Cascade AI against skimming: Cloudflare Client-Side Security now available to everyone
While security teams harden the backend, one attack category grows quietly on the frontend: JavaScript skimming. Malicious scripts injected into web pages steal credit card data, credentials, and user sessions directly from the victim’s browser, before the information ever reaches the server.
Cloudflare has just opened its Client-Side Security platform to the general public, with a major architectural improvement: a cascade AI detection system that reduces false positives by 200x compared to the previous generation.
The problem: JavaScript is the hardest vector to defend
Modern web applications load dozens or hundreds of third-party scripts: analytics, chatbots, payment systems, social widgets. Each is a potential attack vector. The most famous incident was Magecart in 2018, when attackers compromised the Ticketmaster library to steal payment data from thousands of customers.
Detecting these attacks is hard because:
- Malicious code is usually heavily obfuscated to evade detection
- It lives in third-party scripts the operator does not directly control
- Tools like VirusTotal often do not detect them until there are mass reports
Cloudflare Client-Side Security analyzes roughly 3.5 billion scripts per day, protecting about 2,200 unique scripts per enterprise zone. The platform works via browser reports (Content Security Policy), without application instrumentation and without latency impact.
The cascade detection architecture
The core technical advance in this update is the combination of two AI models:
First level: Graph Neural Network (GNN)
The GNN analyzes JavaScript code structure using Abstract Syntax Trees (AST). Instead of hunting specific signatures—which attackers easily evade by renaming variables and methods—it analyzes structural patterns: how execution flows, which functions are called from where, how the DOM is accessed.
This approach detects malware even when obfuscated or bundled, because the behavioral structure of malicious code tends to be similar regardless of disguise. The GNN is tuned for high recall: it prefers generating some false positives over missing a zero-day.
Second level: Large Language Model (LLM)
When the GNN flags a script as suspicious, an LLM hosted on Workers AI comes into play. The LLM has semantic understanding of code: it grasps the context and intent behind JavaScript constructs, distinguishing between:
- Legitimate obfuscation (minification, bundling, IP protection)
- Genuinely malicious behavior (data exfiltration, keylogging, session hijacking)
The LLM acts as a precision filter on candidates the GNN elevates, drastically cutting false positives without sacrificing sensitivity.
The numbers that matter
| Metric | Previous system | New system | Improvement |
|---|---|---|---|
| False positives on total traffic | ~0.3% | ~0.1% | 3x |
| False positives on unique scripts | ~1.39% | ~0.007% | 200x |
The 200x reduction in false positives per script matters most in enterprise environments where security teams must investigate every alert. With the old system, there was too much noise to operate efficiently. The new system produces actionable alerts.
Real-world case: malware on Xiaomi routers
Cloudflare documents a case caught by the new system: sophisticated malware targeting Xiaomi routers, distributed through compromised browser extensions. The code:
- Dynamically queried WAN settings on the router
- Hijacked Chinese DNS servers
- Attempted to block legitimate access to the device
It was packed with a string array obfuscator—the kind of technique that evades most conventional malware scanners. Both the GNN and the LLM identified it correctly.
Availability and PCI DSS v4 compliance
Access changes:
- Client-Side Security Advanced (with AI detection) is now available in self-serve mode for all paying Cloudflare customers
- Domain-based threat intelligence: free for all users
PCI DSS v4.0 requirement 11.6.1: The card payment security standard requires monitoring changes to scripts on payment pages. Cloudflare Client-Side Security directly satisfies this requirement, making it relevant not only as a security tool but as a compliance enabler.
What this means for your organization
If you process online payments, you have a compliance obligation this tool addresses. If you use many third-party scripts on critical applications, you have an attack vector you are probably not monitoring actively.
Self-serve access removes the sales-contact barrier that previously limited adoption. Initial setup can be completed in an afternoon.
Does your organization have visibility into every third-party script your web applications load? At Ayuda.LA we help companies in Latin America implement web application security controls and meet PCI DSS v4. Contact us.