Cloudflare has unveiled a novel tool to help organisations assess the safety and trustworthiness of third-party AI tools. Dubbed the Cloudflare Application Confidence Score, this metric provides transparent, structured evaluations of both general SaaS applications and generative AI services. As part of Cloudflare One’s AI‑Security Posture Management suite, it equips security, IT, legal and governance teams with objective insights for policy decisions.
The initiative aims to address the growing concerns of “Shadow IT” and its AI counterpart, where employees adopt unauthorised SaaS or Gen AI tools that could compromise data security or compliance. By automating evaluation across objective, publicly documented criteria—rather than opaque algorithms—Cloudflare helps teams manage risk without stifling innovation.
The scoring system comprises two separate yet complementary metrics, each rated on a scale from 1 to 5. The Application Confidence Score gauges general SaaS maturity via factors such as compliance standards, data retention transparency, third‑party sharing policies, security controls, incident disclosure, and financial stability. The Gen‑AI Confidence Score zeroes in on AI‑specific risks—including ISO 42001 compliance, secure deployment models, availability of model cards, and whether systems train on user prompts, with user opt‑in or opt‑out options factored in.
Examples illustrate stark differences across subscription tiers. Enterprise versions of popular services such as ChatGPT earn higher scores—thanks to default training disabling, stronger controls and better documentation—whereas free tiers lag behind. Similar patterns emerge in offerings from Anthropic and Gemini.
Cloudflare has also enhanced its Cloud Access Security Broker with real‑time integrations into ChatGPT Enterprise, Anthropic’s Claude, and Google Gemini. This enables security teams to monitor misconfigurations, data leakage, compliance issues and prompt-level risks—without complex technical setups.
Looking ahead, Cloudflare intends to make confidence scores accessible across customer tiers—even offering them for free via its Application Library to non‑customers with a free account. Integrations into Gateway and Access will allow automated policy enforcement based on score thresholds, enabling actions like blocking, data loss prevention or remote browser isolation.
Cloudflare says the scoring methodology remains a work in progress: refined via collaboration with AI researchers, legal professionals, SOC teams and other experts, in a bid to bolster transparency, accountability and extensibility. Vendors are invited to dispute or supplement scoring details by submitting documentation for reassessment.
Follow Arabian Post
Select Arabian Post as your preferred source on Google and MSN News for trusted business news and Arab politics and updates.
