CONCEPT Cited by 1 source

WAF attack score

Definition

WAF Attack Score is Cloudflare's ML-based request classification layer that assigns a score (1–99) to every HTTP request based on structural similarity to historical attack traffic — independent of signature-based rules. Lower scores indicate higher confidence the request is malicious.

How it differs from signature matching

Traditional WAF rules match against a list of known-bad patterns (regex, content strings, CVE-specific signatures). WAF Attack Score is trained on the shape of past attacks: a novel SQL injection or RCE chain is almost always a rearrangement of attack shapes the model has seen before, even when the specific exploit is brand new. This makes it effective against zero-day variants and frontier-model-generated payloads.

Operational detail

• Score range: 1–99
• Scoring runs on every request (not sampled)
• Lower score → more aggressively treated (challenge, block, or rate-limit)
• Same methodology applied to AI prompts via "AI Security for Apps" — scoring prompt similarity to known attack prompts rather than checking against a list

(Source: sources/2026-06-09-cloudflare-defend-against-frontier-cyber-models)

Seen in

• sources/2026-06-09-cloudflare-defend-against-frontier-cyber-models — "We run the model on every request and assign a WAF Attack Score between 1 and 99, based on how closely the request resembles those underlying shapes, not against a list of known-bad signatures."