Cloudflare
Cloudflare One

AI Visibility & Control
for Curtin University

A layered approach to enabling safe AI adoption
across campus -- without endpoint agents

Confidential -- For Discussion Purposes

The Challenge: AI in Higher Education

You Can't Block AI

AI tools are becoming integral to teaching, learning, and research. Students expect access. Researchers depend on it. Faculty are integrating it into curriculum.

But You Need Control

Institutional data, research IP, student PII, and financial records must be protected. The security team needs to know what's being used, by whom, and what data is being shared.

"The question isn't whether students and staff use AI -- it's whether the university has visibility into how they use it."

The Goal

Say "yes" to AI adoption with guardrails that protect the institution -- without creating friction for tens of thousands of users.

The Device Reality

Any approach to AI security must work across a diverse device and network landscape

Managed Devices

Staff laptops, lab machines
MDM / GPO controlled

BYO Student Devices

Personal laptops, phones, tablets
No agent, no MDM

Visiting Researchers

Short-term, unmanaged
Zero IT control

The agent problem: Requiring endpoint software on every student device is operationally impractical at university scale. Any security approach that depends entirely on an installed agent will leave the majority of users uncovered.

Where the Current Stack
Falls Short

AI visibility is an emerging category with structural gaps
in incumbent platforms

Palo Alto Networks: Agent-Dependent

AI Access Security via Prisma Access

  • Broad AI app catalogue (~374 apps with risk scores)

  • Granular controls for sanctioned/unsanctioned AI

  • Recent Protect AI acquisition strengthens AI model security

The Gap for Higher Education

  • Requires endpoint agent for HTTP-level AI traffic inspection

  • Architected for corporate-managed device fleets

  • BYO student devices, visiting researchers, shared labs = uncovered

  • Protect AI capabilities not yet integrated into SASE platform

No Agent

=

No Visibility

AWS: Ecosystem-Only Coverage

AI Guardrails Within AWS

  • Bedrock Guardrails for AWS-hosted models

  • SageMaker security controls

  • Strong governance for AI workloads running on AWS infrastructure

The Gap for Higher Education

  • Zero visibility outside AWS ecosystem

  • Student opens ChatGPT, Claude, Perplexity from campus WiFi = invisible to AWS

  • The real shadow AI risk is outbound traffic to third-party SaaS

  • No controls for AI tools that don't run on AWS

Protects AI

running on AWS

Not

AI accessed

from campus

A Layered Approach

Scaling from fully agentless to deep content inspection
based on what the university controls

LAYER 1 Campus Network Visibility

Fully Agentless

No agent. No certificate. No software on devices.

How it works

Point campus WiFi and lab network DNS at Cloudflare Gateway. Every device on the network -- managed or unmanaged, any OS -- flows through Gateway DNS policies.

What you get

  • See which AI applications are being resolved across campus

  • Block unsanctioned AI tools by application category

  • Redirect users to approved alternatives

  • Monitor usage frequency and patterns

Implementation

DNS configuration change on campus network infrastructure. Can be deployed in hours, not weeks.

Answers the First Question

"What AI tools are our people actually using?"

This is where every security team starts.

Limitations

DNS-level only. Domain visibility but no HTTP content inspection, prompt logging, or DLP. Native apps that bypass the browser DNS resolver may not be captured.

LAYER 2 HTTP Inspection on Managed Devices

No Endpoint Agent Required

Requires Cloudflare root certificate (standard MDM push) + browser PAC file configuration.

How it works

For devices where Curtin controls browser config (staff laptops, lab machines), Gateway proxy endpoints route HTTP/S traffic through Gateway via PAC file for full inspection.

What you get

  • Full HTTP-level DLP inspection

  • Application-granular controls (block uploads to ChatGPT, allow prompts)

  • Content category filtering

  • Identity-aware policies via Cloudflare Access auth

Implementation

Push Cloudflare root certificate via MDM/GPO. Configure PAC file in browser settings. No WARP agent install needed.

Best For

University-managed staff devices and lab machines where browser configuration can be centrally managed.

Limitations

Browser traffic only. Native desktop apps and non-browser AI tools are not covered. Does not support Browser Isolation.

LAYER 3 Sanctioned AI Tools -- Fully Agentless

No agent. No certificate. No software on the end-user device.

How it works

Approved AI tools published through Cloudflare Tunnel, accessed via Access + Clientless Browser Isolation. Users authenticate via the university IdP; sessions run in a remote browser on Cloudflare's edge.

Architecture

Tunnel -- outbound-only, no public IP, no firewall changes

Access -- identity-aware policies in front of the app

RBI -- session executes on Cloudflare's network, not the device

What you get

  • Copy/paste, upload/download, and print controls

  • DLP inspection on data in/out of the application

  • Full session logging and audit trails

Best for: Delivering sensitive research AI tools to unmanaged student devices with managed-device-level controls.

Scope: Specific apps configured in the dashboard. Not a catch-all -- Layers 1 & 2 cover broad AI usage.

LAYER 4 AI-Specific Controls

Prompt Topic Detection

Classifies prompt topics, captures full prompt/response, blocks by category. Understands conversational intent, not just data patterns.

Available today for: ChatGPT, Gemini, Claude, Perplexity

Other AI tools: standard regex/pattern DLP applies. WebSocket-based tools (e.g., Microsoft Copilot) not yet supported for deep inspection.

Standard DLP

Detects PII, financial data, source code, and custom patterns across any HTTP-inspected AI tool. Works at all layers where TLS inspection is active.

MCP Server Governance

First SASE platform with centralized Model Context Protocol management:

  • Register and discover MCP servers

  • Per-user access policies

  • Curate exposed tools per portal

  • Log individual tool invocations

Addresses shadow MCP servers deployed by researchers/developers.

AI Security Report

Single dashboard: all AI usage, sanctioned and unsanctioned, policy actions, user activity. Gives the CISO's team a clear picture of the university's AI posture.

Beyond AI Security

AI controls are built on a platform with deep credibility
in protecting critical infrastructure

The Cloudflare Platform

AI visibility runs on the same single-pass inspection pipeline as our security and network services -- no latency penalty for layering them together

DDoS Protection

Cloudflare mitigates more DDoS attacks than any other provider. Foundational for public-facing research portals, student systems, and enrolment infrastructure.

Web App Security

WAF, Bot Management, and API Security protecting applications at the edge. Threat intelligence from ~20% of global web traffic.

Full SASE Platform

Secure Web Gateway, ZTNA, CASB, Email Security, and Network-as-a-Service. A consolidation opportunity -- not a point solution.

Single-pass architecture: Every service runs at the nearest data center. No backhauling between appliances. For a geographically distributed campus, this means security without latency.

Outcomes for Teaching & Learning

Students use approved AI tools with guardrails -- even from personal devices on campus WiFi

Researchers access AI platforms without risking IP leakage, with audit trails on managed devices

Faculty experiment with AI teaching tools knowing institutional data is protected via isolated sessions

Security gets a single dashboard showing AI usage campus-wide with layered controls to act on it

IT avoids the operational burden of endpoint agents across a diverse, largely unmanaged device population -- while still gaining meaningful visibility and control

Next Step

We'd welcome the opportunity to talk through what's possible for Curtin -- tailored to your network architecture and security priorities.

Whether that's a technical deep dive, an executive briefing, or an informal conversation.

Let's connect with the right people to explore this further.