How Cloudy translates complex security into human action

This post explains how Cloudflare's LLM-powered 'Cloudy' layer translates complex ML security signals into clear, actionable human-readable guidance within Cloudflare One.

• •Cloudy aggregates outputs from multiple ML detection models and generates natural language explanations via purpose-built prompts using Workers AI
• •Phishnet for Microsoft is being upgraded to display Cloudy summaries in real time when users report suspicious emails, running on Cloudflare Workers at global scale
• •Technical signals such as SPF fail, DKIM fail, domain age, and URL reputation are converted into plain-language explanations for non-technical end users
• •The goal is to reduce unnecessary SOC queue noise from users who over-report clean emails while helping under-cautious users better assess risk
• •Cloudy is also being extended to API CASB findings to help security and IT teams quickly understand SaaS misconfigurations and prioritize remediation