AI Security for Apps
Applications that use large language models (LLMs) are exposed to threats specific to how LLMs process input — prompt injection attacks, PII exposure in prompts, and prompts about unsafe topics.
AI Security for Apps (formerly Firewall for AI) complements your existing WAF rules with detections designed for these LLM-specific threats. It is model-agnostic — the detections work regardless of which LLM you use.
- PII detection — Detect personally identifiable information (PII) in incoming prompts, such as phone numbers, email addresses, social security numbers, and credit card numbers.
- Unsafe and custom topic detection — Detect prompts related to unsafe subjects such as violent crimes or hate speech, or custom topics specific to your organization.
- Prompt injection detection — Detect prompts designed to subvert your LLM's intended behavior, such as attempts to make the model ignore its instructions or reveal its system prompt.
When enabled, AI Security for Apps scans incoming requests to endpoints labeled cf-llm for LLM prompts that may contain threats. Currently, the detection only handles requests with a JSON content type (application/json).
Based on scan results, Cloudflare populates AI detection fields — fields you can use in WAF rule expressions. You can use these fields in two ways:
- Monitor: Filter by the
cf-llmlabel in Security Analytics to review detection results across your traffic. - Mitigate: Use the fields in custom rules or rate limiting rules to block or challenge requests based on detection results.
AI Security for Apps capabilities vary by Cloudflare plan:
| Capability | Free | Pro | Business | Enterprise |
|---|---|---|---|---|
| LLM endpoint discovery — Automatically identify AI-powered endpoints across your web properties | Yes | Yes | Yes | Yes |
| AI Security Log Mode Ruleset — Pre-built ruleset that logs the full request body alongside detection results | No | No | No | Paid add-on |
| AI detection fields — PII detection, prompt injection scoring, unsafe topic detection, custom topics | No | No | No | Paid add-on |
To get access to the AI Security Log Mode Ruleset and enable AI detection fields, contact your account team.
AI Security for Apps is built into the Cloudflare Web Application Firewall (WAF) — the WAF must be enabled on your zone before detection fields can be populated and used in rule expressions.
- AI Gateway — Monitor, control, and cache requests to LLM providers.
- What are the OWASP Top 10 risks for LLMs? ↗ — Background on the most common security risks for LLM-powered applications.