AI is not only transforming security tools, but also the very nature of network traffic. Cloudflare addresses this shift across three areas: control over who consumes our data, an AI assistant that shortens the path from data to decisions, and an extended WAF with intent analysis for AI-generated traffic.

AI in cybersecurity: from hype to real control

Artificial intelligence is no longer just an add-on to security tools. Today, it fundamentally changes what internet traffic looks like — an increasing share is no longer generated by users, but by systems that automatically crawl, analyze, and leverage available data. Often without the knowledge or consent of the organizations whose resources are being consumed.

As a result, the key challenge is no longer simply detecting an attack. What matters more is understanding who is interacting with our resources — and for what purpose. In a world of AI agents, crawlers, and systems learning from third-party data, the traditional detection-and-blocking approach is no longer sufficient.

Cloudflare responds to this shift with a set of AI-driven mechanisms — not as an optional add-on, but as an integral part of day-to-day security operations.

Visibility and control over AI traffic

The rise of AI means not only new models, but also an entirely new type of network traffic — generated by systems that automatically crawl, analyze, and learn from available content. In practice, more and more organizations are facing the same question: who is using our data, and how?

Cloudflare provides a concrete answer: the ability to identify and control AI systems visiting your website. In practice, this means:

• visibility – which AI systems (crawlers, agents) are using your resources,
• access control – deciding which of them are allowed and which are blocked,
• analytics – insights into which URLs and content are most frequently queried by AI systems.

This marks a significant shift from the previous model, where organizations often had no visibility into who was accessing their data or why. In the context of the growing role of AI agents, this is no longer just about classic bot management — it becomes about conscious access governance, especially when data may be used for model training or building AI-powered services.

Cloudy – AI shortening the path from data to decisions

One of the more interesting directions in Cloudflare’s platform evolution is changing how users interact with data and configurations — specifically, how quickly they can understand data and act on it. This is where Cloudy – an AI assistant built directly into the platform comes in.

At first glance, it looks like another chatbot in the admin panel. In practice, however, it can significantly change how analytics is handled. Instead of manually navigating dashboards, filtering logs, and building charts, users can simply ask for the data they need. A traffic spike, DDoS attack details, or a specific metric — Cloudy generates the visualization and retrieves the relevant data automatically.

But that’s just the first layer. More importantly, Cloudy does not stop at presenting data — it starts interpreting it. Based on configuration and observed traffic, it highlights anomalies, correlates them with specific events, and suggests remediation actions. These remain recommendations — the final decision still lies with the analyst.

In practice, this shifts the role of the specialist: instead of searching for patterns in logs and building basic analyses, they can focus on validating recommendations and optimizing the environment. The system is also becoming increasingly proactive — not only answering questions, but suggesting improvements based on observed traffic patterns.

An important aspect is privacy: Cloudy operates solely on the configuration data of a given environment and respects user permissions. It does not learn from customer data or use it to train models — a critical concern in many AI discussions.

Adoption of such solutions is still relatively low. In conversations with clients, there is a recurring lack of trust in AI recommendations and a preference for manual control. This is understandable, but increasingly difficult to maintain given the scale and complexity of modern environments. Considering the pace of evolving threats, becoming comfortable with such tools is inevitable.

WAF in the age of AI – from scoring to intent analysis

The growing volume of requests generated by automated systems is also reshaping the role of traditional protection mechanisms, such as WAF. Historically, request analysis relied on two dimensions: whether the traffic looks like an attack, and whether it is generated by a human or an automated system. Cloudflare applies both approaches simultaneously — each request is assigned a score.

WAF Attack Score evaluates whether a request exhibits characteristics of a typical attack. Bot Score determines whether traffic comes from a human or a bot — and if so, what type. Classification considers browser characteristics, HTTP headers, and identification of known bots and crawlers.

The problem is that in the AI era, this classification is no longer sufficient. Traffic generated by AI models and agents increasingly does not fit neatly into “attack” or “bot” categories. It may resemble legitimate user requests, while actually being used for large-scale data extraction, model training, or targeted content discovery.

This is where the next step emerges: a dedicated analysis layer for AI Security. Instead of treating AI traffic as just another type of automation, it becomes a separate category — with its own context and additional analytical signals. But this approach goes beyond simple classification.

AI Security introduces deeper analysis of what an agent is actually doing. It’s no longer just about whether traffic is automated, but about interpreting its intent. The system can identify what types of data are being queried, which resources are most frequently accessed, and whether behavior suggests targeted data extraction.

In practice, this may look like identifying a bot intensively scanning a site for specific types of data — even if no breach has occurred. The behavioral pattern itself becomes a signal that can be incorporated into security policies.

This is a fundamental shift. WAF moves beyond analyzing request syntax and known attack patterns, and begins operating at the level of context and intent. Instead of only answering “is this an attack?”, it also addresses “what is this traffic trying to achieve?”

How to implement visibility and control over AI traffic in your environment

In a world where an increasing share of traffic is generated by AI, this approach is no longer optional — it becomes essential. Traditional detection mechanisms remain necessary, but without context and intent, they are no longer sufficient.

These three areas form a cohesive whole. Control over AI traffic provides visibility into who is accessing your data and why. Cloudy reduces the gap between raw analytics and actionable decisions. The extended WAF goes beyond identifying attacks and begins interpreting the purpose behind traffic.

The common denominator is clear: in an environment where a significant portion of traffic is generated by AI systems, detection alone is no longer enough. A layer of context and intent is required — and this is exactly the direction Cloudflare is taking.

Let’s talk about how to implement visibility and control over AI traffic in your environment. Contact us.