Cloudflare recently announced a new capability called Firewall for AI in its Web Application Firewall (WAF) offering. The capability adds a new layer of protection that will identify abuse and attacks before they reach and tamper with Large Language Models (LLMs).
The Firewall for AI capability consists of tools that can be deployed in front of applications to identify vulnerabilities and provide visibility to model owners. In addition, it includes existing WAF features like rate limitation and sensitive data detection, as well as a new protection layer currently in development. This layer scrutinizes the prompt submitted by the end user to detect any attempts to exploit the model, extract data, or engage in other abusive actions.
With the Firewall for AI-enabled, security teams can detect rapid threats by deploying it before any LLMs on Cloudflare's Workers AI offering. This positioning ensures minimal latency as LLMs run close to enterprise customers on Cloudflare's global network. By scanning user prompts for exploitation attempts, the firewall can automatically block threats without human intervention, defending against prompt injection attacks and other vectors. Cloudflare customers running LLMs on Workers can utilize this capability for free to safeguard against evolving security concerns.
Overview of the Firewall for AI capability (Source: Cloudflare blog post)
A solution like Cloudflare can be helpful since the emergence of advanced AI, such as OpenAI's ChatGPT. This has increased the sophistication of attackers attempting to deceive users into revealing sensitive information via email or messages. Previously, such scams were often unconvincing due to noticeable errors in grammar or design. However, AI now enables attackers to personalize their messages, making them more convincing and increasing the likelihood of users surrendering passwords or sensitive data.
Daniele Molteni, group product manager at Cloudflare, concluded in a blog post:
Cloudflare is one of the first security providers launching a set of tools to secure AI applications. Using Firewall for AI, customers can control what prompts and requests reach their language models, reducing the risk of abuses and data exfiltration.
In addition, Matthew Prince, co-founder & CEO at Cloudflare, said in a press release:
With Cloudflare’s Firewall for AI, we are helping build security into the AI landscape from the start. We will provide one of the first-ever shields for AI models that will allow businesses to take advantage of the opportunity that the technology unlocks, while ensuring they are protected.
Yet, Buchi Reddy B, CEO & co-founder of LevoIncHQ, tweeted:
While there is space for such solutions, the root cause must be addressed.
Similar things are happening with API security. An API WAF solution would promise they'll block the issues, not addressing the root cause.
So, may be necessary but not sufficient IMO.