Cloudflare is democratizing web security by providing its advanced client-side protection tools to all users, moving beyond its traditional enterprise-only model. This shift addresses the rising threat of "skimming" attacks—silent malicious scripts that steal sensitive data during checkouts without disrupting the user experience. By making these features accessible, Cloudflare aims to protect smaller businesses that often lack the specialized resources to defend against sophisticated browser-based threats.

At the heart of this update is a sophisticated two-stage AI detection system designed to handle the massive scale of 3.5 billion daily script assessments. The first layer uses a Graph Neural Network (GNN) to analyze the structural logic of JavaScript code through its Abstract Syntax Tree (AST), which represents code as a branching diagram. While the GNN is highly effective at catching novel threats, its broad reach can sometimes flag legitimate code as suspicious. To solve this, Cloudflare introduces a second opinion from an open-source Large Language Model (LLM) hosted on its edge network.

This cascading architecture leverages the LLM's deep semantic understanding to filter out "false positives"—instances where safe code looks like an attack. The results are striking: false alarms for unique scripts plummeted by 200 times. This precision allows the system to catch zero-day exploits, such as a recent attack targeting home routers, which traditional security signatures would have missed. By combining structural analysis with semantic reasoning, Cloudflare provides a robust shield that evolves alongside increasingly complex web threats.

Cloudflare is democratizing web security by providing its advanced client-side protection tools to all users, moving beyond its traditional enterprise-only model. This shift addresses the rising threat of "skimming" attacks—silent malicious scripts that steal sensitive data during checkouts without disrupting the user experience. By making these features accessible, Cloudflare aims to protect smaller businesses that often lack the specialized resources to defend against sophisticated browser-based threats.

At the heart of this update is a sophisticated two-stage AI detection system designed to handle the massive scale of 3.5 billion daily script assessments. The first layer uses a Graph Neural Network (GNN) to analyze the structural logic of JavaScript code through its Abstract Syntax Tree (AST), which represents code as a branching diagram. While the GNN is highly effective at catching novel threats, its broad reach can sometimes flag legitimate code as suspicious. To solve this, Cloudflare introduces a second opinion from an open-source Large Language Model (LLM) hosted on its edge network.

This cascading architecture leverages the LLM's deep semantic understanding to filter out "false positives"—instances where safe code looks like an attack. The results are striking: false alarms for unique scripts plummeted by 200 times. This precision allows the system to catch zero-day exploits, such as a recent attack targeting home routers, which traditional security signatures would have missed. By combining structural analysis with semantic reasoning, Cloudflare provides a robust shield that evolves alongside increasingly complex web threats.