Cloudflare opens advanced Client-Side Security to all users with AI-assisted detection

What Cloudflare posted on X

On March 30, 2026, Cloudflare said its advanced Client-Side Security tools are now available to all users. The company highlighted a detection stack that combines graph neural networks with LLMs, claiming it reduces false positives by up to 200x while still catching sophisticated zero-day exploits.

That claim is aimed at a real operational problem. Client-side compromises often do not break the page or trigger obvious failures. Checkout still works, the site still loads, and the malicious JavaScript quietly steals credentials or payment data in the browser. In that environment, a security tool that generates too many false alarms is hard to trust, but a tool that waits for perfect certainty can miss the attack entirely.

What Cloudflare's blog adds

Cloudflare's blog says Client-Side Security Advanced, previously sold as the Page Shield add-on, is now available to self-serve customers. The company also says domain-based threat intelligence is now complimentary for all customers in the free Client-Side Security bundle. That makes the announcement not just a model update, but also a distribution change that lowers the barrier to using the product.

The post adds scale and architectural detail. Cloudflare says the product assesses roughly 3.5 billion scripts per day and sees about 2,200 scripts per enterprise zone on average. It collects signals using browser reporting mechanisms such as Content Security Policy, which means customers do not need scanners or application instrumentation and there is no added latency to the protected web app as long as traffic is proxied through Cloudflare.

On the detection side, Cloudflare describes a cascading AI system. A GNN acts as the frontline engine by analyzing the JavaScript AST to classify malicious intent even when the code is minified or obfuscated. An LLM then provides a second opinion for triage, which Cloudflare says is what drives the large reduction in false positives. The product also includes code change monitoring and proactive blocking rules, tying the announcement to compliance and day-to-day security operations rather than pure research.

Why this matters

The larger signal is that AI-based security systems are moving from premium experiments toward broader default availability. For merchants, SaaS vendors, and enterprise web teams, client-side abuse is especially painful because the malicious code often runs in trusted pages and third-party dependencies that appear legitimate at first glance.

By making advanced detection self-serve and expanding the free bundle, Cloudflare is trying to reduce both the operational burden and the procurement friction around this class of defense. If the claimed reduction in false positives holds up in production, that could make client-side monitoring more usable for teams that previously could not afford the alert fatigue.

Sources: Cloudflare X post · Cloudflare blog post