AI Security for Apps Now Generally Available from Cloudflare
Key Facts
- What: Cloudflare has made AI Security for Apps generally available, providing detection and mitigation for threats targeting AI-powered applications.
- When: Announced and available starting March 11, 2026.
- New Capabilities: Custom topics detection for organization-specific policies; AI endpoint discovery now free for all customers, including Free, Pro, and Business plans.
- Partnerships: Expanded collaboration with IBM to deliver AI security to its cloud customers; new partnership with Wiz for unified AI security posture visibility.
- Core Functions: Automatic discovery of LLM-powered endpoints, always-on detection for prompt injection, PII exposure, toxic topics, and mitigation through Cloudflare’s WAF rule builder.
Lead paragraph
Cloudflare announced today that AI Security for Apps is now generally available, offering a dedicated security layer to detect and block threats against AI-powered applications and agents. The service addresses the unique challenges of securing probabilistic, natural language interfaces that traditional web application firewalls cannot adequately protect. As part of the launch, Cloudflare is making AI endpoint discovery free for every customer on its Free, Pro, and Business plans while introducing custom topics detection and revealing expanded partnerships with IBM and Wiz.
A New Kind of Attack Surface
Traditional web applications operate with predictable, rule-based interactions that allow security teams to define clear allow and deny policies. AI-powered applications function differently. They accept natural language prompts and generate responses that are inherently probabilistic rather than deterministic.
This fundamental shift creates a new attack surface. Attackers can use prompt injection techniques to manipulate large language models into performing unauthorized actions or leaking sensitive information. As AI applications evolve into autonomous agents with tool-calling capabilities — such as processing refunds, modifying customer accounts, or accessing databases — the potential impact of a successful attack grows significantly.
The risks are well documented in the OWASP Top 10 for LLM Applications, which highlights prompt injection, sensitive information disclosure, and unbounded consumption as major concerns. Cloudflare’s solution sits in front of AI-powered applications as part of its global reverse proxy infrastructure, whether organizations use third-party models or self-hosted systems.
How AI Security for Apps Works
The product delivers three primary capabilities: discovery, detection, and mitigation.
Discovery — Now Free for Everyone
Security teams often lack complete visibility into where AI capabilities have been deployed across their web properties, especially as development teams rapidly adopt and swap between different large language models and providers.
Cloudflare’s AI endpoint discovery automatically identifies LLM-powered endpoints regardless of hosting location or specific model used. Rather than relying on simple path matching such as /chat/completions, the system analyzes behavioral patterns to detect AI functionality in diverse applications including product search tools, valuation engines, and recommendation systems.
Beginning today, this discovery capability is available at no cost to all Cloudflare customers, including those on Free plans. Discovered endpoints appear in the Security → Web Assets section of the dashboard, labeled as cf-llm.
For Free plan customers, discovery begins when they first visit the Discovery page. Paid plan customers receive automatic, recurring background discovery. The system requires sufficient valid traffic to confidently identify AI-powered endpoints.
Detection and New Custom Topics Capability
Once endpoints are identified, AI Security for Apps applies always-on detection to all traffic directed at them. Each prompt is analyzed by multiple detection modules covering prompt injection, personally identifiable information (PII) exposure, and sensitive or toxic topics. Detection results are attached as metadata that customers can reference when building custom Web Application Firewall (WAF) rules.
With general availability, Cloudflare is introducing custom topics detection. This allows organizations to define their own sensitive subjects that should trigger alerts or blocks. Examples include:
- A financial services firm monitoring discussions of specific securities
- A healthcare provider flagging references to patient data
- A retailer tracking inquiries about competitor products
The company notes it continuously leverages its global network, which observes traffic from roughly 20% of the web, to identify emerging attack patterns before they affect individual customers.
Expanded Partnerships
Cloudflare also announced strengthened collaboration with IBM. IBM has selected Cloudflare to provide AI security capabilities to its cloud customers. Additionally, a new partnership with Wiz will enable mutual customers to gain a unified view of their AI security posture across both platforms.
These partnerships reflect the growing enterprise demand for integrated security solutions that address the full spectrum of AI-related risks.
Customer Perspectives
Rick Radinger, Principal Systems Architect at Newfold Digital — the company behind Bluehost, HostGator, and Domain.com — highlighted the challenge many organizations face.
“Most of Newfold Digital’s teams are putting in their own Generative AI safeguards, but everybody is innovating so quickly that there are inevitably going to be some gaps eventually,” Radinger said.
AI Security for Apps aims to close those gaps by providing centralized, network-level protection that complements application-level safeguards.
Impact on Developers, Security Teams, and the Industry
For developers and security teams, the general availability of AI Security for Apps offers a practical way to secure AI deployments without requiring fundamental changes to application architecture. Because it operates at the network edge through Cloudflare’s reverse proxy, organizations can add protection to both new and existing AI-powered applications.
The decision to make endpoint discovery free for all customers, including the Free tier, significantly lowers the barrier to understanding AI usage across an organization’s internet-facing properties. This visibility represents a critical first step toward effective governance of AI systems.
In the broader industry context, Cloudflare’s launch arrives alongside other AI security announcements. On the same day, Netskope unveiled its Netskope One AI Security suite, while other vendors including Protect AI, Digital.ai, and Google Cloud continue expanding their AI security offerings. This reflects the rapid maturation of the AI security market as enterprises move beyond experimental AI projects into production deployments.
What’s Next
Cloudflare indicated it will continue expanding the detection capabilities of AI Security for Apps, with particular focus on leveraging its massive global network to identify new attack techniques. The company is also exploring additional ways to help customers enforce organizational policies around AI usage.
As AI agents become more prevalent and gain broader access to enterprise systems and data, solutions like AI Security for Apps are expected to evolve from optional protections to essential components of modern application security stacks.
Organizations interested in the service can begin by exploring the new discovery capabilities in their Cloudflare dashboard. Those on paid plans will see automatic discovery running in the background, while all customers can access the enhanced detection and WAF integration features now that the product has reached general availability.