Cloudflare Introduces Cloudy: An LLM-Powered Explanation Layer for Security

Cloudflare has announced the extension of its Cloudy explanation layer across Phishnet and API CASB, aiming to improve decision-making and reduce unnecessary noise in security operations. Cloudy is a machine learning (ML) powered explanation layer built into Cloudflare One, which translates complex security signals into human-readable guidance for security teams and end-users. This improvement is particularly relevant for Cloudflare Email Security, where users can now understand why a message was flagged before escalating it to the security operations center (SOC).

Key Technical Details:

• Cloudy uses large language models (LLMs) to generate human-readable explanations for security detections.
• The explanation layer is integrated directly into Cloudflare One, allowing for seamless access to contextual guidance.
• Cloudflare Email Security now provides LLM-powered summaries for detections, enabling users to understand the reasoning behind flagged messages.
• Phishnet, a tool for submitting suspicious messages to the SOC, will now include clearer explanations and contextual education to help users make better decisions.

Practical Implications for Developers:

• Cloudy's LLM-powered explanations can be integrated into various security workflows, including Phishnet and API CASB.
• Developers can leverage Cloudflare's API to access and utilize Cloudy's explanation layer in their own applications.
• By providing clearer explanations and contextual guidance, Cloudy can help reduce unnecessary noise and improve decision-making in security operations.