Cloudflare takes AI Security for Apps to GA and expands AI endpoint discovery across plans
Original: AI Security for Apps is now generally available View original →
Cloudflare announced general availability for AI Security for Apps on March 11, 2026. The product is designed to sit in front of AI-powered applications, discover AI endpoints, detect threats such as prompt injection, PII exposure, and toxic topics, and then let teams enforce policy through Cloudflare’s existing WAF tooling. Cloudflare argues that AI applications and agents create a different security problem from traditional web apps because inputs and outputs are probabilistic, tool calls can trigger real actions, and malicious prompts can turn into immediate incidents.
The GA release adds two meaningful changes. First, AI endpoint discovery is now free for all Cloudflare customers, including Free, Pro, and Business plans, giving security teams visibility into where AI is already deployed. Second, Cloudflare added custom-topics detection so companies can define business-specific subjects they want to detect or control, rather than relying only on generic categories. The company also expanded its ecosystem position by announcing work with IBM Cloud Internet Services and a partnership with Wiz so customers can connect application-layer guardrails with a broader cloud AI-security view.
Why it matters
- Discovery is becoming a first-class AI security problem because many teams do not have a reliable inventory of AI endpoints and agent surfaces.
- The product reflects a push to merge AI-specific protections with familiar web-security controls instead of creating a separate operational stack.
- As more apps hand tool access to models, infrastructure vendors have a stronger opportunity to define the control plane for production AI security.
Cloudflare notes that the full protection suite is available for Enterprise customers, while lower-tier plans currently get the discovery layer first. It also says discovery works best when enough valid traffic is present to identify AI behavior accurately. Even with those limits, the announcement is important because it shows AI security maturing into a practical application-security category, focused less on abstract alignment debates and more on protecting live traffic, APIs, and agent workflows.
Related Articles
Cloudflare said on March 11, 2026 that AI Security for Apps is now generally available. The company also made AI endpoint discovery free across Free, Pro, and Business plans while adding custom topic detection and expanded policy controls.
Cloudflare said on March 11, 2026 that it now returns RFC 9457-compliant Markdown and JSON error payloads to AI agents instead of heavyweight HTML pages. In a same-day blog post, the company said the change cuts token usage by more than 98% on a live 1015 rate-limit response and turns error handling into machine-readable control flow.
Perplexity said on March 11, 2026 that Personal Computer extends its Computer product with a continuously running Mac mini that bridges local files, apps, and sessions. The launch positions an always-on personal agent as a controllable digital proxy rather than a browser-only assistant.
Comments (0)
No comments yet. Be the first to comment!