Cloudflare

Cloudflare AI Security

Executive Summary — Three Pillars of Protection

Pillar 1
End-User Protection
Pillar 2
App & API Security
Pillar 3
Agentic & MCP

Three AI Threat Models

End-User Protection
Who: Employees using ChatGPT, Claude, Copilot via browser
  • Data leakage to AI providers
  • Shadow AI without visibility
  • PII and secrets in prompts
Solution: Cloudflare One
Gateway + WARP + DLP
App & API Security
Who: Applications calling LLM APIs programmatically
  • Prompt injection via API
  • Runaway costs from loops
  • No visibility into usage
Solution: AI Gateway
Observability + rate limiting + DLP
Agentic & MCP
Who: AI agents using MCP to access tools, APIs, data
  • Uncontrolled tool access
  • Prompt injection via tools
  • Shadow MCP servers
Solution: MCP Portal + WAF
Access + AI Security for Apps

Pillar 1: End-User Protection

Employees using ChatGPT, Claude, Copilot, Gemini via browser — protect corporate data without blocking productivity

Cloudflare One (Zero Trust)
  • Gateway: 42+ AI apps in library, allow/block/log
  • DLP: 700+ detectors scan prompts for PII, secrets
  • Browser Isolation: Block copy/paste, uploads
  • Access: SSO/MFA, group-based policies
Key Outcomes
  • Visibility: See all shadow AI usage
  • Compliance: PII never reaches AI providers
  • Control: Per-user, per-group, per-app policies
  • Productivity: Say "yes" to AI with guardrails
How it works: WARP routes employee traffic through Cloudflare — DLP scans HTTP body before it reaches AI provider

Pillar 2: App & API Security

For developers and applications making programmatic LLM API calls — not end users browsing to ChatGPT

AI Gateway — Single Security Layer for All LLM Calls
20+ Providers
Universal endpoint
DLP Both Ways
Prompts & responses
Cost Control
Caching + budgets
Observability
Tokens, latency, cost
Dynamic Routing: Failovers, A/B tests, budget caps
Rate Limiting: Prevent runaway agent loops ($10K+ risk)

Pillar 3: Agentic & MCP Security

AI agents using Model Context Protocol (MCP) to access tools, databases, APIs — the new attack surface

MCP Server Portal
SSO app launcher for MCP servers — one endpoint, all tools
  • Auth: Corporate IdP, per-server access control
  • Tool filtering: Allow/block specific tools
  • Logging: Full audit trail of agent actions
  • DLP: Scan tool outputs for sensitive data
AI Security for Apps (WAF)
Protect public MCP servers from inbound attacks
  • Prompt Injection: 1-99 risk scoring
  • PII Detection: Fuzzy AI + regex exact
  • Unsafe Topics: Built-in + custom filters
  • Shadow MCP: Detect unauthorized servers
Key insight: AI Gateway handles LLM calls • MCP Portal handles tool calls — both paths need protection

Three Pillars, One Platform

Pillar 1
Use Case: Employees using AI chat tools
Solution:
  • Cloudflare One (Gateway + DLP)
  • Browser Isolation
Shadow AI visibility, DLP, compliance
Pillar 2
Use Case: Apps calling LLM APIs
Solution:
  • AI Gateway
  • DLP, rate limits, routing
Cost control, resilience, observability
Pillar 3
Use Case: Agents using MCP tools
Solution:
  • MCP Portal + WAF
  • AI Security for Apps
Tool governance, shadow MCP detection
Unified management from a single Cloudflare dashboard

Which Challenge is Most Pressing?

End-User
Shadow AI, data leakage, compliance
App & API
LLM costs, observability, security
Agentic & MCP
Tool governance, agent control

Let's discuss your AI security requirements