Cloudflare
Cloudflare

AI-Powered Operations

Secured by Cloudflare

ACME Corp  ·  AI Demo Track  ·  2026

ACME Corp — Who They Are

The Organisation

~600

employees  ·  60% remote

Industry: Financial Services

Revenue: ~$280M ARR

Locations: Chicago (HQ), Dallas, Sydney, London, Singapore

Regulated by: APRA (CPS 234)

AI Tools in Use Today

M365 Copilot — 22 pilot licences (IT-approved)

GitHub Copilot Enterprise — engineering team (IT-approved)

ChatGPT (personal) — 31 employees (not approved)

Gemini, Perplexity — 16 employees (not approved)

Key AI Concerns

  • No visibility into what employees submit to AI tools
  • Client financial data potentially in personal AI sessions
  • No audit trail for APRA CP 009-2026 compliance
  • Board asking hard questions after phishing incident
  • M365 Copilot summarised a board pack containing M&A discussions

Sponsors

David Kim (CTO)  ·  Sarah Chen (CISO)

AI Is Already In Your Organisation

The uncontrolled reality

  • 47 ACME employees using personal AI tools — no policy, no visibility
  • Client portfolio summary uploaded to personal ChatGPT by Finance
  • Board pack — including M&A discussions — summarised in M365 Copilot
  • C2 domain active 6 days before phishing attack — DNS had no way to block it
  • Zero APRA-ready audit trail of any AI interaction

Risk: AI is already operating — without controls, without accountability.

The controlled alternative

  • AI agent reads emails, calendars, and docs — prepares your team in seconds
  • Maps security incidents to Cloudflare controls in real time
  • Generates board decks from live incident data
  • Blocks unapproved AI domains. Enterprise platforms (M365, Google) restricted to company accounts via tenant restrictions
  • Every prompt logged. Every action auditable. APRA-ready.

Cloudflare: The AI is doing real work. We make sure it's doing it safely.

This demo runs on a real AI agent — and every action it takes is secured by Cloudflare in real time. The demo is the proof point.

ACME Corp — What the AI Scan Found

HIGH

AI-001 — ChatGPT

Who: Finance team member

What: Q1 Client Portfolio Summary (47 pages, CONFIDENTIAL)

Uploaded to: Personal ChatGPT account

Risk: 4,200 client holdings exposed. APRA reportable.

HIGH

AI-002 — Copilot

Who: VP IT (Tom Walsh)

What: Board pack for May 22 meeting

Used: M365 Copilot to summarise

Risk: M&A discussions, exec compensation — price-sensitive.

MED

AI-003 — Shadow AI

Who: 47 employees

Tools: ChatGPT (personal), Gemini, Perplexity

Using for: Document summarisation, drafting, analysis

Risk: Unknown data exposure. No audit trail.

APRA is requesting AI governance evidence under CP 009-2026. The board has been notified. David Kim (CTO) needs a solution before June 12.

Live Demonstration

Six AI Scenarios

Each powered by AI. Each secured by Cloudflare.

Architecture

Platform Architecture — How Every Component Connects

CLOUDFLARE PLATFORM · AI GATEWAY (DLP · LOGS · CACHE) · ZERO TRUST ACCESS Browser / Client Magic link sign-in Session cookie or: MCP client (Claude Desktop, etc.) Cloudflare Workers ai.cfclarke.dpdns.org · workers.dev Magic link auth · KV session store LLM routing · Shared secret validation MCP tool orchestration via service binding Streams response to browser AI Gateway my-ai-demo DLP: Financial Info → Block Request + Response scanned Every prompt logged Rate limits · Cache cfut_ token auth 424 on DLP block LLMs Workers AI — no key needed Kimi K2.5 (default) · Llama 3.3 70B Optional — enterprise API keys GPT-4o · Claude Sonnet · Gemini Flash All traffic routed through AI Gateway above Perplexity + others supported (future) service binding MCP Portal mcp.cfclarke.dpdns.org CF Access (Google SSO) Tool curation · Code Mode Audit logs · Governance 94% token reduction in Code Mode 1 CF Access OAuth 2 MCP Worker 12 tools · Durable Objects Google OAuth refresh token IMAP TCP sockets (port 993) Internal execute endpoint /tool/* → 404 (blocked public) 3 Google Workspace APIs + IMAP Gmail Calendar Drive Docs Slides Draft/Send Create Events Create Doc / Slides Personal Email — IMAP over TCP (cloudflare:sockets) clarke-systems.com (mail4.mxs.net.au:993) Search · Read emails User / Client Cloudflare Workers AI Gateway (key control point) External Services / APIs Zero Trust Portal HTTP / HTTPS Service binding (internal)
1

Instant Account Intelligence

The Challenge

45 minutes manually reading 4 email threads, calendar events, and call notes before every customer call

Context scattered — Gmail, calendar, Excalidraw diagrams, Google Docs. No consolidated view.

Critical detail missed: Sarah's DDoS email mentions the $28K scrubbing bill — buried in thread 3

The Cloudflare Outcome

Speed: 45 minutes → 30 seconds. Every stakeholder, open question, and talking point surfaced automatically.

Security: Cloudflare DLP watches all ACME data flowing through the AI. Access ensures only authenticated users reach AI tools.

Audit: Every read, every synthesis, every output — logged in AI Gateway. Full record. APRA-ready.

Access AI Gateway DLP
2

Phishing Killed at Every Layer

What Happened

AiTM proxy defeated Microsoft Authenticator MFA — credentials harvested, session hijacked

3 accounts compromised, 4,200 Salesforce records exfiltrated, lateral movement attempted

C2 domain active in threat intel for 6 days — on-prem DNS had no way to act on it

Five Controls. Kill Chain Broken.

Email Security — typosquat domain caught before delivery

Browser Isolation — phishing page rendered remotely; credentials never reach the device

WARP + Device Posture — session anomaly detected; access denied before lateral movement

Gateway DNS — C2 domain blocked at resolution, Day 1. Before a packet leaves.

Email Security Browser Isolation WARP Gateway DNS Access
3

Security Architecture — Built from an Email

The Challenge

Architecture diagrams take hours — Visio, Lucidchart, or whiteboard sessions with multiple engineers

Marcus Rodriguez sent 5 detailed technical questions about ACME's environment. Each answer needs a diagram.

Current state diagram is 8 months out of date. No one owns it.

The Cloudflare Outcome

Speed: Agent reads Marcus's email and generates a before/after architecture diagram. Subnet 10.44.0.0/16, PA-5220, VPN gaps — all extracted automatically.

Accuracy: The proposed architecture is verified against Cloudflare documentation before being committed to the diagram.

Security: Diagram tools (Excalidraw, Drive) are behind Cloudflare Access. The AI can only reach what you authorise.

Access AI Gateway Gateway DNS
4

PoC Planning — Minutes, Not a Morning

The Challenge

PoC scoping is a half-day exercise — success criteria, test plans, prerequisites, rollback procedures

Marcus raised 5 specific technical concerns: split tunnel for 10.44.0.0/16, DoH bypass, Splunk integration, AnyConnect coexistence, SAML app registration

If they're not in the PoC doc, they become surprises on Day 1

The Cloudflare Outcome

Complete: Success criteria, 2-week sprint, stakeholder sign-off matrix, rollback plan — all generated from ACME's own discovery notes.

Precise: "Core banking app on 10.44.0.0/16 accessible via ZTNA without VPN" — extracted directly from Marcus's email. Not invented.

Protected: AI Gateway prompt injection detection — if Marcus's email contained hidden instructions, they're caught before reaching the model.

Access (ZTNA) Gateway AI Gateway Logpush → Splunk
5

Board Deck Built and Securely Delivered

The Challenge

Sarah Chen needs a board-ready security narrative by May 22 — DDoS incident, phishing response, proposed architecture, ROI case

Building a polished, accurate board deck from scratch takes a skilled person 2–3 days

Sharing via Google Drive — no access control. Anyone with the link can view sensitive security content.

The Cloudflare Outcome

Built: Board-ready presentation from ACME's own incident data — $140K DDoS loss, $28K scrubbing eliminated, phased security roadmap. Minutes, not days.

Delivered securely: Deployed on Cloudflare Workers. Magic link issued — only sarah.chen@acmecorp.com can open it. Expiring. No shared links.

Logged: Every prompt used to build the deck is recorded in AI Gateway. Complete record of what went in and what came out.

Workers Access Magic Links AI Gateway
6

Shadow AI — Two Layers of Control

The Discovery

47 employees using personal AI tools — ChatGPT, Gemini, Perplexity via browser

Client portfolio in ChatGPT. Board pack in M365 Copilot. API keys in GitHub Copilot.

APRA requesting AI governance evidence under CP 009-2026. No audit trail exists.

Layer 1 — Browser AI Control

For employees browsing to ChatGPT, Gemini, Perplexity

Gateway DNS — logs every AI domain lookup. Block or allow by category, Day 1.

Gateway HTTP — AI domains blocked by category (SNI inspection). Enterprise platforms enforce tenant restrictions — company accounts pass, personal accounts denied.

DLP — CONFIDENTIAL files and financial data blocked from all AI web destinations.

Gateway DNS Gateway HTTP DLP

Layer 2 — API AI Control

For enterprise apps, Copilot, and AI agents making API calls

AI Gateway — every prompt logged: user, model, timestamp. Prompt injection detected. Rate limits enforced.

APRA audit trail — per-prompt log with full context. Exportable. Board-ready. CP 009-2026 compliant.

This demo — OpenCode is making API calls to Claude through AI Gateway right now.

AI Gateway Logpush

The Result

AI You Can Trust

Productive, auditable, and policy-controlled

Before & After — AI Track

45 min30 secMeeting prep time
UndetectedBlockedShadow AI exposure
NoneCompleteAPRA AI audit trail
3 accounts0 compromisedPhishing outcome

AI Gateway

Every LLM API call logged, rate-limited, and auditable. Prompt injection detection active.

DLP + Gateway

Financial data, PII, CONFIDENTIAL files blocked from all AI endpoints. Personal AI tools blocked at DNS.

Logpush → Splunk

Complete AI interaction audit trail streamed to Splunk. APRA CP 009-2026 evidence. Board-ready.

Two Layers of AI Control

Layer 1 — Browser AI & Web Control

Employees browsing to ChatGPT, Gemini, Perplexity

  • Gateway DNS — visibility and blocking of AI domains, Day 1
  • Gateway HTTP — block AI domains by category; tenant restrictions on M365/Google enforce company-account-only access
  • DLP — intercept CONFIDENTIAL data before it reaches any AI website

Layer 2 — API-Level AI Control

Enterprise apps, Copilot integrations, AI agents making API calls

  • AI Gateway — every API call proxied: prompt logged, injection detected, rate-limited
  • Access — Zero Trust auth on every AI tool and MCP connection
  • Logpush → Splunk — full per-prompt audit trail, APRA CP 009-2026 ready

"The question isn't whether your teams will use AI. They already are.

The question is whether you're in control — and whether you can prove that to your board and regulator."

The meta-narrative

This AI agent is itself secured by Cloudflare right now. Every prompt logged. Every tool access gated. Every output auditable. You're watching it live.

Cloudflare One

AI that works. AI you can trust.

Immediate

Deploy AI Gateway in front of your approved AI tools — visibility in under an hour

June 5

AI Security Strategy Briefing — David Kim, Sarah Chen, board prep

Board — June 12

Present APRA CP 009-2026 compliance plan — AI Gateway audit trail as evidence

Download PDF