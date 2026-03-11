Log mode versus production mode
AI Security for Apps can operate in two distinct modes. Understanding the trade-offs between them helps you choose the right approach for your stage of deployment.
|Feature
|Production mode
|Log mode
|How it works
|You write WAF custom rules using AI Security for Apps detection fields
|You enable the AI Security Log Mode Ruleset with pre-built rules
|Prompt logging
|No — only request metadata is logged
|Yes — the full request body is logged (encrypted via payload logging)
|Response logging
|No — use AI Gateway if response visibility is required
|No — same limitation
|Policy flexibility
|Full — combine injection scores, PII categories, bot scores, custom topics, and more
|Limited — three fixed rules (PII detected, unsafe topic detected, prompt injection detected) with no score-based or subcategory logic
|Blocking behavior
|Customizable — issue custom responses including custom JSON
|Default WAF block page only
|Best for
|Production traffic with granular control
|Evaluation and testing — correlate prompts with detection results to tune thresholds
Production mode is the standard operating mode. You enable AI Security for Apps and create custom rules using the detection fields it populates. This gives you full control over:
- Which detections trigger an action. For example, block only when
cf.llm.prompt.injection_scoreis below 30, rather than blocking any detection.
- Which PII categories matter. For example, block
CREDIT_CARDbut only log
EMAIL_ADDRESS.
- Combining signals. For example, block when both PII is detected and the bot score is low.
- Custom responses. Return a JSON error message to your application instead of the default WAF block page.
Example production rule expression:
(cf.llm.prompt.injection_score lt 30 and cf.bot_management.score lt 20)
Log mode uses the AI Security Log Mode Ruleset — a pre-built ruleset that logs the full request body alongside detection results. This mode is designed for evaluation and tuning rather than production enforcement.
In log mode:
- The managed ruleset fires on three broad conditions: PII detected, unsafe topic detected, and prompt injection detected.
- The entire request body is logged using payload logging (encrypted — you must configure a key pair to decrypt payloads).
- You can correlate specific prompts with their detection scores to understand how the model classifies your traffic.
When to use log mode:
- During initial deployment, to understand what AI Security for Apps detects on your traffic before enforcing actions.
- When tuning score thresholds — review logged prompts alongside their scores to determine appropriate thresholds.
- When validating that custom topic definitions are working as expected.
-
In the Cloudflare dashboard, go to the Security Settings page.Go to Settings
-
Under AI Security for Apps, find the Managed Ruleset section.
-
Enable the AI Security Log Mode Ruleset.
-
Set the action to Log.
-
(Recommended) Configure payload logging so you can decrypt and view the full prompt content alongside detection results.
Deploy the managed ruleset using a
PUT request:
At least one of the following token permissions
is required:
Required API token permissions
Zone WAF Write
Account WAF Write
The ID of the AI Security Log Mode Ruleset is
To set individual rule actions to
log, override the rules within the managed ruleset using
action_parameters.overrides. For more information, refer to Override a managed ruleset.
-
Start in log mode. Enable the AI Security Log Mode Ruleset with the action set to Log. Configure payload logging so you can view prompts alongside detection results.
-
Review detections in Security Analytics. Filter on events from the managed ruleset. Decrypt payloads and review the prompts that triggered detections. Note the scores to understand where to set thresholds.
-
Build production rules. Based on your analysis, create custom rules with appropriate score thresholds and PII category filters.
-
Disable log mode. Once your production rules are deployed and validated, disable the managed ruleset or keep it on Log as ongoing monitoring.
-
Monitor and iterate. Continuously review detection events in Security Analytics and adjust thresholds as your traffic patterns evolve.