Cloudflare Client-Side Security Now Open to All Users

On March 30, 2026, Cloudflare expanded its Client-Side Security suite to all self-serve customers. The update introduces a cascading AI detection architecture to identify malicious browser-side scripts. For developers managing e-commerce sites or handling sensitive user data, this shifts the baseline for defending against modern skimmers and frontend vulnerabilities.

Access and Compliance Monitoring

Cloudflare Client-Side Security Advanced is now directly available to Pro and Business plan users through the dashboard. This removes the previous enterprise sales requirement for advanced features. Users on the free tier receive complimentary domain-based threat intelligence to block connections to known malicious domains.

The Advanced tier includes automated code-change monitoring. If you process payments, this fulfills the specific monitoring mandates of PCI DSS v4 Requirement 11.6.1. It provides immediate visibility into unauthorized JavaScript modifications without requiring third-party auditing software.

Cascading Detection Pipeline

The system processes approximately 3.5 billion scripts daily using a two-stage detection pipeline. High-traffic environments generate significant noise from modern web frameworks. To maintain catch rates without overwhelming security teams with alerts, Cloudflare splits the analysis.

The first stage uses a Graph Neural Network (GNN). The GNN converts JavaScript code into an Abstract Syntax Tree (AST) to perform structural analysis. It evaluates logical patterns to classify the script’s intent. This allows the system to identify data exfiltration routines even within heavily obfuscated code.

Scripts flagged by the GNN trigger a secondary evaluation. Cloudflare passes these suspicious files to gpt-oss-120b, an open-source large language model, for a contextual second opinion. This AI inference runs directly at the edge using Cloudflare Workers AI.

This cascading approach reduces false positives by up to 200x compared to relying on the GNN alone. It preserves the system’s ability to catch zero-day exploits while drastically reducing alert fatigue. Flagged scripts are automatically logged to Cloudflare R2 to support posterior auditing and continuous model improvement.

Target Vectors and Supply Chain Vulnerabilities

Enterprise zones currently run an average of 2,200 external scripts. Small and medium-sized webshops rely heavily on third-party libraries, creating massive attack surfaces. Recent supply chain attacks demonstrate the fragility of modern web development ecosystems.

In September 2025, attackers compromised 18 popular npm packages with crypto-stealing code. By January 2026, researchers found browser-side keyloggers harvesting credentials on a major U.S. bank’s merchandise store. Platforms like Magento are frequent targets for these infections. Without dedicated client-side monitoring, malicious code can operate undetected for weeks.

Review your third-party script dependencies and enable the free domain-based threat intelligence if your domains route through Cloudflare. If your application handles payment details or sensitive user profiles, map your current client-side monitoring against the PCI DSS v4 requirements to determine if the Advanced tier is necessary for your compliance posture.