Any web application that accepts natural language input and generates AI responses has a new attack surface. Cloudflare is now shipping tools to find and protect those surfaces, with its AI Security for Apps suite moving to general availability.
The most notable piece: automatic discovery of LLM-powered endpoints is free for all Cloudflare plans, including the free tier. The system scans your web traffic, identifies which endpoints talk to large language models (AI systems that process and generate text), and labels them in your security dashboard. You don't need to manually register anything.
What Ships for Enterprise
Paid detection and mitigation features are available now for Enterprise customers. The detection layer analyzes traffic to AI endpoints for three categories of risk:
- Prompt injection - attempts to manipulate an AI into ignoring its instructions or leaking internal data
- PII exposure - personally identifiable information showing up in AI inputs or outputs
- Sensitive and toxic content - including a new custom topics feature that lets businesses define their own categories to flag
Mitigation works through Cloudflare's existing WAF (Web Application Firewall) rule builder, so teams can block, log, or custom-respond to flagged requests using the same interface they already know. The system currently supports extracting prompts from requests sent to OpenAI, Anthropic, Google Gemini, Mistral, Cohere, xAI, and DeepSeek APIs.
Cloudflare also announced partnerships with IBM Cloud Internet Services and Wiz for unified security posture across AI deployments.
This matters because most companies bolting AI features onto existing products are doing it fast and thinking about security second. The OWASP Top 10 for LLM Applications lists prompt injection and data leakage as top risks, and most teams don't have dedicated tooling to monitor for them. Free endpoint discovery at least gives smaller teams visibility into where their AI exposure actually sits - even if the full protection requires an enterprise contract.