Cloudflare CASB Adds ChatGPT, Claude, and Gemini Security Scanning
Summary¶
Cloudflare One's API-based CASB now scans ChatGPT, Claude, and Gemini for security posture — misconfigurations, DLP matches on chat attachments, secrets/keys/invites hygiene, and MFA/license issues (Gemini via Google Workspace). All agentless, no endpoint software. Combined with Cloudflare Gateway's inline prompt controls and Shadow-AI identification, it forms a unified control plane for enterprise GenAI use. Third-party AI-security tooling option relevant when VisiTrans evaluates SPEC-130 KI-Richtlinie enforcement mechanisms and Anthropic Teams-Account rollout (SPEC-144, parked).
Key Details¶
- ChatGPT detections: capability activation flags (actions, code execution, web access), public GPT exposure, unrotated API keys, DLP on chat attachments
- Claude detections: high-risk invites + entitlement drift, unused API keys, DLP on uploaded files
- Gemini detections: user MFA gaps, suspended-account licenses (narrower scope because of Google Workspace API structure)
- Delivery model: SaaS add-on to existing Cloudflare One (SASE) subscription; 50 free seats for evaluation
- Coverage gap noted: Gemini has no equivalent to ChatGPT's custom GPT sharing or Claude's Projects, so posture controls differ per provider
Why Rolf Thinks This Matters¶
Further Reading¶
- ChatGPT, Claude, & Gemini security scanning with Cloudflare CASB
- Curated knowledge summary already qualified 2026-05-28: intake/knowledge/tools/2026-05-24-chatgpt-claude-gemini-cloudflare-casb.md
- Adjacent SPEC-130 (Claude Code Security Guide) and SPEC-144 (Teams-Account, parked)