Cloudflare has infused into its Web Application Firewall (WAF) offering a new capability, dubbed Firewall for AI, focused on AI models in a bid to add a protection layer for large language models (LLMs).
The capability, which is specially tailored for applications using LLMs, will contain a suite of existing and new WAF tools to analyze submitted prompts and identify attempts of exploitation.
âFirewall for AI is agnostic to the specific deployment and can be deployed in front of models hosted on Cloudflare Workers AI or models hosted on any other third-party infrastructure â as long as the traffic is proxied through Cloudflare WAF,â said a Cloudflare spokesperson. âCustomers will be able to control and set up Firewall for AI using the WAF control plane.â
Cloudflare Workers AI is an open, pay-as-you-go AI inference-as-a-service platform, that lets developers run machine learning models on the Cloudflare network from their own code.
Additionally, Cloudflare has announced a new Defensive AI program that will use the technology to fight a growing number of AI-based attacks concerning APIs, emails, and insider incidents.
Protection against DoS and data leakage
The new firewall offering is specifically designed for customers running an AI on Cloudflare Workers AI to protect against concerns such as prompt injection and data leakage. It will scan and evaluate prompts submitted by a user to block model exploitation and attempts to extract data.
The capability is developed by leveraging a combination of heuristics and proprietary AI layers to evaluate prompts and identify abuses and threats.
âFirewall for AI will protect against Model Denial of Service and Sensitive Information Disclosure, which leverage tools and features available to all customers as part of the Web Application Firewall,â the Cloudflare spokesperson said. âFirewall for AI will also run a series of detections designed to identify Prompt Injection attempts and other abuses â e.g., ensuring the topic stays within the boundaries defined by the model owner.â
Firewall for AIâs prompt validation is currently under development and a beta version will be released in the coming months, the spokesperson added.
Defensive AI to detect anomalous behavior
Under a new Defensive AI program, Cloudflare is working on AI-based models to look at specific customer traffic patterns and build a baseline of normal behavior to help detect any anomalies across environments including APIs, emails, and employee access.
âDefensive AI is the framework Cloudflare uses when thinking about how intelligent systems can improve the effectiveness of security solutions,â the Cloudflare spokesperson said. âCloudflare uses AI to increase the level of protection across all security areas, ranging from application security and email security to Cloudflareâs Zero Trust platform.â
The AI models are tailored for the specific application, so API protection uses different models than email or Zero Trust, Cloudflare spokesperson said. Although the implementation might differ, the concepts are similar â for example, tailoring the model to the traffic pattern of specific customers or identifying a baseline of normal behavior and using that to identify anomalies.
While Firewall for AI is already available to Cloudflare customers with the launch, the Defensive AI models are currently under development and the company is yet to announce the launch date.