About Market Risk
Item 7A. Quantitative and Qualitative Disclosure About Market Risk 43
Financial Statements and Supplementary Data
Item 8. Financial Statements and Supplementary Data 44
Changes in and Disagreements with Accountants on Accounting and Financial Disclosure
Item 9. Changes in and Disagreements with Accountants on Accounting and Financial Disclosure 76
Controls and Procedures
Item 9A. Controls and Procedures 76
Other Information
Item 9B. Other Information 77 PART III
Directors, Executive Officers and Corporate Governance
Item 10. Directors, Executive Officers and Corporate Governance 78
Executive Compensation
Item 11. Executive Compensation 78
Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters
Item 12. Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters 78
Certain Relationships and Related Transactions, and Director Independence
Item 13. Certain Relationships and Related Transactions, and Director Independence 78
Principal Accountant Fees and Services
Item 14. Principal Accountant Fees and Services 78 PART IV
Exhibits and Financial Statement Schedules
Item 15. Exhibits and Financial Statement Schedules 79
Form 10-K Summary
Item 16. Form 10-K Summary 79
SIGNATURES
SIGNATURES 82 2 Table of Contents
Forward-Looking Statements
Forward-Looking Statements This Annual Report on Form 10-K contains forward-looking statements within the meaning of Section 21E of the Securities Exchange Act of 1934 and Section 27A of the Securities Act of 1933. These statements include, but are not limited to, statements about our plans, objectives, expectations, strategies, intentions or other characterizations of future events or circumstances, including the Cyber Incident, as defined in Item 1. below, and are generally identified by the words "expects," "anticipates," "intends," "plans," "impact of the," "believes," "seeks," "estimates," and similar expressions. These forward-looking statements are based on current information and expectations and are subject to a number of risks and uncertainties. Our actual results could differ materially and adversely from those expressed or implied by these forward-looking statements. Factors that could cause or contribute to such differences include, but are not limited to, those discussed under "Item 1A. Risk Factors" below and in other documents we file from time to time with the Securities and Exchange Commission. We assume no obligation to revise or update any such forward-looking statements. Unless the context otherwise requires, in this Annual Report on Form 10-K, the terms "F5," "the Company," "we," "us," and "our" refer to F5, Inc. and its subsidiaries. Our fiscal year ends on September 30, and fiscal years are referred to by the calendar year in which they end. For example, "fiscal year 2025" and "fiscal 2025" refer to the fiscal year ended September 30, 2025.
Business
Item 1. Business General F5 is a multicloud application delivery and security provider committed to bringing a better digital world to life. F5 partners with the world's largest, most advanced organizations to optimize and secure every application and Application Programming Interface ("API") anywhere, including on-premises, in the cloud, and at the network edge. F5 enables businesses to continuously stay ahead of threats while delivering exceptional, secure digital experiences for their customers. Our application delivery and security solutions are available in a range of deployment and consumption models. We sell packaged software in perpetual, subscription, and usage-based consumption models. We also sell our solutions in software-as-a-service ("SaaS") and managed services deployment models with subscription and usage-based consumption models. In addition, we sell high-performance systems, or hardware, as well as a broad range of global services including maintenance, consulting, training and other technical support services. Our customers include large enterprise businesses, public sector institutions, governments, and service providers. We conduct our business globally and manage our business by geography. Our business is organized into three primary geographic regions: Americas; Europe, the Middle East, and Africa ("EMEA"); and the Asia Pacific region ("APAC"). F5 was incorporated in 1996 and is headquartered in Seattle, Washington. Our website is www.f5.com and through a link on the Investor Relations section of our website, we make available the following filings as soon as reasonably possible after they are electronically filed with or furnished to the Securities and Exchange Commission ("SEC"): our Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, and any amendments to those reports filed or furnished pursuant to Section 13(a) or 15(d) of the Exchange Act. All such filings are available free of charge. The inform