Cloudflare has unveiled an expanded suite of security capabilities for its Zero Trust platform, Cloudflare One, aimed at helping enterprises adopt generative AI safely and efficiently. The announcement reflects a growing reality across industries: companies are embracing generative AI for everything from marketing content and customer support to product design and software engineering.
Yet commonly without the protections needed to avoid serious security and privacy risks. Cloudflare’s new offerings attempt to bridge that gap, positioning the company as both a security partner and enabler of enterprise AI adoption at scale.
Generative AI adoption has accelerated rapidly, with employees across organizations experimenting with tools that speed up workflows and open new opportunities for innovation. But the unmonitored use of such technologies has created vulnerabilities. Common risks include employees pasting sensitive company data into public chatbots or deploying AI-driven applications outside the oversight of corporate security teams. Cloudflare’s new features are designed to give enterprises visibility into how AI is being used, while building enforcement tools that ensure company data and systems remain protected.
“Cloudflare is the best place to help any business roll out AI securely,” said Matthew Prince, CEO and co-founder of Cloudflare. “We are the only company today that can offer the security of a Zero Trust platform with a full set of AI and inference development products – all backed with the scale of a global network. The world’s most innovative companies want to pull the AI lever to move, build, and scale fast, without sacrificing security. We are in a unique position to help power that innovation—and help bring AI to all businesses safely.”
A central component of the launch is AI Security Posture Management (AI-SPM), a set of tools within Cloudflare One that gives security leaders real-time insights into AI use across the enterprise. Through Cloudflare’s Shadow AI Report, organizations can identify not just whether employees are using AI applications, but which specific services are being accessed and how they are being engaged. This level of visibility, Cloudflare argues, is essential for developing policies that support safe usage without resorting to blanket bans that stifle productivity.
Cloudflare Gateway would further extend these protections by allowing companies to enforce AI-related security policies directly at the network edge. Organizations can block unapproved applications, restrict uploads of sensitive data, or require review processes before AI tools are greenlit for use. Another feature, AI Prompt Protection, goes even deeper, allowing companies to analyze prompts and responses in real time. This capability helps flag potentially risky interactions – such as employees pasting proprietary source code into an external AI tool – and enables inline interventions ranging from warnings to outright blocking.
Visibility Into AI Model Interactions
The company has also introduced Zero Trust MCP Server Control, designed to provide visibility into how AI models interact with third-party tools and services. By consolidating all MCP (model context protocol) server calls into a single dashboard, organizations can gain granular oversight of AI-driven workflows that extend beyond their core environment. Security teams can then establish user-level policies to govern how these requests are managed, ensuring consistency and compliance across departments and geographies.
These additions would underscore Cloudflare’s ambition to make AI-ready security a core part of its Zero Trust strategy. As more enterprises look to harness generative AI for competitive advantage, they face the dual challenge of enabling innovation while maintaining compliance, resilience, and trust. Cloudflare’s move positions the company to capture that demand by offering an integrated solution that combines global scale, Zero Trust architecture, and AI-specific safeguards.
The update comes at a time when enterprises are rapidly recalibrating their IT strategies around generative AI. Cloudflare’s pitch is clear: security must evolve in lockstep with adoption, and without integrated visibility and controls, organizations risk exposing themselves to breaches and compliance violations. By embedding AI oversight into its core Zero Trust platform, Cloudflare is betting that companies will increasingly see secure AI deployment not as optional, but as foundational to business transformation.
