Securing the AI apps TaylorMade is building.

Enable CHIP and AI Fitting the flexibility to run on any model, no lock-in. Cloudflare AI Gateway is the governed front door — observability, spend caps, PII detection, and prompt-injection filtering.

Control AI costs with spend limits

Finance can approve an AI budget with a hard ceiling. If a rogue agent or a bad prompt loop tries to run away, spending stops automatically — not at end-of-month invoice review.

User agent captured in AI Gateway logs

Detection engineering in Falcon SIEM can now correlate a spike in cost or a policy hit back to the exact SDK or app that produced it. Rogue-agent hunting becomes trivial.

Call any model through one REST API

If TaylorMade needs to move CHIP from Azure to Claude or Gemini for a specific workload, the security posture (DLP, PII, injection) doesn't change. One security review, many model choices.

Automatic retry on upstream provider failures

A customer-support AI that intermittently fails is worse than one that is slow. Retry policy is a security posture item too — it removes a class of graceful-degradation failures that hide real incidents.

Securing the AI TaylorMade employees already use.

2,500 employees plus 15,000 contractors have ChatGPT, Claude, Copilot and Gemini one paste-buffer away. Cloudflare One is the inline enforcement layer — SSE, CASB, DLP, Access, WARP — with a small-team operating model.

Write regex using natural language in Cloudflare One

DLP policy authoring is one of the most annoying tasks a security engineer does. This turns a two-hour regex exercise into a two-minute policy. A small team ships more policies faster.

Granular permissions and roles for Gateway policies

A small InfoSec team can now hand out narrow admin scopes to network, IAM, and desktop peers without giving up control of the platform. The operating model scales without team growth.

File transfer controls for browser-based RDP (beta)

15,000 contractors globally, plus the Korea acquisition, plus vendors touching product data — this is the exact BYOD scenario Cloudflare Access is built for. Files stay where they should.

Independent MFA for Access applications

Compliance frameworks (SOC 2, ISO 27001, PCI when in scope) increasingly ask for per-app MFA on sensitive systems. This delivers it as a policy, not a project.

SAML assertion encryption for identity providers

Directly complements the browser-extension detections already running in Falcon SIEM. The identity plane and the endpoint plane are now watching for the same class of attack.

IdP federation across Cloudflare accounts

The Korea acquisition established the operating pattern: move fast, one control plane, no duplication. This is the Cloudflare equivalent for identity — matches the Falcon "install the agent on every endpoint first" speed pattern.

The layer everyone is going to need next — MCP server portals.

As internal AI agents get access to internal systems (Salesforce, Jira, HRIS) via MCP, someone has to be the guardrail.

Service token support for MCP server portals

Agents that never touch a browser still need audited access to internal systems. Service tokens give them that access with full audit trail — the same shape as any other Access event.

Tool and prompt aliases for MCP server portals

Once agents touch CRM and ERP data, the semantic layer matters. This is the equivalent of SIEM detection tuning — same discipline, applied to what agents can and can't do.

Session management for MCP server portals

Compliance auditors are going to start asking "how long does an agent's session last?" and "how do you revoke it?" This is that answer.
Account Executive · Cloudflare
Nick Nguyen
nnguyen@cloudflare.com →
+1 (858) 449-5049 · Book time