AI Security for Apps can operate in two distinct modes. Understanding the trade-offs between them helps you choose the right approach for your stage of deployment.

Comparison

Feature Production mode Log mode How it works You write WAF custom rules using AI Security for Apps detection fields You enable the AI Security Log Mode Ruleset with pre-built rules Prompt logging No — only request metadata is logged Yes — the full request body is logged (encrypted via payload logging) Response logging No — use AI Gateway if response visibility is required No — same limitation Policy flexibility Full — combine injection scores, PII categories, bot scores, custom topics, and more Limited — three fixed rules (PII detected, unsafe topic detected, prompt injection detected) with no score-based or subcategory logic Blocking behavior Customizable — issue custom responses including custom JSON Default WAF block page only Best for Production traffic with granular control Evaluation and testing — correlate prompts with detection results to tune thresholds

Production mode

Production mode is the standard operating mode. You enable AI Security for Apps and create custom rules using the detection fields it populates. This gives you full control over:

Which detections trigger an action. For example, block only when cf.llm.prompt.injection_score is below 30, rather than blocking any detection.

For example, block only when is below 30, rather than blocking any detection. Which PII categories matter. For example, block CREDIT_CARD but only log EMAIL_ADDRESS .

For example, block but only log . Combining signals. For example, block when both PII is detected and the bot score is low.

For example, block when both PII is detected and the bot score is low. Custom responses. Return a JSON error message to your application instead of the default WAF block page.

Example production rule expression:

(cf.llm.prompt.injection_score lt 30 and cf.bot_management.score lt 20)

Limitation In production mode, the prompt text is not logged. You can see detection metadata (scores, categories) in Security Analytics, but not the actual prompt content.

Log mode

Log mode uses the AI Security Log Mode Ruleset — a pre-built ruleset that logs the full request body alongside detection results. This mode is designed for evaluation and tuning rather than production enforcement.

In log mode:

The managed ruleset fires on three broad conditions: PII detected, unsafe topic detected, and prompt injection detected.

The entire request body is logged using payload logging (encrypted — you must configure a key pair to decrypt payloads).

You can correlate specific prompts with their detection scores to understand how the model classifies your traffic.

When to use log mode:

During initial deployment, to understand what AI Security for Apps detects on your traffic before enforcing actions.

When tuning score thresholds — review logged prompts alongside their scores to determine appropriate thresholds.

When validating that custom topic definitions are working as expected.

Enable log mode

Dashboard

API In the Cloudflare dashboard, go to the Security Settings page. Go to Settings Under AI Security for Apps, find the Managed Ruleset section. Enable the AI Security Log Mode Ruleset. Set the action to Log. (Recommended) Configure payload logging so you can decrypt and view the full prompt content alongside detection results. Deploy the managed ruleset using a PUT request: Required API token permissions At least one of the following token permissions is required: Zone WAF Write

Account WAF Write Update a zone entry point ruleset curl "https://api.cloudflare.com/client/v4/zones/ $ZONE_ID /rulesets/phases/http_request_firewall_managed/entrypoint" \ --request PUT \ --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN " \ --json '{ "rules": [ { "action": "execute", "action_parameters": { "id": "b7cd52df92f74c848cec0c2ed385e336" }, "expression": "true" } ] }' The ID of the AI Security Log Mode Ruleset is ...d385e336 . To set individual rule actions to log , override the rules within the managed ruleset using action_parameters.overrides . For more information, refer to Override a managed ruleset.

Warning Since the managed ruleset uses broad, binary detection logic (detected/not detected), it can be too aggressive for production traffic. Without score-based thresholds, you should expect a higher rate of false positives if the action is set to Block.

Recommended workflow

Start in log mode. Enable the AI Security Log Mode Ruleset with the action set to Log. Configure payload logging so you can view prompts alongside detection results. Review detections in Security Analytics. Filter on events from the managed ruleset. Decrypt payloads and review the prompts that triggered detections. Note the scores to understand where to set thresholds. Build production rules. Based on your analysis, create custom rules with appropriate score thresholds and PII category filters. Disable log mode. Once your production rules are deployed and validated, disable the managed ruleset or keep it on Log as ongoing monitoring. Monitor and iterate. Continuously review detection events in Security Analytics and adjust thresholds as your traffic patterns evolve.