Cloudflare launches Australian tools to control & secure AI use

Cloudflare has announced a range of new security features designed to help organisations in Australia monitor, control, and secure their use of artificial intelligence technologies as workers continue to engage with AI on a daily basis, often without company approval.

Recent research has found that almost half (46%) of Australian employees admit to using AI in unauthorised ways, with many pasting confidential data into public chatbots or experimenting with unapproved AI applications. This widespread but often hidden practice, known as shadow AI, creates challenges for businesses that may lack visibility over how AI tools are accessed and the potential risks they pose.

Visibility and control

The new capabilities, available on the Cloudflare One Zero Trust platform, aim to provide organisations with centralised tools to automatically analyse and manage how generative AI is used across their networks. Among the features introduced is the Shadow AI Report, which offers detailed insights into which AI applications are being accessed by employees and how frequently these interactions occur.

Cloudflare stated that security teams can now gain a data-driven understanding of AI activity within their organisations, allowing them to identify not just the presence of AI use, but also the specific applications and users involved.

The risk of shadow AI

Security concerns have grown as employees use generative AI technologies outside official company guidelines. Sensitive data, such as intellectual property or confidential business information, can end up being shared with third-party AI providers, often without visibility or approval from IT departments.

Cloudflare's AI Security Posture Management (AI-SPM) aims to address this issue directly. Cloudflare Gateway now enables organisations to enforce AI usage policies at the network edge, allowing security teams to either block unapproved AI tools, restrict data uploads, or review applications to ensure they comply with company security and privacy standards.

Protecting sensitive information

One of the key new features, AI Prompt Protection, allows policy enforcement at the prompt level during employee interactions with AI models. This system can flag or block potentially risky activity, such as entering source code or confidential data into an AI platform that has not been vetted.

With this feature, security teams are able to monitor and control what data may be sent outside the organisation, reducing the risk of unintentional data disclosure without completely restricting legitimate business uses of AI tools.

Managing external AI interactions

Cloudflare has also added Zero Trust MCP Server Control, which collects all calls made by AI models or applications to external servers in a unified dashboard. This consolidation allows for centralised visibility of AI traffic, regardless of its source, and makes it possible for security teams to set user-level policies at both the network gateway and individual application levels.

This enhancement is expected to improve the ability of organisations to audit, track, and control the external flow of data triggered by AI tools across the business.

Cloudflare's perspective

"Cloudflare is the best place to help any business roll out AI securely. We are the only company today that can offer the security of a Zero Trust platform with a full set of AI and inference development products - all backed with the scale of a global network," said Matthew Prince, CEO and co-founder at Cloudflare. "The world's most innovative companies want to pull the AI lever to move, build and scale fast, without sacrificing security. We are in a unique position to help power that innovation–and help bring AI to all businesses safely."

Matthew Prince highlighted the growing demand from businesses to adopt AI while retaining robust security measures, and said that the new capabilities provide the resources necessary to move quickly without lowering guardrails on sensitive data protection.

Features in detail

Cloudflare detailed several new features as part of this release:

• The Shadow AI Report, providing instant, detailed insights into the use of generative AI applications across the network.
• Automatic enforcement of AI policies through Cloudflare Gateway at the network edge, blocking or limiting access to unauthorised AI tools and data uploads.
• AI Prompt Protection, which flags or blocks risky AI interactions and ensures prompts and responses containing sensitive data can be restricted as required by organisational policy.
• Zero Trust MCP Server Control, a central dashboard for managing all external requests by AI models and applications.

The enhanced Zero Trust platform is intended for businesses seeking to balance efficient use of AI technologies with the need to safeguard sensitive data and comply with regulatory or internal requirements.

Cloudflare emphasises that by providing granular controls and extensive visibility into AI usage, organisations can maintain security standards even as AI becomes more deeply integrated into daily business processes across various departments, including finance, marketing, engineering, and design.