Cloudflare Client-Side Security: smarter detection, now open to everyone

Client-side skimming attacks, capable of stealing data without disrupting user experience, pose significant security challenges, as illustrated by recent incidents involving keyloggers and malicious npm packages. To combat such threats and democratize access to robust security features, Cloudflare has made its Client-Side Security Advanced available to self-serve customers and introduced complimentary domain-based threat intelligence for all users. The Client-Side Security system, which operates without latency impact, leverages machine learning and a Large Language Model (LLM) to enhance the detection of malicious JavaScript while significantly reducing false positives. This two-stage detection pipeline begins with a Graph Neural Network (GNN) that assesses script structures, followed by an LLM that provides a semantic evaluation, thus minimizing false alarms and improving true positive rates. This approach has already proven effective in identifying sophisticated threats like the core.js router exploit, which traditional security measures might miss. By offering these security tools, including domain-based threat intelligence, Cloudflare aims to empower all web users, particularly smaller businesses, in maintaining high security standards.