Skip to content

Cloudflare CASB Adds ChatGPT, Claude, and Gemini Security Scanning

Summary

Cloudflare One's API-based CASB now scans ChatGPT, Claude, and Gemini for security posture — misconfigurations, DLP matches on chat attachments, secrets/keys/invites hygiene, and MFA/license issues (Gemini via Google Workspace). All agentless, no endpoint software. Combined with Cloudflare Gateway's inline prompt controls and Shadow-AI identification, it forms a unified control plane for enterprise GenAI use. Third-party AI-security tooling option relevant when VisiTrans evaluates SPEC-130 KI-Richtlinie enforcement mechanisms and Anthropic Teams-Account rollout (SPEC-144, parked).

Key Details

  • ChatGPT detections: capability activation flags (actions, code execution, web access), public GPT exposure, unrotated API keys, DLP on chat attachments
  • Claude detections: high-risk invites + entitlement drift, unused API keys, DLP on uploaded files
  • Gemini detections: user MFA gaps, suspended-account licenses (narrower scope because of Google Workspace API structure)
  • Delivery model: SaaS add-on to existing Cloudflare One (SASE) subscription; 50 free seats for evaluation
  • Coverage gap noted: Gemini has no equivalent to ChatGPT's custom GPT sharing or Claude's Projects, so posture controls differ per provider

Why Rolf Thinks This Matters

Further Reading