TL;DR
Cloudflare One adds endpoint DLP, browser RDP clipboard controls, and M365 Copilot scanning to unify data protection across transit, rest, use, and AI interfaces.
Key Points
- Endpoint DLP enforcement in Cloudflare One Client monitors clipboard movement to prevent sensitive data leakage to unauthorized LLMs and tools
- Browser-based RDP now supports granular clipboard controls with directional policies (e.g., allow paste-in, block paste-out for sensitive portals)
- Operation mapping extended to logging—HTTP requests now surface as human-readable operations (SendPrompt, Share, Upload) for faster forensic analysis and policy tuning
- Microsoft 365 Copilot API CASB integration detects when user prompts, responses, and uploads match DLP detection profiles with rich context for triage
Why It Matters
As enterprises shift to AI-assisted workflows and distributed remote access, traditional perimeter-based security fails. This unified approach closes the gap between data protection in transit and data exposed at the prompt—a critical vulnerability as clipboard-to-LLM data exfiltration becomes a standard attack vector.
Source: blog.cloudflare.com