Shipping Agents with Cloudflare: Secure by Default | Immerse Stockholm 2026

Thank you. Thank you very much. Um hello everyone. I'm super excited to be here in Stockholm today. I actually the Nordics in general is a very um sweet spot in in uh in my heart. I spent one year between Helsinki and Stockholm at the beginning of my career working for one of the mobile manufacturer. You can guess uh which one. Um and it was a great great time. Love the nature, love the weather here, the people. But also something that really uh struck me back then and I continue seeing throughout the years is your passion for technology and the way you adopt technology very early on. Right. So it's undeniable you are uh like uh innovators and probably among in the world is probably the second I've read some statistic that this this is this this patch of land is the second most innovative area in the world after Silicon Valley and for sure you're leading the way in Europe. Um I remember seeing a statistics that um in uh between 2020 and 2021 Sweden was the first company first uh nation in cloud technology adoption like 70% of your companies was already adopting cloud services back then six years ago. Um and I think this of course is what's happening today with AI. So we're seeing a lot of adoption and I I I believe this is probably where in Europe we've seen the the most early adopters. So, I'm going to be guilty of talking about AI a lot in this presentation, so forgive me. Um, but I'm going to try to give you very practical use cases and what we are we see and why we're building uh certain products. So, um everybody in this room is of course um afraid of um uh fall behind when it comes to AI and I think this is true across the organization. So if you take um employees in your finance department or engineers or probably even sea level people, they are afraid of the age of AI, they know there's a big opportunity, but they also how do we make the most of it, right? And going back to what Matilda was talking about is like how do we do that safely? Um and at Cloudflare, we believe we can be the platform that gives this superpower to all the companies out there. So we can give you a platform where you can use to leverage AI to unlock innovation with your organization but doing that in a in a secure way. Um housekeeping again before I jump and I dive um into the the topic if you have any questions scan the QR code and then at the end we're going to um address some of this. Great. Okay let's um from a very high level perspective what's the challenge here? So leadership in most companies or um uh companies adopting cloud and AI, they're pushing for adoption. You should use AI, be more efficient, do more with less, right? But of course, this comes with with um challenges. So very on the surface you get like things like runway interference. So you might run a lot of LLMs and then this of course comes with a cost which could kill your IT budget if you don't keep an eye on it. um unsecure AI code. You might develop code and just ship it to uh production without proper review process and this is of course a a big source of problems. I was on a call with um some uh market analyst, one of the leading firm in the market analyst and they showed me a graph and they showed me how better AI is becoming at creating syntactically good code but the speed at which the AI is creating secure code is not keeping up. is not as fast as creating beautiful code and we should be aware of this right. So great to create code but where does it leave us in terms of security and then the third one is is of course integration. How do we integrate models LLMs with data and other systems we have in our in our company and this is a a source of of course of of risks that we need to manage and we need to fully understand. Um and of course we all have seen the the uh the journey here. So we started from a a chatbot essentially you could ask questions and then you get nice answers very useful and then in few months or years we went to active agents right so agents can can perform actions in production um can change uh code uh and then we're basically moving from more what's an a a user policy and so trying to put guardrails on how to use a chatbot to actually runtime protection of this thing, right? Um and this thing is also evolving as we as we speak as we're building and if you are in in the security um organization of your company then you are faced with almost an impossible dilemma. So on one hand you get this technology that gives you like 10 times faster productivity in certain areas like shipping code uh automate workflows across the company and then on the other hand you get exposure to risks and the risks here of course are a number but you probably have seen this already thousand times shadow AI um agents with excessive permission and LLMs um being uh affected by prompt injection. So how do you solve this problem? You don't want to restrict innovation but at the same time you want to make sure you have the system in place to um to secure your organization. So it's moving to more from a uh again from deciding what's the policy around use of a single tool you're actually moving to more uh an operating model change. How do you operate your company and your people or you introduce um models of operation that are secure by default and of course unlock innovation. So we have the same problem at Cloudflare. So if we look inside our company, we found four main use cases that we run into every day with our own pro company and people that needs to be solved. And this is what we are tackling right now. The all majority of products you see out there we speak about fall under those four umbrellas and we hope and we want to hear from our customer if this resonates with you as well and this is actually what we are seeing in the market. So the first one is about securing workforce using LLMs and genai. So think about like normal employee interacting with LLMs. Um the second one is how do you govern and control agents and again this is more about you creating an agent and making sure they have access to the right right data they have an identity profile you can control and also making sure you have audit trail of what's happening the third one is about building AI and building AI apps and AI agents so we need an a platform where you can create those agents deploy those agents quickly and again securely. And then the fourth use case is about protecting chat bots or AI apps. So you might have for example a e-commerce site. You create a um a chatbot a support chatbot. You want to make sure that that LLM cannot be manipulated by by um visitors and users. So in the next few minutes we're going to go through three of the main personas and use cases for those um those applications. Um so the first one is about Sali. So Sali is a a person in finance, a colleague in finance. She's a she's a citizen developer. What is called citizen developer. or someone who doesn't have the the um um proper or she doesn't have a background in computer science or or in or in software development but still can create code. Then we're going to talk about Alex who is the experimentter. So he's in sales and marketing. He has a more technical background and he is very into workflow creating AI workflows. And then finally we're going to talk with Harry which is the builder. He's the engineer. is the person who is uh leveraging agents to ship code faster. So in all three cases what's happening is that in your company probably you have people doing exactly this right but the problem from a security perspective is that you don't have visibility on what's happening on what tools they're using what data they are accessing and what's the end the effect and the impact of their of their actions. Okay, let's start from Sally. Sally uh again, she's in the finance team. She's perhaps uh your one of the oldest employees. She has 20 of experience. She's she's solid. She can do her job like create dashboards and analyze finance data. But then the CEO has a mandate across the company. Everybody should use AI. Everybody should become um more efficient. So what does she do? She go online, she search some tutorial and she found charg and say okay charge great I can start using that and also she finds out she can upload a file a spreadsheet and charge can create dashboards for her and this looks great looks fantastic so all of a sudden she's just uploading that file and she's just like all your information about for example payroll for your company is already automatically in in some models out there running out there. So, what's the risk here? Of course, you get all financial information like payroll, financial report, employee records, they're all leaked directly into one of the LLMs and maybe okay, Chpt maybe has some guardrails, but maybe she stumbled on an unsanctioned model which is quite dodgy and perhaps this data actually gets leaked and get used somewhere. So this is a real risk and there is nothing to stop this race. So anyone can create an account on jupt in seconds and start using it. So there is no way to find out unless you have the right tools in place. So the way we we approach this of course within cloudflare um is a kind of a three-steps process. So the first one is to detect shadow AI. So with our cloudflare one product you can inspect all traffic from your employees. We can detect when when there is an LLM traffic and we can provide the visibility back to you on what teams are using and what tools those teams are using. Right? So visibility is the first key to solving this problem. The second one is about identifying what tools are being used are sanctioned toolled or not. is TRGBT accepted within your organization or perhaps you would rather use something else. And then the third one is to nudge this employee to actually use the right tools for the job. So again, if you have a one um model provider you want those uh employees to use and to rely on, that's the right place where you can you can provide that information. And again, in this space, we're going to discuss it through the day throughout the day. We have a number of products you can use our AI gateway, our MCP portal or also the ability to create those those agents yourself. Great. Let's jump to the second use case. So, let's meet Alex. Alex is in sales and marketing is very into um experimenting and what he does is just he creates agents and workflows and so he wants to know what are the deals that are hot there and he wants to create a dashboard. So he connects uh he connects the the CRM like let's say Salesforce to an agent which scrapes the information from the CRM and creates those beautiful dashboards. This is fantastic. This works like a charm. The problem of course is that your CRM tools like Salesforce contains a lot of sensitive data and perhaps you're familiar with the sales sales loft hack of last year um where basically uh secrets were stolen from Salesforce. You might um include your support ticketing system there. So by giving the agent access to your Salesforce instance, you're actually giving a lot more information uh than than just the deals in flight. And of course, Alex doesn't know this because it's just vibe coded that. So again, there is a risk here um that you if you don't have the right tools and control in place um you you cannot govern the behavior of those employees. And so while you're going to a pl from a place where you're using um third party tools and vibe coding to a place where you can control what tools um those employees are using and again in this space we'll discuss it later. We have a number of solutions including Vibe SDK where you can vibe code your agents within the cloud for infrastructure. They run on containers. they run like um isolated so they don't have um access to information that are not supposed to uh reach and then also MCP server portals where you again we can enforce authentication filtering and logging of of all the actions of those agents so you create a proper audit trail of what's uh of all the interactions of the agents with with your data okay let's move to the third use case so Harries Harry is a is an engineer. So he started with five agents and then all of a sudden um it could create he realized it could create 500, right? And then those 500 engineer um engineers actually this agents they can ship code to production and they can automate almost everything. The problem here is that Harry is probably one of your most knowledgeable engineer. Maybe he has admin access. He has root access of some of your of your infrastructure. maybe he's the person that knows actually the break glass procedure of some of your of your uh of your systems. So as soon as it creates those agents, those agents inherit the permission of Harry. So if something goes wrong, if the agent goes wrong, then it there's an impact of having a very large blast radius um on on the entire infrastructure, right? So if you look at what agents now nowadays touch all the system they touch they touches code secrets data um even uh production APIs and these happen very very fast. So if there is again a problem in the code in the agent there is a real risk that somewhere within your infrastructure something can can be uh can go very bad very quickly and this represents a little bit the idea of the blast radius right so the scary realization is that if the um if the agent inherit this broad credential and broad um broad um permissions then um the impact on system can be huge. So the goal here of course is to make sure that agents inherit list privilege. They are also run in isolation. So like in containers that they don't have access to memory and data outside of their um allowed uh space and and keep a trail of all uh the events and communication between agents. So in a way we should think about agents as an employee right. So if you think about an employee um from in the physical world, you get a badge which restrict your your um where you can go in your prem in the premise of your organization. You get a corporate laptop which restricts your the blast radius of what you're doing to the physical machine. And of course you have a manager that can audit what you're doing and provide uh approval. Um when you move to zero trust world you can lock in um the digital identity of that of that user also lock the device posture of the laptop and also monitor the session what that user is doing. Then agents should inherit this structure right they should have um uh an identity which can be enforced with the ZTNA zero trust product a cloud for example they should run in an isolated sandbox. So again if something goes wrong they don't access memory that is not uh pertinent. And then the third one is about observability and control. So you need to be able to deploy guardrails and logging on all the interaction of the agents with the outside world. And this is what we can do with today's technology. So Harry can build agents on the cloud for infrastructure which rely on durable objects. So we can spin up the agent only when needed uh but still retain the memory and the context. So the agent only lives for a very fraction of time when it's is required and not forever. Um and you can deploy those tools and those agents across the world. We have more than 330 data centers and um you can deploy this code to run live to the closer to the closer point of where is being used. Um when it comes to the developer platform, those are uh four of the main features that we offer that we we believe they're key for for security. So ephemeral workers. So workers that they can be uh spin up in a matter of milliseconds. They can run in and they isolate um or they can um and and again in a matter of milliseconds they are only they are active and and running and then they're taken down when they're not used by with the simple trick. You're already reducing your attack surface because an attacker cannot attack an agent if it's not running in the moment that it's not running. We also have the dynamic worker loaders which means that you can create a worker like software that includes this dynamic allocation of um AI agents only when needed and of course it can be deployed across the cloud network. Cloudflare one offers you um a great uh way to provide visibility on what agents but also users are doing. Anka is going to talk about this later in one of the sessions. Um the Cloudflare one toolkit allows you to enforce um authentication and identity with zero trust. Secure web gateway provides you the visibility on traffic and again fighting um shadow AI as an example. And then data loss prevention and the CASBY allow you to restrict and get visibility on on data that agents and users access. Finally, just recap of the four different use cases we talked about. So securing workforce. So again if you have a problem of uh employees accessing LLMs um cloudflare one is a great great solution for that. Um governing agents is also another problem which is top of mind. Um and some of the products like zo uh zor trust um and cler mesh is um is coming uh to help in this space. And I I'm not sure if you have seen it yesterday. We also announced a brand new product which is a partnership with um with Antropic and cloud and cloud um so managed agents. So now you can also deploy Cloudflare manage agents um on the Cloudflare infrastructure which means that we rely on the on on cloud and entropic to run the models but we can restrict where um like custom code and access to data is run and that runs again on Cloudflare with all the visibility tools we provide. And finally, the last two use cases uh built securely securely with AI. We have an agent SDK um and a sandbox sandbox SDK which allows you to create agents and workflows directly on Cloudflare. Everything is containerized and everything runs on our on our network. And finally, the last use case about protecting LLMs. If you have applications um like customer fishing application on the internet that they contain prompts and LLMs, we also have toolkits included in our WAF which allows you to protect against prompt injection, jreing or uh loss of sensitive data. Great. Um I'm at the end. So thank you very much for uh the attention. I hope this was um informative. I'm very excited for the next sessions and I'll pass it back to uh to BS4. Any questions? We we do have a couple questions actually. I picked two for you. So the first one I really like. So why is it safer to develop and use Cloudflare for AI compared to AWS or GCP? I think there are a number of reasons and I think this slide um kind of summarize some of the key of the key features. Again, you can create um and this is true for workers as well for agents. You can create workers that run only they're isolated and they run on our infrastructure only when required. Um we also have a global network which allows you to deploy those uh agents across our 330 uh data centers. So there is a an aspect of of performance as well. So we can run them as close as the user as possible which means performance is guaranteed and of course with all the other um features you we guarantee security. Perfect. Thank you. It's a new exciting world where questions are live and not in the script anymore, right? Yes. Yeah. Yeah. Let's pick one more. Yes. uh does cloudflare provide an alternative to chat GPT or sanitizes the way uh the AI instances query and the use. So we do we we don't train models um as of today but we do have uh ways for you to run models within the infrastructure with workers AAI. So we have a a a catalog of um models you can run on uh on cloud for infrastructure. So you can you get full control of those models, right? You don't have to rely on third party or third party infrastructure. So we we do that. And the second part of the question was about was how we sanitize the use and the queries if we can filter that in any way. That's my understanding. Yeah. And again because you have control of the way you deploy those models then you can also sanitize queries uh and you can put guard rails in front of it. So we do have products for you u to you can use in AI gateway but also as part of our W where you can deploy guardrails which means you can restrict the topics you allow those um LLMs to handle. So um yeah you you can achieve that with a number of different ways depending on the deployment model. Perfect. Thanks a lot, Daniela. Thank you very much.