Lightboard series - Secure your AI-powered applications with Cloudflare

Cloudflare| 00:10:36|Apr 12, 2026

Chapters10

Introduces Homer and outlines Cloudflare's role in securing AI powered applications with its edge security and performance services.

Cloudflare shows how to secure AI-powered apps anywhere—edge, cloud, or on‑prem—using AI context in WAF, granular policies, and end-to-end visibility.

Summary

Homer from Cloudflare walks through securing AI-powered applications with Cloudflare’s suite of edge services. The talk positions Cloudflare as a proxy that handles DNS, CDN, load balancing, and application security, then adds AI-specific protections to the WAF via AI security for apps. He emphasizes that AI-powered apps can sit anywhere—Cloudflare’s serverless platform, third-party clouds, or on-prem—and that models can run on Cloudflare Workers AI, third-party providers like OpenAI or Anthropic, or be hosted on premises. The core of AI security for apps consists of three components: (1) LLM discovery and labeling with the Cloudflare LLM label to enable automatic policy application across identified endpoints; (2) visibility into all LLM activity, including prompt detection, prompt extraction, logging, and rich analytics in dashboards; (3) protection and mitigation against AI-specific threats like PII exposure, harmful content, and prompt injection/jailbreak. He illustrates practical use cases, such as categorizing PII (SSNs, credit card numbers) and restricting harmful content or prompt manipulation, with granular policy options by category. The operational model remains the familiar WAF workflow, but with AI context and parallel threat models to minimize latency as new detections and mitigations are added. Finally, Homer hints at deployment flexibility and points viewers to the AI security reference architecture for deeper guidance.

Key Takeaways

Cloudflare acts as a proxy for your AI apps and security services—DNS, CDN, load balancing, WAF, bot management, and API security—while adding AI-specific protections.
AI security for apps uses three core components: LLM discovery and labeling with the Cloudflare LLM label, visibility into prompts and risks, and targeted protection against AI threats.
Endpoints powering AI apps can be on Cloudflare, third‑party clouds, or on‑prem, and models can run on Cloudflare Workers AI, OpenAI, Anthropic, or on‑prem locations.
Policies can be automatically applied to all labeled LLM endpoints, with optional granular rules like restricting by specific host names or categories of PII and harmful content.
PII exposure, harmful content, and prompt injection are treated as core use cases, with category-based controls (e.g., email addresses, social security numbers) and an injection score threshold for blocking or logging.
Traffic processing is designed to run detections and mitigations in parallel to avoid latency increases as threats evolve.
The system provides deep analytics and alerts in dashboards, surfacing AI-specific suspicious activity to speed incident response.

Who Is This For?

Security and DevOps teams deploying AI-enabled apps who need edge-based protection, granular policy control, and visibility into AI prompts and risks. Essential viewing for those using Cloudflare to secure AI models across multi‑cloud or on‑prem environments.

Notable Quotes

""AI security for apps adds that AI specific context to WAF.""

—Defines the core idea of introducing AI context into existing WAF policies.

""We want to be able to secure these applications and models regardless of where they sit.""

—Highlights deployment flexibility across Cloudflare, third-party clouds, and on-prem.

""LLM discovery""

—Introduces the first main component of the AI security for apps framework.

""If injection score is less than 20, that signifies an attack.""

—Describes how prompt injection risk is measured and acted upon in policies.

""We also allow you to be more granular and specific if you want... by host name or specific categories.""

—Shows policy granularity options beyond automatic labeling.

Questions This Video Answers

How does Cloudflare implement AI-specific context in WAF policies for AI apps?
What is LLM discovery and labeling in Cloudflare AI security for apps?
Can you deploy AI-powered applications on Cloudflare Workers AI and still use third-party models?
How does Cloudflare help prevent PII leakage and harmful content in AI prompts?
What deployment options exist for AI models in Cloudflare's security architecture?

CloudflareAI security for appsWAF with AI contextLLM discoveryAPI ShieldCloudflare Workers AI prompt injectionPII protectionharmful content detectionsecurity analytics

Full Transcript

Hello. My name is Homer. I work at Cloudflare in technical marketing on everything application security and AI related. And in this session, I'm going to cover how you can secure your AI powered applications with Cloudflare. Let's go ahead and get started. So here on the left, you can see a client is making a request to a AI powered application. Now, this request is going to get routed to Cloudflare, which is acting as a proxy. This is where all our application performance and security services are running. Services like DNS, which by the way happens to be the fastest DNS in the world. CDN, load balancing, and other application performance services. This is also where we secure and protect your web applications and API endpoints with Cloudflare's application security services like WAF, rate limiting, API security with API Shield, bot management for malicious bots, client-side security with Page Shield. We want to be able to detect and mitigate for those malicious scripts, right? And now AI security with AI security for apps. And AI security for apps adds that AI specific context to WAF. So it's the same operational model you're already used to, but now you're creating these WAF security policies with this AI context to secure your AI applications. And you may be asking, okay, well, where do these these applications need to sit, right? Well, you can use Cloudflare's serverless development platform and deploy these applications on Cloudflare. You can also deploy them on third party. These could This could be like third-party cloud providers. These applications can even be on prem, right? So we're really agnostic to where the application sits. Now, what about the models that are powering these applications? Well, again, you can use Workers AI, which is LLMs deployed across all of Cloudflare's edge locations, so you can use Cloudflare here. You can also use third party again. These would be folks like OpenAI or Anthropic. And you can even use models deployed on prem. So at the end of the day, we want to be able to secure these applications and models regardless of where they sit. Now, with AI security for apps, there's really three main components. The first one being LLM discovery. So as that request comes in, using LLM specific heuristics and all the intelligence we have, we do LLM endpoint discovery. So here we're doing LLM discovery, right? Not only that, with all these endpoints that we identify, we go ahead and label them. We label them with the Cloudflare LLM label. Now, you may be asking yourself, well, what's the significance of this, right? Well, a few things here. First, it allows you to easily identify all the LLM endpoints, right? You can filter on this Cloudflare LLM label and jump right to the analytics for the specific LLM endpoints that you're interested in, right? The other thing is, it allows us to easily create and apply these security policies. So you don't even have to tell us where to apply a security policy that you're creating. We're automatically going to apply it to all the endpoints we've identified and labeled with the Cloudflare LLM label. Now, of course, we allow you to be more granular and specific if you want, so you could do something like, hey, only apply this policy to all the requests with a specific host name, right? But right out of the box, we make it very easy to secure your AI applications. Okay. The second component here is visibility into all LLM activity and risk. So as those requests comes in, right? As those requests come in, we're able to do prompt detection. And we can even extract the prompt. We can do prompt logging, which provides you even more details and visibility into exactly what's going on. And we take all this intelligence, right? All the request header information, the results of all the AI threat detections, and we give you deep analytics here, right? That you can view in the dashboards. We even bubble up all the AI specific uh suspicious activity in our security analytics. So we give you those alerts so you can jump right to the things that may be the most important. Now, the third component here is protect and mitigate, right? We want to detect and protect against AI specific threats. Now, a few use cases here. First one is PII exposure, We don't want our model learning off of PII, Which can later also result in PII exfiltration. So we want to block it right up front. Okay? This would be stuff like social security number, credit card number, and so on. We don't want our model model trained on that. Second, harmful content. So we definitely don't want our model to be trained on any harmful content, which can later also be used to to respond to user requests, right? We don't want our model returning guidance on something that could be harmful or illegal activity that we can even be liable for. So we also want to block that up front. And finally, prompt injection and jailbreak. prompt injection is where the user is trying to trick the model to get it to do something it wasn't intended to do. So we want to be able to detect and mitigate for that. Now, how all this works is, remember, AI security for apps is adding that AI specific context to WAF. So it's the same operational model where you're creating these WAF policies, but now with this AI context Now, as that request comes in, remember, we've already identified your LLM endpoints. So as traffic comes in to those LLMs or to those LLM endpoints, we can intercept that traffic, And we send it to an LLM. And we have specific LLMs for each of these threats. And this is all done in parallel. So as we add more detections and mitigations, right? And models, there's not going to be increased latency. It's all happening in parallel, okay? Now, for things like PII exposure, harmful content, obviously the model, if it detects that, we're going to you know, it's going to return that response and the user can take the appropriate action. Once it sees, hey, we've detected this is PII, this is harmful, the user with the WAF policy can set it as a light, right? Now, with PII exposure and harmful content, right? We also have categories. So you can be more granular. If you don't want to block on all PII or all harmful content, for example, with PII, you can maybe maybe you're interested in specific categories like email address, credit card number, social security number. So you can select the category uh and put that in the policy. Same with If you're interested in maybe specific categories, maybe violent crime, non-violent crime, uh proprietary or intellectual property, right? You can use those categories in your policies so you don't block on everything. Okay? So here we have categories. We can detect everything and set a rule around that, or we can set a policy around a specific category as well. Now, prompt injection is a little bit different. For for every request that comes in, right? To that LLM endpoint, we give it what's known as an injection score. Right? And if the injection score is less than 20, that signifies an attack. So, you can create a policy saying, "Hey, if injection score is less than 20, go ahead and do take this action, whether it is logging, blocking, and so on." Right? So, hopefully this gives you some idea of how you can use Cloudflare to secure your AI-powered applications. If you want more information, make sure you check out the AI security perhaps reference architecture.