Cloudflare

Hands-On Lab

AI Security Bootcamp

Break it • Detect it • Mitigate it • Govern it • Optimize it

What You Are Given

KiwiCart AI Assistant

NZ e-commerce app + KiwiCart Ops MCP server

Cloudflare Account & Zone

WAF, Zero Trust org — you build from zero

Step-by-Step Guide

Screenshots, dashboard paths, validation & troubleshooting

Windows 11 Client

CF1 / WARP preinstalled

Ubuntu Server

Origin server

SAML IdP

Shared test identity provider

Architecture — Protecting AI Apps

You (attacker) Browser prompts M1 CLOUDFLARE EDGE WAF + AI Security for Apps Prompt Injection PII Detection Unsafe Topics Custom Topics M2 M3 monitor & mitigate KiwiCart AI Workers AI Llama 3.1 8B

Cloudflare sits inline between user and AI app — every prompt is scanned before reaching the LLM

Architecture — Governing AI & MCP

Win 11 + WARP CF1 Client enrolled M0 SAML IdP M0 identity CLOUDFLARE ONE Gateway + DLP Sanction Gemini · Redirect unsanctioned AI · Prompt inspection · Shadow AI M4 M0 Access + MCP Portal Identity auth · Sanctioned MCP path · 3-layer shadow block M5 M0 Gemini Sanctioned AI tool 🚫 ChatGPT etc. Redirected to Gemini KiwiCart MCP Via sanctioned portal Shadow path blocked

All employee traffic routes through Cloudflare One — AI tools governed, MCP access sanctioned, shadow paths blocked

Architecture — AI Gateway Operations

AI Gateway Explorer Your app sends inference requests M6 CLOUDFLARE AI GATEWAY AI Gateway 🛡️ Guardrails 🔒 DLP Scanning ⚡ Cache 🚦 Rate Limiting 💰 Spend Limits 🔀 Dynamic Route M6 all four labs Workers AI Llama 3.2 1B Llama 3.3 70B Dynamic routing picks model per user

AI Gateway sits between your app and the model — inspect, guard, route, cache, and control cost on every inference call

Lab Modules

M0 •

Zero Trust Foundation

SAML IdP, Access policies, CF1 Client / WARP

M1 •

Explore & Attack

Normal and adversarial prompts against vulnerable app

M2 •

AI Security — Monitor

Enable AI Security for Apps, discover endpoints, inspect detections

M3 •

AI Security — Mitigate

WAF rules per detection type, before/after comparison

M4 •

Zero Trust AI Governance

Gateway AI controls, DLP prompt inspection, Shadow AI analytics

M5 •

Sanctioned MCP Portal

MCP portal + Access policy, block direct MCP via Gateway/DLP

M6 •

AI Gateway Operations

AI Gateway, guardrails, DLP, dynamic routing, caching, rate limiting, spend limits

How to Validate Success

At Each Module Checkpoint

  •  Follow the "Expected Result" section in the guide
  •  Complete the "Validation" step before moving on
  •  Check the "Troubleshooting" section if something doesn't match

By End of Lab

  •  SAML IdP & WARP traffic through Gateway
  •  Detected and blocked risky AI traffic
  •  Governed workforce AI with Gateway + DLP
  •  Sanctioned MCP portal & blocked shadow MCP
  •  AI Gateway with guardrails, routing & cost controls

Open the lab guide nowhttps://kiwistore-lab-guide.mythingy.io

Appendix

Important URLs

Lab Guide

https://kiwistore-lab-guide.mythingy.io/

Step-by-step guide for all modules (M0 – M6)

Direct MCP Server

kiwistore-mcp.mythingy.io

KiwiCart Ops MCP server — used in M5 for sanctioned portal setup

Redirect Worker

kiwi-redirect.jamal-workers.workers.dev

Redirects unsanctioned AI traffic to the sanctioned Generative AI tool

Stealth MCP Server

kiwistore-shadow.mythingy.io

Shadow MCP endpoint — used in M5 to test 3-layer Gateway defense

AI Gateway Explorer

https://kiwi-aigw.mythingy.io

AI Gateway Explorer app — used in M6 to send requests through your AI Gateway