Vibes Without Vulnerabilities: Securing The Non-Developer Revolution

Cloudflare| 00:24:09|Jun 2, 2026
Chapters10
Tobias and team plan a live demo to visualize how AI can be used on stage to build an application.

Cloudflare demonstrates securing AI-driven workflows with MCP portals, AI gateways, and zero-trust access during a live task-app demo.

Summary

Cloudflare’s Tobias and Val stage a live demo to show how non-developers can still leverage AI to build real apps while staying secure. The duo builds a simple CRUD task board live, using an AI prompt in Cloudflare’s environment and deploying it to Cloudflare, then validating that the app persists data and is properly hosted. The talk highlights the risk of exposing AI-built apps publicly and demonstrates how Cloudflare Access (zero-trust) adds authentication and guardrails in front of the app. They then walk through controlling AI power with MCP (machine control program) tools, showing how a rogue command could delete a database and how a centralized MCP server portal prevents that by centralizing tool permissions. To address multi-provider AI needs, Tobias introduces the concept of an AI gateway—a single control plane for multiple AI providers that enables policy, logging, cost analytics, and data loss prevention. The presenters emphasize the necessity of an abstraction layer to separate governance from the underlying AI providers, ensuring consistent security and observability across evolving AI models. Valerie (Val) shares a real-world example from Women Flare, underscoring how secure platform tooling lets non-developers build useful pages without worrying about data structures like arrays. The session concludes with a call to explore Cloudflare’s AI engineering stack blog and invites attendees to discuss how to scale secure AI across departments. Overall, the talk argues that secure AI adoption requires centralized control, auditable workflows, and a flexible abstraction layer to accommodate rapid model evolutions.

Key Takeaways

  • Deploying AI-powered apps on Cloudflare can be done end-to-end, including frontend hosting, database storage, and access control within minutes (live demo).
  • Zero-trust authentication via Cloudflare Access prevents public exposure of AI-built apps by placing a login gate in front of the app.
  • MCP servers and a central MCP portal give fine-grained control over which tools AIs or agents can use, preventing destructive actions like deleting production data.
  • An AI gateway provides a single, auditable funnel for prompts and responses across multiple AI providers, enabling unified policy, logging, and cost analytics.
  • Centralized governance is essential when stacking multiple AI providers, so one can enforce DLP, guardrails, and usage policies without rebuilding integrations for every provider.
  • The workflow demonstrates how non-developers (Val) can still contribute meaningfully while Cloudflare’s tooling keeps security and visibility intact.
  • Val’s anecdote about Women Flare illustrates real-world usability and the importance of secure, approachable tooling for non-engineers to participate in AI projects.

Who Is This For?

Frontend developers, security engineers, and product teams exploring secure, scalable AI adoption in organizations. If you’re deploying AI-driven apps or enabling non-developers to build with AI, this talk shows concrete guardrails and governance patterns.

Notable Quotes

"Are you a developer? No. Have you ever developed? No. What's an array? Seven."
Humorous moment underscoring Val’s non-developer role and the early demonstration risk.
"Not exposing Val's app on the public internet is the first risk we're going to mitigate."
Introduces the core security guardrail demonstrated with Cloudflare Access.
"You get full visibility of all the usage of the tooling as well."
Highlights centralized logging and audit capabilities of MCP portals and the AI gateway.
"The MCP server portal gives you kind of control over the tool set that you actually provide the AI."
Explains how centralized tool governance prevents destructive actions.
"The AI gateway is exactly what you can kind of figure it is—a centralized gateway for all AI requests and responses."
Defines the core concept of a single control plane for multiple AI providers.

Questions This Video Answers

  • How does Cloudflare Access secure AI-powered apps on the public internet?
  • What is an MCP server portal and how does it control AI tooling?
  • What is an AI gateway and why do you need it when using multiple AI providers?
  • How can organizations prevent destructive actions when using AI agents in production?
  • How can non-developers safely participate in AI-enabled projects without compromising security?
CloudflareAI gatewayMCP server portalCloudflare AccessZero TrustAI governanceMulti-provider AIGenerative AI securityCRUD appOn-stage demo
Full Transcript
Cool, cool, cool. Hey Rowan, how's it going? Are you live? What's going on? How's it Hey, energy. Let's go. Nice. Okay, cool. Yeah. So, just like to be as mentioned, right? I was actually asked, hey, you want to come build something live on stage and try to, you know, do a live demo? And I said, you want me to use an undeterministic AI, do a live demo, and build something on stage? are you sure about this? Said, "Yeah, yeah, of course, of course." Said, "Yeah, count me in. Of course, we're going to try to do this, right?" So, me and Val, we uh we've uh enlisted uh or I enlisted the help of Val, could we get the screen share going or no? Here we go. Perfect. Nice. To uh to try and actually build something today live on stage, right? because when you start building and kind of you've heard the messages around AI and kind of the challenges and how what we could do to actually help you secure and facilitate and control and you know keep all of this in control and what we're going to try to attempt to do today is to actually visualize contextualize this what does it actually mean when someone is doing this and all of this is live all of this is AI so who knows I maybe I should have been sick today I'm not sure we will see in a couple of minutes time right but with me I have Val so go ahead and introduce yourself hi I'm Val. Uh, as Tobias said, I'm the marketing manager for Northern Europe. And yeah, I've been vibe coding and building some cool things for the team. But um, today it's live and I'm in Michael's hands. So, wish me luck and we'll see what happens. You'll be fine. You'll be fine. Yeah. Just to make sure so we're not fooling anyone. Are you a developer? No. Have you ever developed? No. What's an array? Uh, no. What index does an array start at? Seven. Yes. Great. How did you know? I'm a genius. Jesus. Okay. Cool. So, we've established the fact that you are not uh an engineer at least, right? Cool. So, I mean, you all see this in your organizations nowadays, of course. I mean, this could be people, employees, vibe coding stuff. It could be agents trying to do things, take actions, create dashboards, whatever the case is, right? But essentially what's going on nowadays is that we have a lot of AI usage or AI adoption essentially right and today we're going to use Val uh as a facilitator as a demonstrator of you know a employee trying to do something and build something and actually becoming three times more productive and I asked Val what what are we going to build what's what's what do you need in your kind of daily life so Val mentioned a task board to kind of track the team's tasks so Val is actually going to try to build a task board live today So, that's the the uh attempt at the app we're going to build. So, would you go ahead and uh switch on over to the other app? This one? Do you know what this is? First and foremost, what are you seeing on screen? Instagram for developers. No. This is an IDE. Do you know what an IDE is? Code. No, I don't. All right. This is what you would normally use to, you know, code in, right, and build whatever you build. But nowadays it's more of a chat prompt, right? And that's what I'm going to ask you to use here. So please go ahead and uh prompt the AI. In this case, we're going to use cloudset. Could be any model, but go ahead and prompt this to actually build your task app. So again, this is pretty live. I have of course set up some rules and some guidance to hopefully make this build what we need initially and not be totally in the dark here. So uh with a bit of luck, this should actually hopefully code an app for Valerie and deploy it onto Cloudflare. Now this could of course deploy anywhere. Now you could use our own sandboxes, our own containers, it really doesn't matter, right? Or if you use AWS or anything to host whatever you build. It could be anything really. In this case, we're going to build an app. We're going to deploy this onto Cloudfare. It's a tasks app. So it's a standard CRUD app essentially. this press yes on the screen. Um we are going to deploy it to Cloudfare and then of course this is now going to expose a couple of normal scenarios that poses a challenge when someone like Val that does not know what an array is when she starts coding stuff. Right. But I'm going to deploy it. You'll be fine. Let's see. So we're now going to deploy this. It's going to use one worker to deploy uh the front end and we're going to use the database to actually store the tasks in. Hopefully this doesn't take too much time. There we go. 10 seconds should also output a success. I hope. Let's see. Should I have been sick today? Yes or no? Maybe. Oh, there we go. Nice. It seems to continue. It did deploy everything. So, so far so good. Now, you don't have to focus on the details here on of how we're doing this. It's just the fact that we're deploying something, right? So, now we have a URL. Uh, this is just a custom domain. You could go ahead and pop back over to Chrome and then into your tab. Let's see if we can actually open an app here. Look at that. Val has built an app. Does it actually work though? Try to add a couple of tasks. Yep. Cool. Seems to be working. would you mind refreshing the page just to see that we actually persist the state as well? We do. So it's not fake apparently which is kind of cool right but this kind of exposes the first issue right now right so and this is actually a true story of the actual app that toas mentioned that Val built she built something initially and she said oh I deployed this this is so cool there's a bunch of internal information here and then it's available to everyone on the global internet that's not very good is it so the first kind of risk that we're going to try to mitigate it is of course that and I'm a and so I can't type and talk at the same time. So, excuse me. Just have to pause while I type. Uh the first risk we're going to try to mitigate is of course not exposing Val's app on the public internet. So, what I've done now is that in CloudFare, in zero trust more specifically, and in Hackis, we have our corporate IDP tied into Cloudfare in and of itself. So we can quite easily now actually control you know authentication and authorization to anything in the Cloudflare network if you will. So what we've done now is hopefully to actually u add a login prompt. Right. So in this case I'm using enter ID uh because that's what was tied into my demo environment from before. Would you mind signing in? Let's see if this actually works. And you are totally allowed to attempt on your phone to access tasks. CFSE.dev if you want to. You should hopefully also see the prompt. Might be two-actor authentication here. I'm not sure. Let's see. Nope. But you saw here now we actually have authentication and we have some for form of guardrails in front of uh of Valerie's app, right? So what we what we've done essentially right is to quite briefly utilize cloudfare access. We just added a authentication in front of Val's app and this could be based and completely done automatically of course right when your employees want to build and deploy and kind of control things right so we now get uh existing IDP integrations and we get you know all of the audit logging and access logs for anything that val has built right so that's kind of the first um the first challenge or the first risk that we saw here now Val is going too. Unfortunately, and this again doesn't have to be Valerie, this could be your AI agent. It could be any any any rogue command, right? Because when you build using AI, you're most likely going to use an MCP. For those of you that does not know what an MCP is, it's just essentially giving a tool set to your AI tools so they can actually do stuff. So, instead of just telling you how to screw a screw, it will actually screw the screw. Now, the risk with all of this is, of course, that if it goes rogue or if the user doesn't really understand how to prompt the the AI, it might start deleting stuff or or do things you're should not it should not be allowed to. So, if you go back to the app, right? Mhm. Uh, in this case, we have the Cloudflare MCP installed, meaning our AI can actually control how D1 works, the database. Right. Now to make this blatantly obvious, I've asked val to actually type delete all the contents. Now in real life that would not be the case. It would be like clear a cache or do something of the sorts and all of a sudden your production database is gone. So let's see if this actually works. It's going to try to first and foremost find the database. We have to authenticate the MCP portal here. So let me just do that. There we go. Let me do this. So once the portal is authenticated, it's going to try to find the correct database. Oh my god, live demos. Eh, let me just restart this for two seconds. There we go. And let's do this. Let's resubmit the command. I'm sorry, Val, you don't you're not allowed to type that again. Hopefully, that should work now. We also have authentication on this MCP server, right? But by default, uh MCPs, the tool sets, they all run locally. There's no way to centrally control those, right? Which is a risk in and of itself because an MCP server contains a set of tools. And this set of tools might be something you need to limit or you know pro provide some form of controls on. So you can see that the AI actually found the database in use. It's using the MCP and now it might have actually deleted all of the contents. Would you mind going back to your app for me and then just hit refresh on that and you see all of the content is gone. Right. And this just symbolizes something that actually happened at CloudFare. I actually had an engineer accidentally very early on last year delete the database that was in production, right? He did not of course type delete the database but due to running AI and kind of whatever happened to the sequence of actions that happened the database actually got deleted right so we need some form of central controls around all of this right and this is where we've introduced something called a MCP server portal in this portal you can then actually define the different MCP servers that you want to allow in this case we have engineers engineers are allowed to use any tool tools and do anything with anything in the CloudFare MCP server. But what I'm going to do now is to add MCP tools for marketing, which means you're not allowed to delete databases essentially. I'm just going to add a few more tasks here for you, Val. Let's refresh the page. Just just make sure that works. Cool. And then we're going to authenticate the new MCP again. Just make sure that exists. Give it a couple of seconds and then why don't you go ahead and try to delete the database contents again. As you saw, I added a couple of new entries into the database, but hopefully if everything works as expected. Now, this would normally be of course not something you sign into the dashboard and you do all of this, right? This is either the agent identity or the group memberships or something of the sorts for the employee in this case. live demos. AI is non-deterministic. So, we're going to do this. I'm just going to copy this real quick so we don't have to retype. And then we're just going to do a quick restart again. See if it authenticates this time around. Come on. AI demo. E. Told you this is scary stuff. Let's do this. Make sure we authorize again. This should normally nine out of 10 times it does it automatically in wind surf, but every now and then also when you're on stage it does not. of course. So let's see if this actually happens as it should now. Now it should actually be able to list all of the uh MCPS again. It should now try to run the same command again. And now if the agent or employee or whatever the case is is not allowed to actually use this tool, you can see what happens. Right? You've disabled this tool for use in the NTP server portal. So I cannot continue. Right? So if you go back to your app val just a couple of uh quick seconds, you should now see how we can then govern these AI agents or employees and the tool sets they have available, right? Without you having to build any new frameworks or rebuild things for different providers, right? So it it gives you a centralized area of control, single pane of glass essentially, right? And you can see all of the task still remains in Val's app. So so far so good, right? The AI did not delete the database the second time around. Essentially what happens, right, is that when when you use an MCP in any AI, it's going to use the MCP server portal instead of the server MCP server directly. And then whatever identity and rule sets that applies dictate the tool calls that we can do on that. And we also get all of the logging, all of the details on whatever you ran, of course, right? So we can go into here and hopefully also see different logs of everything that val ran right. So you can see in here. So you get full full visibility of uh of all the the usage of the tooling as well. Right? So essentially uh normally what happens right agents can directly connect to toolings but now they have to go through the single gateway which gives you kind of a funnel source of control. Uh normally you have no audit and no authentication on on MCP servers either. So now you get identity aware and fully logged uh when you use the MCP portal. All tools are exposed to the correct set of users. You can then build multiple server portals and have different groups, different agent types, be able to do different things in different MCPS, right? So destructive actions as you saw is kind of disabled by default in this case that we showed. So the MCP server portal gives you kind of control over the tool set that you actually provide the AI right so one of the next kind of big steps if you think about AI in general right how do you actually provide guard rails and visibility into this in general right let's say you have nine different providers right you use open AI there's a couple of entropic gemini and so on right if you want visibility controls you want guard rails and so on for all of these providers it's really hard to do in a unified manner. Right now, right, you're going to have to build bespoke systems or buy bespoke systems for each provider, right? So, again, on the centralized kind of control uh area, if you will, we have something called an AI gateway. An AI gateway is exactly what you can kind of figure it is or what it sounds like to be honest, right? Because you have a gateway. It's a centralized gateway. So it becomes a funnel for all of your AI requests and responses, right? Every AI call to an AI and response from an AI is going to go through the AI gateway just like a network gateway if you will but put AI in front of it. Now that gives you quite a lot of controls. So you can see in here we have logs uh because now that we have a single funnel for all of the AI prompts. You can see in here as an example, you can see that the response was actually blocked due to security config. And that's because when you start funneling everything through one central control, you can now start doing things like having hazard categories and decide what you want to do, flag them, prompt them, really doesn't matter. Uh on both uh prompts and responses as well, right? And you can build your own DLP policies as well. uh we've heard uh uh everyone before us talk quite a bit about you know controlling uh employees usage of of generative AI and so on. So you can now actually prevent uh anyone whether it be your employees or an AI agent whatever it is to actually you know try to uh submit PII to some system or source code into chat GPT or whatever the case is right so it gives you a centralized source of control. Now what also happens is of course that you now get analytics because since you can have multiple providers in the AI gateway, you add your API keys to each of the provider in the AI gateway. You no longer have to distribute keys or you know manage keys for every provider for every user. And because you can do that, you then also get all of the analytics, right? So if you have multiple providers, you now no longer have to provide all of these keys to all of the users, all of the agents, whatever the case is. And you also get all of the logging and analytics in the AI gateway. So you can now see what the cost was for a specific set of uh models or specific providers and so on, right? It's all correlated in one menu, one centralized single pane of glass again. So cost and visibility is one of those hard challenges nowadays if you have multiple providers as well. There's quite a lot of good uh additional features in here such as uh caching requests, responses and so on. So there's also a chance to save a fair buck when you use the AI gateway and all of its features as well uh when you funnel all of the prompts through this one. So essentially what you get is pretty much one gateway for all AI providers, right? So you can route, cache, monitor, protect, you know, essentially every AI call. It really doesn't matter where this is coming from if if you don't want it to, of course, right? Um so if we zoom out and think about what we did here for a bit, uh these are just essentially just three examples, right? We only covered three blind spots. There's a million of these kind of blind spots when you think about AI and how you use AI today, right? All the way from private agent networking. How do we make sure some specific agent can access some internal resources another can't but some employees should and so on, right? How do you automate this and how do you scale this? Right? It's a really hard problem. Would you mind being my clicker once? Go to the next slide, please. Just press uh next button on the Thank you. Oh, so nice, right? Because what we think is that the future is probably going to look something like this, right? It's not a really onetoone ratio. There's going to be a one to many relationship here, right? Where Valerie is probably going to have a couple of content writer agents, some analytics agent. There's going to be a bunch of people agents doing things for her, right? And the big question is how would you secure and dynamically at scale kind of, you know, secure all of this across every department, right? becomes a really hard challenge, right? And right now, I believe that Cloudfare is pretty much the any the only platform where you can kind of cover the entire AI life cycle, if you will, right? All the way from identity to inference essentially on the edge in our case. Would you mind? Thank you. So, would you mind clicking ahead again? Right. So if you think of this right uh what we think or what we believe is that you kind of have to build an abstraction layer right so really because if you only have one provider this is probably not such a hard challenge but no one is only going to have one provider right because some model is the best today another one's going to be the best tomorrow and in three weeks there's going to be something different right which kind of means you have to lift up the entire abstraction layer of control and separate that from the different providers would you mind clicking a couple of times forward Right. So when it comes to authentication, identity, policy, authorization, guard rates, you know, all of those things that I showed you, you kind of have to differentiate that from all the different providers and the things that you're building, right? So this is kind of what we're thinking where you kind of kind of lift the controls above the providers and have one control plane for every provider, every agent, every employee, right? And it's a unified way of controlling this, but it really doesn't matter what you're trying to control below. That makes sense. Um would you mind clicking forward one more time? So this is kind of at its core what we're doing with other services as well, right? If you think about our network and how Cloudfare is kind of an overlay to things or a wrapper of things, right? It's correct by default. You're in control by default. You can be compliant by default and cost optimized by default and globally available by default. Now these three use cases that we showed today, these are just three, right? There's a million things you need to control. And this also kind of depends on how you build, but if you want to uh would you mind opening up the AI engineering stack tab? This is a blog we built on or that we created on how we do this internally because most of these are actually outcomes of problems we've had internally, right? How do we actually solve this? How do we make Mike myself that builds stuff left, right, and center and it's all risky and I leak things to everyone and their grandmother which I should not but I do because I like speed. I like shipping. So this is kind of you know articulating how we solve this. So this is I highly recommend this read and also to showcase that you can actually build things securely. Valerie, would you go ahead and talk a bit about the women flare app that you've uh built? Yeah, so as Deba said I actually got the hang of using the developer platform. So, I built this community page for Women Flare um the organization that I'm a part of here at Cloudflare and um yeah, it's uh I don't have to worry about what an array is and it just works out. It's really great. So, um this is just one of the tools that I was able one of the pages I was able to build and it's um very fun, very cool. For sure. For sure. And this kind of talks about the core problem we're solving, right? people needing to solve challenges at its core that they could not solve before and now all of a sudden it gets a new set of challenges of things they have to consider consider and kind of think about all the way from cost to control to yeah you name it. Um thank you. You read my mind. That was all for now. This was just three use cases. The live demo went fairly well I would say. So kind of proud. Uh it was actually okay. Uh but hopefully this gives you a couple of ideas of what you could do and kind of how it works. But uh yeah, come find us afterwards for any questions if you want to, you know, see what we're doing or break this down into smaller details. Cool. Thanks. Thank you.

More from Cloudflare

Cita James on HR, Growth, and Building People Teams at Cloudflare thumbnail

Cita James on HR, Growth, and Building People Teams at Cloudflare

Sitta James outlines her HR career journey—from Oklahoma to Cloudflare, with stints in Austin, Lisbon, and London—and he

00:09:38
More Cores, Less Cache — And It Still Got Faster | Cloudflare Gen 13 thumbnail

More Cores, Less Cache — And It Still Got Faster | Cloudflare Gen 13

The episode centers on Cloudflare’s Gen 13 server hardware and accompanying software rewrites, detailing how hardware ch

00:44:30
Sales Is a Math Problem | Vinti Batiste, VP of Enterprise Sales at Cloudflare thumbnail

Sales Is a Math Problem | Vinti Batiste, VP of Enterprise Sales at Cloudflare

The video features Vinty Batist outlining her 30-year career in sales across IBM and Cisco, and her current leadership r

00:12:54
Cloudflare Email Service: now in public beta. Ready for your agents thumbnail

Cloudflare Email Service: now in public beta. Ready for your agents

The video introduces Cloudflare email service for agents, demonstrating how to send and receive emails, and showcasing i

00:10:41

Related Videos

Scott and Mark Learn to Vibe Check thumbnail

Scott and Mark Learn to Vibe Check

 GitHub
01:14:40
Travelers deploys AI-powered claims countrywide with OpenAI thumbnail

Travelers deploys AI-powered claims countrywide with OpenAI

 OpenAI
00:19:06
Why Enterprise AI Fails — And the Skill That Makes You Unfireable thumbnail

Why Enterprise AI Fails — And the Skill That Makes You Unfireable

 Chris Schwenk | Tech Jobber Podcast
00:31:38
The Best DX for scaling VPS Servers (and super cheap) thumbnail

The Best DX for scaling VPS Servers (and super cheap)

 developedbyed
00:29:38
Every Level of an IAM Engineer Career (And What Each One Actually Pays) thumbnail

Every Level of an IAM Engineer Career (And What Each One Actually Pays)

 Chris Schwenk | Tech Jobber Podcast
00:12:09
Streaming terabytes of videos for pennies thumbnail

Streaming terabytes of videos for pennies

 developedbyed
00:16:13

Get daily recaps from
Cloudflare

AI-powered summaries delivered to your inbox. Save hours every week while staying fully informed.

Get Started