CF Cloudflare AI
Customer Decision Map

Secure AI by path.

Start with the path you need to secure. The matching Cloudflare control changes by traffic type, while DLP governance can be reused across most AI usage patterns.

One DLP profile strategy Log, allow, isolate, or block Govern employees, systems, and agents

How to use this map: select any product box to highlight when it makes sense, then use the expandable sections in the detail panel to read common use cases, primary controls, and the relevant DLP or standalone security note.

Inline controls AI Gateway, SWG, MCP Portal through Gateway, and reverse proxy protections can inspect traffic while it flows.
Out-of-band checks CASB uses provider APIs to find risky SaaS posture and sensitive content after storage.
Owned execution Workers, Agents SDK, and remote MCP servers fit when you own the app, agent, or integration layer.
Private reachability Workers VPC connects Workers to private APIs and can apply Gateway policies to Worker public egress.
Full Customer Architecture

How the pieces fit together

A comprehensive customer architecture usually has several AI paths at once: employees using web AI, coding agents calling LLM APIs, MCP-enabled tools reaching approved servers, public AI apps behind Cloudflare, and Workers-based agents reaching private networks. Requests flow left to right through the relevant Cloudflare control; responses return through the same policy checkpoints.

Lane arrows = request path Blue note = response path Dashed lane = out-of-band/API
Ingress security Zero Trust / private LLM gateway MCP / CASB / SaaS Developer Platform
Cloudflare Global Network + Zero Trust + Developer Platform
Start: web-based AIEmployee deviceBrowser or app accessing ChatGPT, Claude, Gemini, Perplexity, and other web AI tools.
Zero TrustSecure Web GatewayDNS, Network, HTTP, egress, app controls, RBI.
GovernanceDLP + AI Prompt ProtectionPolicy checks for prompts and sensitive data.
DestinationWeb AI SaaSInline request reaches approved web AI destination.
SaaS response returns through SWG/Gateway policies where traffic is inline and inspectable.
Start: LLM/API callsCLI, app, or agentClaude Code, OpenCode, LiteLLM, Cursor, Workers, or custom agents with configurable endpoints.
LLM gatewayAI GatewayAuth, logs, caching, rate limits, routing, DLP.
Model choiceWorkers AIOn-network inference option.
DestinationLLM providersWorkers AI, OpenAI, Anthropic, Google, Mistral, and others.
Model response returns through AI Gateway for logging and optional response DLP before reaching the client.
Start: MCP toolsMCP-capable clientClaude Desktop, Claude Code, Cursor, OpenCode, or a custom agent harness.
Identity + toolsAccess + MCP Server PortalOAuth, tool curation, audit, Code Mode.
Optional routeGateway routing + DLPHTTP logs, egress, standard DLP profiles.
DestinationRemote MCP ServersWorkers-hosted MCPs, SaaS MCPs, internal tools, and APIs.
Tool result returns through the portal; blocked DLP matches surface back to the client as tool errors.
Start: public hostnameUser or attackerCustomer traffic, bots, abuse attempts, prompt injection, scraping, or normal app usage.
Reverse proxyWAF + AI Security for AppsDDoS, Bot, WAF, rate limits, API Shield, cf.llm signals.
App runtimeWorkers + Agents SDKAI app, Durable Objects, Workflows, Queues, R2, Vectorize.
DestinationModels + toolsAI Gateway, Workers AI, MCP Portal, providers, and downstream APIs.
Application response returns through edge controls; AI detection fields and threat signals remain visible for policy and analytics.
Start: private accessWorker agentCustom agent, automation Worker, Remote MCP server, or background workflow.
Private reachWorkers VPCVPC Services or VPC Networks, including cf1:network.
Policy layerGateway policiesPublic egress logs and policy enforcement for Worker traffic.
DestinationPrivate + public servicesInternal APIs, databases, Mesh nodes, Tunnel routes, WAN, external APIs, Internet.
Private service or public endpoint response returns to the Worker, agent, or MCP server that made the call.
Start: out-of-bandSecurity team / CASBAPI integration scans SaaS state after content lands in provider tenants.
API integrationCASBPosture, findings, stored content, DLP detections.
DestinationSaaS tenantsChatGPT, Claude, Gemini, projects, files, chats, artifacts where supported.
Findings, DLP matches, and compliance evidence flow back to dashboards, Logpush, SIEM, and workflows.
CASB out-of-band lane CASB connects to SaaS providers such as ChatGPT, Claude, and Gemini by API. It scans posture, uploaded files, chat messages, projects, and artifacts where supported, then sends DLP findings and compliance evidence to security teams.
Shared foundation across paths Use Cloudflare Access identity, device posture, reusable DLP profiles, Gateway logs, AI Gateway analytics, CASB findings, Logpush, SIEM workflows, and policy evidence as the common governance layer.

For educational and demonstration purposes only. Not an official Cloudflare demo. Product behavior summarized from Cloudflare Developer Docs and public Cloudflare blog posts.