CloudFlare launches application reliability scores to tackle the risks of Shadow It and Shadowai

The availability of SaaS and Gen AI applications has changed the way businesses operate, increasing collaboration and productivity across teams. However, increasing productivity means employees turn to unapproved SaaS and GEN AI applications, which increases risk and often dump sensitive data for a quick productivity victory.

The prevalence of “Shadow It” and “Shadow AI” creates multiple issues for security, IT, GRC, and legal teams. for example:

• GEN AI applications may train models with user input. This could make your own company information publicly available through third parties, competitors, or even clever attacks such as a rapid injection.
• Applications may hold user data for a long time, share data with third parties, have loose security practices, have data breaches or bankrupt, expose data sensitive to the best bidders.
• GEN AI applications can produce biased, insecure, or incorrect output, leading to non-compliance or poor business decisions.

Despite these issues, Gen AI's blanket ban won't work. They suppress innovation and push employee use underground. Instead, organizations need smarter controls.

Therefore, security, IT, IT and GRC teams face difficult challenges. How can each third-party application be properly evaluated without auditing and creating individual policies for everyone whose employees may decide to interact with? And at the rate at which they are multiplying – how can they hope to keep up with all of them?

CloudFlare application reliability scores are transparent, understandable, and accountable metrics that measure app safety, security, and data protection. It is designed to provide Seculity, IT, Legal and GRC teams with a rapid way to assess the rapidly growing space of AI applications.

The score is not based on vibes or black boxes “learning algorithms” or “artificial intelligence engines.” Instead, the score is calculated against an objective rubric that is published in the CloudFlare developer documentation and kept up to date.

As AI applications emerge at an unprecedented pace, the issue of “Shadow AI” strengthens traditional risks associated with Shadow IT. Shadow IT applications create risk when user data is held for a long time, loose security practices, financially unstable, or widely shared with third parties. On the other hand, AI tools create new risks when retaining and training user prompts, or generate biased, toxic, inaccurate or unsafe responses.

To separate these different risks, CloudFlare offers two different scores.

• Application Trust Score (5 points) covers the maturity of common SaaS,
• The Gen-AI trust score (5 points) focused on the risks inherent in GEN AI.
• The company has chosen to focus on two separate areas to make the metrics scalable (which in the future can allow CloudFlare to be applied to applications that are not.
• Focusing on Gen ai) to make scores easier to understand and infer.

CloudFlare is actively improving its scoring methodology. To that end, the company works with a diverse group of experts in the AI ​​ecosystem (including researchers, legal experts, SOC teams, and more) to fine-tune scores and optimize for transparency, accountability and scalability.

By prioritizing transparency in its approach, CloudFlare not only bridges the critical gap in SASE capabilities, but also drives the industry towards stronger AI safety practices.

Comprehensive information on the reliability scores for new CloudFlare applications can be found on this blog.