Cloudflare

Cloudflare AI Capabilities

July 2026

What You Can Do with Cloudflare for AI

Build
  • Run inference on Cloudflare's global GPU network
  • Manage cost, caching, and observability across every LLM provider
  • Store and retrieve vectors for RAG applications
  • Build fully managed RAG pipelines without custom code
  • Deploy stateful AI agents with persistent memory and scheduled execution
  • Host MCP servers on Workers to expose your tools and APIs to agents
Secure
  • Gate MCP server access with identity verification, MFA, and a full audit log of every tool call an agent makes
  • Govern how employees use AI tools and what data leaves through them
  • Block prompt injection and jailbreak attempts before they reach your app
  • Scan prompts and responses bi-directionally for sensitive data
  • Set spend limits to prevent runaway LLM billing

Use Cases

Use Case 01

Teams building AI features into products who need low-latency inference globally

Workers AIAI Gateway

Companies embedding AI features — real-time personalization, content moderation, recommendation engines — into their products face latency and cost pressure when inference routes to centralized GPU regions. Workers AI runs serverless GPU inference across 337+ cities, executing at the location nearest the user. No cold starts. No idle billing. No capacity planning. You call a model via API; Cloudflare handles everything else.

Supported models include Llama 3, Mistral, Whisper (speech-to-text), Stable Diffusion XL, and embedding models. Full catalog linked below.

Workers AI docs  |  Model catalog

Use Case 02

Teams running multiple LLM providers who've lost control of spend and visibility

AI Gateway

AI Gateway is a forward proxy between your application and any LLM provider — OpenAI, Anthropic, Google AI Studio, AWS Bedrock, Hugging Face, Workers AI, and others. Change one line (the API base URL) and every model call passes through Cloudflare. All capabilities apply automatically.

CapabilityWhat It Does
Spend LimitsDollar-based budgets tracking actual cost, not request count. Scope by model, provider, user ID, or team. When the limit hits, AI Gateway returns a 429 and stops requests until the window resets.
CachingIdentical prompts return cached responses immediately — no model call, no token spend. Typically reduces token spend 20–40% on enterprise Q&A workloads.
Rate LimitingCap request volume independently from dollar spend. Prevents traffic spikes from triggering unexpected costs.
Fallback RoutingIf OpenAI is unavailable or rate-limited, automatically route to Anthropic or another configured provider. No code change required.
ObservabilityEvery request logs: model, provider, token count, latency, cost, errors. Cost analytics by model, provider, team, or custom tag.
Unified BillingOpenAI, Anthropic, Google, and other providers on one Cloudflare bill. No separate provider API key management.
Coding AgentsClaude Code, GitHub Copilot CLI, OpenAI Codex routed through AI Gateway — every call observable, cacheable, rate-limited, and DLP-scanned with no change to developer workflow.

AI Gateway docs  |  Spend limits

Use Case 03

Teams building knowledge-intensive products who need a RAG pipeline without the engineering burden

AutoRAGVectorizeWorkers AI

Building retrieval-augmented generation from scratch means connecting ingestion → chunking → embedding → vector storage → retrieval → prompt construction. That's weeks of engineering before a single query runs.

AutoRAG is a fully managed RAG pipeline. Point it at an R2 bucket containing your documents. It handles chunking, embedding generation via Workers AI, indexing into Vectorize, retrieval, and response generation. The result is a query API — ask a question, get a grounded answer with source citations.

Vectorize is the vector database underneath, running natively within Cloudflare's network inside a Worker — no external database host, no egress fees, no third-party round-trip.

Fits: Developer documentation Q&A, internal knowledge bases, customer support grounding, enterprise search, contract retrieval.

AutoRAG docs  |  Vectorize docs

Use Case 04

Teams building autonomous agents that need persistent state, long-running tasks, and tool access

Agents SDKDurable Objects

Most AI agent frameworks assume stateless execution. Real agents need memory across sessions, the ability to run tasks in the background, and the ability to wake up and act at a future time without polling infrastructure.

Agents SDK is Cloudflare's framework for building agents with persistent state. Each agent session has a durable identity, local SQL storage, live WebSocket connections, and scheduled execution. Agents connect to chat, email, voice, Slack, and webhooks out of the box.

Durable Objects is the execution layer underneath — a persistent, single-threaded context with its own SQLite database per agent. State doesn't need to be externalized or reconstructed between requests.

Hibernation means agents sleep when idle with no compute charge. When a message arrives, the agent wakes automatically. No polling required. Available on all plans including free.

Tools available to agents: Browser, Sandbox, AI Search, MCP client, Payments, and any MCP server you connect.

Agents SDK docs

Use Case 05

Teams who need to govern what AI agents can do when they call internal tools

MCP Server PortalsCloudflare Access

Model Context Protocol (MCP) is the open standard for how AI agents connect to external tools — internal APIs, databases, SaaS products, code repositories. Without access controls, an agent handed a set of MCP tools has unconstrained access to everything those tools expose.

MCP Server Portals (part of Cloudflare Access / Zero Trust) puts identity-based access controls in front of every tool call an agent makes:

Cloudflare also runs managed MCP servers covering 2,500+ Cloudflare API endpoints — accessible via two tools, consuming ~1,000 tokens regardless of API surface size (vs. 1.17M tokens for a naive implementation). Available in open beta, all plans.

MCP Server Portals docs

Use Case 06

Security teams who need to govern how employees use AI tools — and what data leaves through them

Zero Trust GatewayDLPBrowser Isolation

Shadow AI adoption is accelerating. BCG found a 3x increase in shadow AI tool usage among financial services employees year-over-year. Ungoverned AI tool access cascades into real data exposure.

Cloudflare's Zero Trust Gateway policies give security teams precise control without blanket bans. A working policy set deployable in about 10 minutes:

  1. Block prohibited AI tools by policy (e.g., DeepSeek blocked by name)
  2. Redirect all other AI tools to the corporate-approved tool (e.g., Google Gemini)
  3. Isolate the approved tool — Browser Isolation disables clipboard paste and file uploads in the approved AI session
  4. DLP block on custom data patterns — block prompts containing employee ID formats, source code, or financial data
  5. AI Prompt Logging — capture the content of prompts containing sensitive data for audit and investigation

Gateway natively recognizes Google Gemini, ChatGPT, Claude, and Perplexity as distinct AI applications — applying topic classification to prompts and enforcing policy per application, not per category.

DLP docs

Use Case 07

Teams whose AI-powered applications are being attacked with prompt injection and jailbreak attempts

AI Security for Apps

Prompt injection, jailbreak attempts, and PII extraction attacks targeting AI applications are different from traditional web attacks. The payload is natural language. Standard WAF rules don't catch it.

AI Security for Apps (Firewall for AI) runs on Cloudflare's WAF in front of AI-powered applications, scoring every inbound request for LLM-specific threats before it reaches the application server.

FieldWhat It Detects
cf.llm.prompt.injection_scorePrompt injection likelihood. Score 1–99; lower = higher likelihood of attack. Score of 100 = not scored by Cloudflare.
FirewallForAIPIICategoriesCategories of PII detected in the request
FirewallForAIUnsafeTopicCategoriesUnsafe or out-of-policy content categories
FirewallForAITokenCountToken count of the request

These fields are available in Firewall Events, HTTP Requests Logpush, and Security Analytics. You write rules that act on scores — block, challenge, log, or rate-limit. You set the threshold. Requires Enterprise plan.

AI Security for Apps docs

Use Case 08

Teams who need to prevent sensitive data from appearing in LLM responses

AI GatewayDLP

AI Gateway bi-directional DLP scans both sides of the model conversation:

No separate TLS decryption or HTTP filtering pipeline required. Attach DLP profiles to your AI Gateway — applies automatically to all traffic through that gateway.

AI Gateway DLP docs

Architecture

Cloudflare AI Security Architecture CLOUDFLARE SECURITY AI PROTECTION End Users LLM Provider (OpenAI, Anthropic, etc.) AI Security for Apps (Edge WAF) Reverse Proxy Inbound Scanning AI Agent (Customer Application) AI Gateway (Bi-Directional DLP) Forward Proxy Prompt + Response Scanning Blocks malicious prompts: Prompt Injection, PII Detection, unsafe content filtering Prevents data leakage: DLP, prevent sensitive credentials in responses Agent Access MCP Server Portal (Zero Trust / Cloudflare Access) Identity + Access Policies + MFA Tool Curation + DLP via Gateway Governs agent tool access with full audit trail MCP Servers (Internal Systems, SaaS Tools, Databases, Repos, APIs) LEGEND Cloudflare AI Security Cloudflare Zero Trust Customer Application External Services
ProductDocumentation
Workers AIdevelopers.cloudflare.com/workers-ai
Workers AI Model Catalogdevelopers.cloudflare.com/workers-ai/models
AI Gatewaydevelopers.cloudflare.com/ai-gateway
AI Gateway Spend Limitsdevelopers.cloudflare.com/ai-gateway/features/spend-limits
AI Gateway DLPdevelopers.cloudflare.com/ai-gateway/features/dlp
Vectorizedevelopers.cloudflare.com/vectorize
AutoRAG / AI Searchdevelopers.cloudflare.com/ai-search
Agents SDKdevelopers.cloudflare.com/agents
Durable Objectsdevelopers.cloudflare.com/durable-objects
MCP Server Portalsdevelopers.cloudflare.com/cloudflare-one/access-controls/ai-controls/mcp-portals
Cloudflare-Managed MCP Serversdevelopers.cloudflare.com/agents/model-context-protocol/cloudflare/servers-for-cloudflare
AI Security for Appsdevelopers.cloudflare.com/waf/detections/ai-security-for-apps
DLP for AIdevelopers.cloudflare.com/cloudflare-one/data-loss-prevention
Cloudflare for AI (overview)cloudflare.com/ai

Network Scale

337+cities, 125+ countries
500 Tbpsnetwork capacity
210+GPU inference locations
<50msP95 latency to 95% of internet users
93MHTTP requests/second (avg)
80%of top 50 gen AI companies on Cloudflare