Cloudflare Client-Side Security: smarter detection, now open to everyone
We are opening our advanced Client-Side Security tools to all users, featuring a new cascading AI detection system. By combining graph neural networks and LLMs, we've reduced false positives by up to 200x while catching sophisticated zero-day exploits.
Cloudflare has announced a significant update to its Client-Side Security tools, making advanced features available to all users and introducing a new AI detection system designed to identify malicious JavaScript with minimal false positives. This move follows Cloudflare's commitment to providing powerful security solutions without requiring a sales engagement, ensuring that everyone can benefit from these tools.
Client-Side Security has long been a critical component of Cloudflare's mission to protect users from sophisticated attacks, such as browser-side skimming. These attacks are particularly insidious because they can steal data without disrupting the user experience. For example, in January 2026, Sansec reported a browser-side keylogger targeting an employee merchandise store for a major U.S. bank, harvesting personal data, login credentials, and credit card information. Similarly, in September 2025, attackers published malicious releases of widely used npm packages. If these packages were bundled into front-end code, end users could be exposed to crypto-stealing in the browser.
To address these threats, Cloudflare has developed a new cascading AI detection system that combines graph neural networks and large language models (LLMs). This system has significantly reduced false positives by up to 200x while effectively catching sophisticated zero-day exploits. The updated Client-Side Security Advanced, formerly known as the Page Shield add-on, is now available to self-serve customers, and domain-based threat intelligence is complimentary for all customers on the free Client-Side Security bundle.
Cloudflare Client-Side Security works by assessing 3.5 billion scripts per day, protecting an average of 2,200 scripts per enterprise zone. The tool collects signals using browser reporting, such as Content Security Policy, ensuring that users do not need scanners or app instrumentation to get started. This approach also guarantees zero latency impact on web applications, provided that traffic is proxied through Cloudflare.
The new AI detection system in Client-Side Security Advanced provides immediate access to powerful security features. By leveraging advanced machine learning techniques, the system can identify malicious JavaScript with high accuracy, minimizing false alarms and ensuring that legitimate scripts are not blocked unnecessarily. This development represents a significant step forward in the fight against browser-side attacks, as it allows organizations to better protect their users and sensitive data.
In addition to the technical advancements, Cloudflare's decision to make these tools widely available aligns with its goal of building a better Internet. By removing barriers to access and ensuring that powerful security features are available to everyone, Cloudflare is helping to create a more secure digital landscape for all users.
In conclusion, Cloudflare's announcement of opening its advanced Client-Side Security tools to all users, along with the introduction of a new AI detection system, marks a significant milestone in the fight against browser-side attacks. With reduced false positives and enhanced detection capabilities, organizations can better protect their users from sophisticated threats. As Cloudflare continues to prioritize accessibility and affordability in its security offerings, this update underscores the company's commitment to a safer and more secure Internet for everyone.
