๐ก๏ธCloudflare BlogโขStalecollected in 9h
Cloudy LLM Boosts Security Decisions
๐กLLM explanations in Cloudflare security โ boost SOC efficiency for AI ops
โก 30-Second TL;DR
What Changed
Cloudy is LLM-powered explanation layer
Why It Matters
SOC teams gain faster, clearer insights from AI explanations, reducing alert fatigue in complex security ops. AI practitioners can leverage this for secure AI app deployments.
What To Do Next
Activate Cloudy in Cloudflare One to get LLM explanations for Phishnet alerts in your pipeline.
Who should care:Enterprise & Security Teams
๐ง Deep Insight
Web-grounded analysis with 10 cited sources.
๐ Enhanced Key Takeaways
- โขCloudy is powered by Cloudflare Workers AI, using publicly available LLMs with purpose-built prompts enriched by policy data, product documentation, and translated list datasets for accurate summaries and recommendations.[1][2]
- โขCloudy respects RBAC permissions, accesses only the logged-in user's configuration data without training on customer data, and maintains enterprise-grade security as per Cloudflare's responsible AI practices.[2]
- โขCloudy has been integrated into security analytics for conversational threat investigations, analyzing global network threats like APTs, DDoS, and WAF exploits to provide IOC context and MITRE ATT&CK mappings.[3]
๐ ๏ธ Technical Deep Dive
- โขBuilt on Workers AI using publicly-available LLMs; processes policy/rule data via purpose-built prompts including raw configurations, product documentation, enriched datasets (e.g., ID-to-text translation for lists), and specified output formats.[1]
- โขImplements Retrieval-Augmented Generation (RAG) in email security to ground responses in detection datasets, reducing hallucinations; adds context on internal models like Churchmouse sentiment scoring.[7]
- โขCombines configuration data with RBAC restrictions; no customer data used for training, only for prompts; supports threat analysis without sharing data across customers.[2][3]
๐ฎ Future ImplicationsAI analysis grounded in cited sources
Cloudy expansions will reduce SOC investigation times by automating threat pivoting across global telemetry
Integration with security analytics enables conversational queries on vast real-time threat data, cutting through noise for faster IOC prioritization and response.[3]
Edge-deployed AI like Cloudy will lower latency for real-time security decisions
Workers AI leverages Cloudflare's edge network for inferencing close to users, outperforming centralized processing for performance-critical tasks.[5]
โณ Timeline
2024-10
Introduced Cloudy as Cloudflare's first AI agent for simplifying configurations using Workers AI.[1][10]
2025-01
Extended Cloudy to log explainers in Cloudflare Gateway, loaded over 30,000 times monthly.[3]
2025-02
Integrated Cloudy into Email Security for automated detection summaries with RAG safeguards.[7]
2026-02
Announced Cloudy-driven email security summaries beta for SOC efficiency.[7]
2026-03
Integrated Cloudy with Phishnet and API CASB in Cloudflare One for actionable security insights.[article]
๐ Sources (10)
Factual claims are grounded in the sources below. Forward-looking analysis is AI-generated interpretation.
- blog.cloudflare.com โ Introducing AI Agent
- developers.cloudflare.com โ Cloudy AI Agent
- blog.cloudflare.com โ Automating Threat Analysis and Response with Cloudy
- blog.cloudflare.com โ Email Security Phishing Gap LLM
- softwareanalyst.substack.com โ Acts of Cloudflare an Evolution Toward
- blog.cloudflare.com โ Radar Origin Pq Key Transparency Aspa
- blog.cloudflare.com โ Cloudy Driven Email Security Summaries
- cloudflare.com โ What Is Large Language Model
- cloudflare.com โ How to Secure Training Data Against AI Data Leaks
- cloudflare.tv โ Mg6yrmzl
๐ฐ
Weekly AI Recap
Read this week's curated digest of top AI events โ
๐Related Updates
AI-curated news aggregator. All content rights belong to original publishers.
Original source: Cloudflare Blog โ