CLOUDFLARE One’s unified data security vision now covers data in transit, at rest, in use, and at the prompt, aiming to ensure policy follows data rather than tool boundaries. The post outlines updates such as browser-based RDP clipboard controls to restrict copy/paste between local devices and browser-based sessions, and enhanced operation mapping that surfaces specific actions in log events to improve policy authoring and investigations.
It also introduces on-device Endpoint DLP enforcement in the Cloudflare One Client to extend data protection to clipboard movements without deploying a second agent, and Igor against data being pasted into AI assistants. Additionally, the article notes AI visibility through M365 Copilot scanning via API CASB, with Copilot findings available by default for existing Microsoft 365 integrations.
According to Cloudflare, these changes push the endpoint-to-prompt model forward as enterprises adopt AI and SaaS more broadly; the post is dated 6 March 2026.