Cloudflare Expands Capabilities to Protect Organizations Against Emerging Threats with Defensive AI

This Press Release is also available in 日本語, 한국어, Deutsch, Français, Español and Nederlands.

San Francisco, CA, March 4, 2024 – Cloudflare, Inc. (NYSE: NET), the leading connectivity cloud company, today announced Defensive AI, a personalized approach to securing organizations against the new wave of risks presented by emerging technology. Threat actors have begun to successfully test the limits of AI-enhanced attacks, using the power of AI to launch sophisticated phishing scams, help write malicious code and supercharge attacks on critical business functions. Leveraging the unique traffic patterns of an organization, Cloudflare’s Defensive AI keeps defenders a step ahead of threat actors, by providing tailored mitigations that enable protection of critical applications and entire networks.

The crown jewels and trade secrets of organizations vary, and to protect them, organizations require highly agile security strategies. While AI holds tremendous potential for organizations, it also allows threat actors to rapidly increase their effectiveness and renders one-size-fits-all security offerings obsolete. Adopting a personalized approach to security – looking at an organization’s own traffic patterns – has the power to shift the cybersecurity balance back in favor of defenders.

“Fighting AI with AI is now a non-negotiable. And a personalized approach to protect data and defend against complex threats unique to an organization’s attack surface, at-speed, and scale, is paramount,” said Matthew Prince, CEO and co-founder at Cloudflare. “By understanding ‘normal baselines’ in a customer's environment and mitigating the threats that will move the needle towards increased resilience, Defensive AI is the crucial edge defenders need to stay ahead of today’s adversaries.”

With Defensive AI, Cloudflare’s AI models look at a specific customer traffic patterns, providing that organization with a tailored defense strategy unique to their environment, allowing customers to:

• Protect the Modern Web: APIs comprise 57% of all dynamic traffic on the web and underpin the most popular apps and services for businesses. Cloudflare is developing API Anomaly Detection, which will help prevent attacks designed to damage applications, take over accounts or exfiltrate data. It will leverage AI to learn the behavior of an application and build a model of what a sequence of good requests over time looks like. The resulting traffic model is used to identify attacks that deviate from the “normal” behavior – acting as a guardrail to help stop potentially malicious activity.
• Secure the Number One Threat Vector – Email: Nine out of every ten cyber attacks begin with a phishing scam, so reducing the risk presented by email is pivotal to upholding cyber resilience. Cloudflare’s Cloud Email Security solution stays ahead of threat actors by training AI models to identify different parts of a message and flag suspicious content. The rise of AI-enhanced attacks are making traditional email security providers obsolete, as threat actors can now craft phishing emails with little to no language errors. But while trends like Generative AI continue to evolve, Cloudflare’s models analyze all parts of a phishing attack – most of which are harder to fake.
• Mitigate threats posed by employees – whether accidental or on purpose: Almost half of insider threat incidents involve an employee with privileged access to company assets – underscoring the importance of a Zero Trust approach. Cloudflare Gateway will allow customers to create a baseline of their organization's user behavior and resources being accessed, to flag or filter what presents as risky or unauthorized. This will provide both a score for users themselves and resources, both those that are managed internally and external resources an organization reaches out to.

Cloudflare has reimagined security to leverage AI in the fight against AI. As emerging technology evolves and new tools are developed, Cloudflare is positioned to allow organizations to embrace these productivity enhancements without exposing themselves to malicious use cases.

To learn more, please check out the resources below:

• Blog: The Rise of Defensive AI: Cloudflare’s framework for defending against next-gen threats
• Blog: Dispelling the Generative AI Fear: Cloudflare’s Cloud Email Security Strategy on AI Generated Emails

About Cloudflare

Cloudflare, Inc. (NYSE: NET) is the leading connectivity cloud company. It empowers organizations to make their employees, applications and networks faster and more secure everywhere, while reducing complexity and cost. Cloudflare’s connectivity cloud delivers the most full-featured, unified platform of cloud-native products and developer tools, so any organization can gain the control they need to work, develop, and accelerate their business.

Powered by one of the world’s largest and most interconnected networks, Cloudflare blocks billions of threats online for its customers every day. It is trusted by millions of organizations – from the largest brands to entrepreneurs and small businesses to nonprofits, humanitarian groups, and governments across the globe.

Learn more about Cloudflare’s connectivity cloud at cloudflare.com/connectivity-cloud. Learn more about the latest Internet trends and insights at https://radar.cloudflare.com.

Follow us: Blog | X | LinkedIn | Facebook | Instagram

Forward-Looking Statements

This press release contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended, which statements involve substantial risks and uncertainties. In some cases, you can identify forward-looking statements because they contain words such as “may,” “will,” “should,” “expect,” “explore,” “plan,” “anticipate,” “could,” “intend,” “target,” “project,” “contemplate,” “believe,” “estimate,” “predict,” “potential,” or “continue,” or the negative of these words, or other similar terms or expressions that concern Cloudflare’s expectations, strategy, plans, or intentions. However, not all forward-looking statements contain these identifying words. Forward-looking statements expressed or implied in this press release include, but are not limited to, statements regarding the capabilities and effectiveness of Cloudflare’s Defensive AI, Cloudflare’s API Anomaly Detection, Cloudflare’s Cloud Email Security solution, Cloudflare Gateway and Cloudflare’s other products and technology, the benefits to Cloudflare’s customers from using Defensive AI and Cloudflare’s other products and technology and from integrating API Anomaly Detection, Cloud Email Security Solution, Cloudflare Gateway and Cloudflare’s other products, the potential opportunity for Cloudflare to attract additional customers and to expand sales to existing customers through Cloudflare’s product integrations, the timing of when Defensive AI or any of its related features will be developed and available in beta form, or generally available, to all current and potential Cloudflare customers, Cloudflare’s plans and objectives for, and the timing of, Cloudflare’s Defensive AI and other products and technology, Cloudflare’s technological development, future operations, growth, initiatives, or strategies, and comments made by Cloudflare’s CEO and others. Actual results could differ materially from those stated or implied in forward-looking statements due to a number of factors, including but not limited to, risks detailed in Cloudflare’s filings with the Securities and Exchange Commission (SEC), including Cloudflare’s Annual Report on Form 10-K filed on on February 21, 2024, as well as other filings that Cloudflare may make from time to time with the SEC.

The forward-looking statements made in this press release relate only to events as of the date on which the statements are made. Cloudflare undertakes no obligation to update any forward-looking statements made in this press release to reflect events or circumstances after the date of this press release or to reflect new information or the occurrence of unanticipated events, except as required by law. Cloudflare may not actually achieve the plans, intentions, or expectations disclosed in Cloudflare’s forward-looking statements, and you should not place undue reliance on Cloudflare’s forward-looking statements.

© 2024 Cloudflare, Inc. All rights reserved. Cloudflare, the Cloudflare logo, and other Cloudflare marks are trademarks and/or registered trademarks of Cloudflare, Inc. in the U.S. and other jurisdictions. All other marks and names referenced herein may be trademarks of their respective owners.