← Back
Cloudflare
Cloudflare launches AI Security for Apps with free endpoint discovery for all users
Cloudflare · releasefeaturesecurityapiplatform · blog.cloudflare.com ↗

AI Security for Apps Now Generally Available

Cloudflare has released AI Security for Apps as a fully supported product, providing comprehensive protection against threats targeting AI-powered applications and agents. The service operates as a reverse proxy that sits in front of AI endpoints, whether they're using third-party models like OpenAI or self-hosted solutions.

Core Capabilities

The product provides three integrated security functions:

  • Discovery: Automatically identifies LLM-powered endpoints across your web properties using behavioral analysis rather than pattern matching. This capability is now free for all Cloudflare customers, including Free, Pro, and Business plans.
  • Detection: Runs continuous analysis on all prompts targeting AI endpoints, checking for prompt injection attacks, personally identifiable information (PII) exposure, and policy violations.
  • Mitigation: Enforces security policies through the familiar WAF rule builder, allowing custom responses to detected threats.

New General Availability Features

Custom Topic Detection is the headline new feature shipping with GA. Rather than relying on generic threat categories, organizations can now define their own off-policy topics—such as discussions of specific financial securities, competitor products, or sensitive medical information—that warrant blocking or logging.

The discovery system works by analyzing endpoint behavior patterns across sufficient valid traffic, enabling identification of AI applications that don't follow conventional paths like /chat/completions. This addresses a critical gap: many AI implementations (product search tools, valuation engines, recommendation systems) have non-obvious API signatures.

Strategic Partnerships

Cloudflare has announced an expanded collaboration with IBM, which will deliver AI security capabilities to its cloud customers. Additionally, a partnership with Wiz provides mutual customers with unified visibility into their AI security posture alongside infrastructure security.

Why This Matters

AI-powered applications present a fundamentally different attack surface than traditional web applications. While conventional apps have deterministic operations that can be secured with fixed rules, AI systems accept natural language and generate probabilistic outputs. Bad actors can manipulate LLMs through prompt injection to leak sensitive data or execute unauthorized actions—particularly critical when AI gains access to tool calls for processing refunds, account modifications, or data access.