Cloudflare opens client-side security to all

2026-04-06 WEB-HOSTING

Cloudflare announced that its advanced Client-Side Security tools are now open to self-serve customers, alongside complimentary domain-based threat intelligence for the free bundle. The company says its detection pipeline combines graph neural networks and LLMs to catch malicious JavaScript while cutting false positives dramatically. The post matters because browser-side attacks can steal data without breaking the page. Cloudflare is positioning AI-assisted detection as a practical defense against skimming attacks, supply-chain abuse, and malicious scripts hidden in front-end code.

Key Updates

Cloudflare made Client-Side Security Advanced self-serve and expanded domain-based intelligence for all users. The system uses a cascading model where a graph neural network handles first-pass detection and an LLM helps triage suspicious scripts. Cloudflare says this improves malicious-script detection while reducing false positives by up to 200x.

What Developers Need to Know

This release is important for teams that ship web apps with complex third-party script dependencies. It lowers the barrier to getting browser-side protection without a sales motion or heavy instrumentation. For developers, the biggest change is that client-side security is now easier to adopt before a breach forces the issue.

How to use it or Next Steps

If your app depends on checkout flows, embedded widgets, or heavily scripted front-ends, enabling client-side security should be high on the list. Start by reviewing script inventory and monitoring alerts from the advanced bundle. The best next step is to pair detection with clean rollback and offline backups so recovery is possible if a script compromise gets through.

Read Original Post →