Skip to content

Commit e4bb62b

Browse files
pedrosousapedrosousa
authored
[WAF] AI security updates (#28919)
1 parent 77522f9 commit e4bb62b

3 files changed

Lines changed: 19 additions & 17 deletions

File tree

src/content/docs/waf/detections/ai-security-for-apps/index.mdx

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -29,12 +29,13 @@ Cloudflare will populate [AI detection fields](/waf/detections/ai-security-for-a
2929

3030
AI Security for Apps capabilities vary by Cloudflare plan:
3131

32-
| Capability | Free | Pro | Business | Enterprise |
33-
| -------------------------------------------------------------------------------------------------------- | ---- | --- | -------- | ---------- |
34-
| **LLM endpoint discovery** — Automatically identify AI-powered endpoints across your web properties | Yes | Yes | Yes | Yes |
35-
| **AI detection fields** — PII detection, prompt injection scoring, unsafe topic detection, custom topics | No | No | No | Yes |
32+
| Capability | Free | Pro | Business | Enterprise |
33+
| ---------------------------------------------------------------------------------------------------------------- | ---- | --- | -------- | ---------- |
34+
| **LLM endpoint discovery** — Automatically identify AI-powered endpoints across your web properties | Yes | Yes | Yes | Yes |
35+
| **AI Security Log Mode Ruleset** — Pre-built ruleset that logs the full request body alongside detection results | No | No | No | Yes |
36+
| **AI detection fields** — PII detection, prompt injection scoring, unsafe topic detection, custom topics | No | No | No | Yes |
3637

37-
To enable AI detection fields, contact your account team.
38+
To get access to the [AI Security Log Mode Ruleset](/waf/detections/ai-security-for-apps/log-mode-vs-production-mode/#log-mode) and enable [AI detection fields](/waf/detections/ai-security-for-apps/fields/), contact your account team.
3839

3940
AI Security for Apps is built into the Cloudflare [Web Application Firewall (WAF)](/waf/) — the WAF must be enabled on your zone before detection fields can be populated and used in rule expressions.
4041

src/content/docs/waf/detections/ai-security-for-apps/log-mode-vs-production-mode.mdx

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ AI Security for Apps can operate in two distinct modes. Understanding the trade-
2323

2424
| Feature | Production mode | Log mode |
2525
| ---------------------- | -------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- |
26-
| **How it works** | You write WAF [custom rules](/waf/custom-rules/) using AI Security for Apps detection fields | You enable the **AI Security Log Mode Ruleset** with pre-built rules |
26+
| **How it works** | You write WAF [custom rules](/waf/custom-rules/) using AI Security for Apps detection fields | You enable the AI Security Log Mode Ruleset with pre-built rules |
2727
| **Prompt logging** | No — only request metadata is logged | Yes — the full request body is logged (encrypted via [payload logging](/waf/managed-rules/payload-logging/)) |
2828
| **Response logging** | No — use [AI Gateway](/ai-gateway/) if response visibility is required | No — same limitation |
2929
| **Policy flexibility** | Full — combine injection scores, PII categories, bot scores, custom topics, and more | Limited — three fixed rules (PII detected, unsafe topic detected, prompt injection detected) with no score-based or subcategory logic |
@@ -48,7 +48,7 @@ In production mode, the prompt text is not logged. You can see detection metadat
4848

4949
## Log mode
5050

51-
Log mode uses the **AI Security Log Mode Ruleset** — a pre-built ruleset that logs the full request body alongside detection results. This mode is designed for evaluation and tuning rather than production enforcement.
51+
Log mode uses the AI Security Log Mode Ruleset — a pre-built ruleset that logs the full request body alongside detection results. This mode is designed for evaluation and tuning rather than production enforcement.
5252

5353
In log mode:
5454

src/content/fields/index.yaml

Lines changed: 11 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1339,23 +1339,24 @@ entries:
13391339
13401340
| Value | Category name | Description |
13411341
| ----- | ------------------------- | ----------------------------------------------------------------------------------------------------------------- |
1342-
| `S1` | Violent Crimes | Violent crimes against people or animals. |
1343-
| `S2` | Non-Violent Crimes | Non-violent offenses such as fraud, theft, drug creation, or hacking. |
1344-
| `S3` | Sex-Related Crimes | Sex-related crimes, including trafficking, assault, and harassment. |
1345-
| `S4` | Child Sexual Exploitation | Sexual exploitation of children. |
1342+
| `S1` | Violent crimes | Violent crimes against people or animals. |
1343+
| `S2` | Non-violent crimes | Non-violent offenses such as fraud, theft, drug creation, or hacking. |
1344+
| `S3` | Sex-related crimes | Sex-related crimes, including trafficking, assault, and harassment. |
1345+
| `S4` | Child sexual exploitation | Sexual exploitation of children. |
13461346
| `S5` | Defamation | False statements that are likely to damage a living person's reputation. |
1347-
| `S6` | Specialized Advice | Specialized financial, medical, or legal advice, or misrepresent dangerous things as safe. |
1347+
| `S6` | Specialized advice | Specialized financial, medical, or legal advice, or misrepresent dangerous things as safe. |
13481348
| `S7` | Privacy | Sensitive, nonpublic personal information that could endanger an individual. |
1349-
| `S8` | Intellectual Property | Violate a third party's intellectual property rights. |
1350-
| `S9` | Indiscriminate Weapons | Creation of indiscriminate weapons like chemical, biological, or nuclear arms. |
1349+
| `S8` | Intellectual property | Violate a third party's intellectual property rights. |
1350+
| `S9` | Indiscriminate weapons | Creation of indiscriminate weapons like chemical, biological, or nuclear arms. |
13511351
| `S10` | Hate | Demean or dehumanize people based on their race, religion, sexual orientation, or other personal characteristics. |
1352-
| `S11` | Suicide & Self-Harm | Encourage or endorse suicide, self-injury, or disordered eating. |
1353-
| `S12` | Sexual Content | Erotic content. |
1352+
| `S11` | Suicide and self-harm | Encourage or endorse suicide, self-injury, or disordered eating. |
1353+
| `S12` | Sexual content | Erotic content. |
13541354
| `S13` | Elections | False information about the time, place, or manner of voting in elections. |
1355+
| `S14` | Code interpreter abuse | Misuse of code execution capabilities. |
13551356
13561357
Requires a Cloudflare Enterprise plan. You must also enable [AI Security for Apps](/waf/detections/ai-security-for-apps/).
13571358
example_block: |-
1358-
# Matches requests where an unsafe topic categorized as "S2" (Non-Violent Crimes) or "S10" (Hate) was detected in the LLM prompt:
1359+
# Matches requests where an unsafe topic categorized as "S2" (Non-violent crimes) or "S10" (Hate) was detected in the LLM prompt:
13591360
(cf.llm.prompt.unsafe_topic_detected and any(cf.llm.prompt.unsafe_topic_categories[*] in {"S2" "S10"}))
13601361
13611362
- name: cf.llm.prompt.injection_score

0 commit comments

Comments
 (0)