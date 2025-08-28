DUBAI, UAE: Cloudflare today unveiled the Cloudflare Application Confidence Score, a pioneering, transparent metric designed to help organizations assess SaaS and Generative AI (Gen AI) applications at scale. Scores will soon be available as part of the company’s new suite of AI Security Posture Management (AI-SPM) features in the Cloudflare One SASE platform, enabling IT and Security administrators to identify confidence levels associated with third-party SaaS and AI applications, and ultimately write policies informed by those confidence scores.

The availability of SaaS and Gen AI applications is transforming how businesses operate, boosting collaboration and productivity across teams. However, with increased productivity comes increased risk, as employees turn to unapproved SaaS and Gen AI applications, often dumping sensitive data into them for quick productivity wins.

The prevalence of “Shadow IT” and “Shadow AI” creates multiple problems for security, IT, GRC and legal teams. For example:

Gen AI applications may train their models on user inputs, which could expose proprietary corporate information to third parties, competitors, or even through clever attacks like prompt injection.

Applications may retain user data for long periods, share data with third parties, have lax security practices, suffer a data breach, or even go bankrupt, leaving sensitive data exposed to the highest bidder.

Gen AI applications may produce outputs that are biased, unsafe or incorrect, leading to compliance violations or bad business decisions.

In spite of these problems, blanket bans of Gen AI don't work. They stifle innovation and push employee usage underground. Instead, organizations need smarter controls.

Security, IT, legal and GRC teams therefore face a difficult challenge: how can they appropriately assess each third-party application, without auditing and crafting individual policies for every single one of them that employees might decide to interact with? And with the rate at which they’re proliferating — how could they possibly hope to keep abreast of them all?

Cloudflare Application Confidence Score is a transparent, understandable, and accountable metric that measures app safety, security, and data protection. It’s designed to give Security, IT, legal and GRC teams a rapid way of assessing the rapidly burgeoning space of AI applications.

Scores are not based on vibes or black-box “learning algorithms” or “artificial intelligence engines”. Instead, scores will be computed against an objective rubric that will be publicly maintained and kept up to date in the Cloudflare developer docs.

As AI applications emerge at an unprecedented pace, the problem of "Shadow AI" intensifies traditional risks associated with Shadow IT. Shadow IT applications create risk when they retain user data for long periods, have lax security practices, are financially unstable, or widely share data with third parties. Meanwhile, AI tools create new risks when they retain and train on user prompts, or generate responses that are biased, toxic, inaccurate or unsafe. To separate out these different risks, Cloudflare provides two different Scores:

Application Confidence Score (5 points) covers general SaaS maturity, and

Gen-AI Confidence Score (5 points) focused on Gen AI-specific risks.

The company chose to focus on two separate areas to make its metric extensible (so that, in the future, Cloudflare can apply it to applications that are not focused on Gen AI) and to make the Scores easier to understand and reason about.

Cloudflare is actively refining its scoring methodology. To that end, the company is collaborating with a diverse group of experts in the AI ecosystem (including researchers, legal professionals, SOC teams, and more) to fine-tune its scores and optimize for transparency, accountability and extensibility.

By prioritizing transparency in its approach, Cloudflare is not only bridging a critical gap in SASE capabilities but also driving the industry toward stronger AI safety practices.

Comprehensive information about the new Cloudflare Application Confidence Score can be found at this blog.

