Enterprise AI, Secured by Default

A complete demonstration of Cloudflare's AI platform capabilities — from hosting and agentic AI to comprehensive security governance. Built for enterprises that refuse to compromise on security.

Launch AI Analyst

Three Pillars of Enterprise AI

One platform covering hosting, AI runtime, and security — no third-party integrations needed.

Global Edge Hosting

Applications deploy to Cloudflare's network across 300+ cities worldwide. No servers to manage, no regions to pick. Automatic TLS, DDoS protection, and sub-50ms latency for every user.

Workers Static Assets Custom Domains Auto TLS

Agentic AI Capabilities

AI agents that don't just chat — they take action. Tool calling, code execution in secure sandboxes, human-in-the-loop approval, MCP integration, and persistent conversation state.

Agents SDK Sandbox Workers AI MCP Server Human-in-the-Loop
🔒

AI Security Governance

Enterprise-grade security across every layer: DLP scanning of prompts and responses, prompt injection detection, MCP governance portals, shadow AI controls, and full audit logging.

AI Gateway DLP Prompt Injection WAF MCP Portal Shadow AI Blocking

Live Demo Components

Each component is deployed on Cloudflare and exposed through a deliberate path or governed portal.

💬

AI Analyst Chat

Streaming chat agent with financial tools, compliance checks, and sandbox code execution.
🔌

Raw MCP Server

Access-protected Model Context Protocol endpoint used for direct admin testing and portal upstream connectivity.
📊

AI Gateway Dashboard

Real-time analytics: token usage, costs, DLP detections, guardrail triggers.
🛡

MCP Portal

Cloudflare Access-governed MCP entrypoint with curated tools, managed OAuth, and per-user audit logging.

Architecture Overview

ai.carlin.app — Cloudflare DNS + Global Anycast
Application Layer
☁️
Landing Page
ai.carlin.app
Workers + Static Assets
Platform overview page deployed as a Cloudflare Worker with static HTML/CSS. Globally distributed across 300+ cities with automatic TLS and DDoS protection.
💬
AI Chat Agent
ai.carlin.app/chat
Agents SDK + AIChatAgent
Streaming chat agent with persistent conversations, server-side tool calling, human-in-the-loop approval, and React frontend. State stored in Durable Objects with SQLite.
🔌
MCP Server
mcp.ai.carlin.app/mcp
Protected Raw MCP Endpoint
Access-protected MCP server exposing portfolio summary, risk assessment, and transaction search tools. Used by admins directly and as the upstream server for the governed MCP portal.
AI Runtime + Observability
🧠
Workers AI
Workers AI model runtime
Built-in LLM Inference
Runs the Meridian assistant on Cloudflare's GPU infrastructure through Workers AI and AI Gateway. No API keys needed, no external provider dependencies, and full observability at the edge.
📦
Sandbox
Secure Code Execution
Cloudflare Containers + Sandbox SDK
Isolated container environment for executing Python code. The AI agent writes and runs data analysis scripts in a sandbox with no network access and no access to production systems.
📊
AI Gateway
Guardrails, DLP, Logs
AI Observability + Control
Proxies all AI model traffic. Provides real-time analytics (tokens, costs), content guardrails, DLP scanning of prompts/responses for PII and financial data, and complete audit logging.
Cloudflare One / Zero Trust
🔐
Access
Identity + Auth
Cloudflare Access (ZTNA)
Identity-based authentication on every application endpoint. Supports OTP, SSO via any IdP (Okta, Entra, Google), and device posture checks. Every request is authenticated at the edge.
🛡
MCP Portal
Tool Governance
MCP Server Portal
Centralizes multiple MCP servers behind `portal.ai.carlin.app/mcp`. Admins curate which tools are exposed per user group. Every tool invocation is logged with identity context.
🚫
Gateway Policies
Shadow AI Blocking
Gateway HTTP + DNS Policies
Blocks direct access to unauthorized AI services (ChatGPT, Claude, Gemini). Forces all AI usage through the sanctioned enterprise platform. DLP policies inspect prompts for sensitive data.
🛡️
AI Security for Apps
WAF: PII, Injection, Topics
WAF + Firewall for AI
Model-agnostic WAF detections at the edge. Protects the JSON AI ingress at `ai.carlin.app/api/chat`, scores prompts for injection attacks, detects PII (SSNs, credit cards), and blocks unsafe topics before they reach the model.