Louis Zezeran
21. mai 2026
Artificial intelligence is no longer an experimental side project. It is rapidly becoming a foundational layer of how organizations operate, develop software, interact with customers, and secure digital infrastructure. But while the pace of AI innovation continues accelerating, many organizations are struggling to answer a much simpler question:
How do we adopt AI safely without slowing innovation?
In this episode of the NEVERHACK CyberCast, Louis Zezeran speaks with Gregory Van Den Top, Field CISO at Cloudflare, during Cloudflare’s Immerse Tallinn event. Together, they explore Cloudflare’s evolving AI philosophy, the future of secure AI infrastructure, and why digital transformation in the AI era requires a completely different mindset from traditional enterprise technology projects.
The result is a fascinating discussion that blends cybersecurity, developer culture, AI governance, cloud-native architecture, and organizational strategy into one highly practical conversation.
AI Is Changing Everything — Including Cloudflare
Gregory explains that Cloudflare was not originally an “AI-first” company. However, as generative AI capabilities rapidly matured, the organization quickly realized how transformative these technologies could become internally.
One of the earliest breakthroughs came from software development workflows. AI-assisted code review, debugging, and validation dramatically improved development velocity while simultaneously improving code quality. Instead of simply helping engineers work faster, AI also helped reduce bugs and operational risk before products reached production.
This internal adoption became critical to Cloudflare’s strategy.
Cloudflare strongly believes in what Gregory describes as a “customer zero” philosophy. Before new capabilities are offered externally, Cloudflare first uses them internally at scale. Products are tested against real operational requirements, real engineering workflows, and real-world production pressures before customers ever see them.
This philosophy shapes how Cloudflare approaches AI today.
Rather than rushing unfinished AI products to market, the company focuses on practical deployment, experimentation, and iterative learning.
The Rise of AI Primitives and Flexible Architectures
A major theme throughout the episode is Cloudflare’s focus on providing flexible “building blocks” rather than rigid enterprise platforms.
Gregory repeatedly references the idea of “primitives” — modular capabilities organizations can combine to build customized AI workflows and architectures.
These include:
- Queues and serverless execution environments
Rather than forcing customers into a single predefined AI model, Cloudflare provides programmable infrastructure that developers can adapt to evolving use cases.
This flexibility matters because AI itself is evolving incredibly quickly.
The “correct” AI architecture today may look completely different in six months. Organizations that overcommit to rigid platforms risk becoming trapped in outdated approaches.
Cloudflare instead embraces composability.
Gregory explains how lightweight serverless Workers running on Cloudflare’s edge network create ideal environments for deploying AI agents and workflows without the operational friction of traditional infrastructure.
Developers no longer need to provision servers, manage scaling, or worry about geographic deployment. Instead, they can focus entirely on building functionality.
This dramatically lowers the barrier to experimentation.
AI Governance: The Importance of Control Layers
While the developer opportunities around AI are exciting, the conversation quickly shifts toward governance and security.
Gregory highlights a critical reality:
AI systems are only as trustworthy as the controls surrounding them.
As organizations deploy AI agents capable of reading data, writing information, making decisions, or interacting with external systems, governance becomes essential.
Cloudflare’s AI Gateway is presented as a central governance layer — effectively a checkpoint through which AI traffic can be monitored, controlled, and optimized.
The AI Gateway enables organizations to:
- Route requests to different models
- Audit prompts and interactions
- Control access to external AI providers
- Enforce governance policies
Gregory also discusses MCP portals, which act as structured access layers between AI agents and organizational data sources.
Rather than giving AI unrestricted access to systems, MCP portals help enforce least privilege principles and identity-aware access control.
This becomes especially important as AI agents grow more autonomous.
The conversation briefly touches on OpenClaw — an autonomous AI system that Gregory describes as technologically impressive but deeply concerning from a security perspective when deployed without proper governance.
The message is clear:
Autonomous AI without governance is dangerous.
Cloudflare’s approach focuses on secure-by-default architectures where AI systems receive only the permissions they truly require.
Identity and Zero Trust for AI Agents
One of the most insightful discussions in the episode revolves around identity.
Cloudflare believes AI agents must be treated similarly to human users within Zero Trust environments.
Every AI system should have:
- Least privilege restrictions
Gregory explains that organizations must avoid uncontrolled “identity sprawl” where countless AI agents gain excessive privileges without oversight.
Instead, AI agents should inherit carefully controlled permissions aligned to their intended purpose.
This approach mirrors modern Zero Trust principles already familiar to cybersecurity professionals.
The difference is that these concepts now apply equally to autonomous software systems.
The Future of AI Models: Bigger Isn’t Always Better
Another major topic explored is the rapidly evolving AI model landscape.
Gregory argues that organizations will increasingly use multiple models simultaneously rather than relying on a single provider.
Frontier LLMs such as OpenAI or Claude may handle highly advanced tasks, while smaller domain-specific models could handle focused workloads more efficiently and at dramatically lower cost.
Most user requests simply do not require the most expensive AI models available.
Cloudflare’s architecture enables intelligent routing where simple requests can use low-cost edge-hosted models while complex development tasks route to more advanced systems.
This orchestration layer may become one of the most important enterprise AI challenges over the next several years.
Organizations must answer questions such as:
- Which model should handle which task?
- How do we optimize costs?
- How do we maintain governance across providers?
- How do we manage constantly changing model quality?
Gregory predicts that AI orchestration itself will become a core operational discipline.
Digital Transformation: Why So Many Projects Fail
The episode also explores the broader organizational implications of AI adoption.
Louis references statistics showing that many digital transformation initiatives fail or fail to meet expectations.
Gregory argues that traditional top-down transformation strategies often struggle because organizations focus too heavily on technology itself rather than actual business problems.
Simply deploying “an AI tool” does not create transformation.
Real transformation happens when organizations identify friction points and empower employees to experiment with practical improvements.
This is where Cloudflare’s low-friction platform philosophy becomes important.
Rather than requiring massive infrastructure projects, organizations can begin with small experiments:
- A lightweight governance layer
From there, successful ideas can expand organically.
Gregory repeatedly emphasizes experimentation over excessive planning.
As he puts it during the episode:
“Just start doing cool stuff.”
That mindset reflects a broader reality about the AI era — the technology is evolving too quickly for traditional multi-year planning cycles.
Organizations must learn by doing.
Security Must Enable Innovation — Not Block It
One particularly important theme is the evolving role of cybersecurity.
Historically, security teams often acted as blockers, focusing primarily on denying risky behavior.
Gregory argues that modern security teams must evolve toward enablement.
Rather than simply saying “no,” security should help users accomplish goals safely.
Cloudflare’s programmable infrastructure enables organizations to guide user behavior intelligently rather than relying solely on hard restrictions.
For example, if a user attempts to access a restricted application without proper training, a policy could redirect them toward the appropriate learning platform instead of simply blocking access entirely.
This philosophy creates better user experiences while maintaining governance.
It also encourages innovation rather than suppressing it.
Why This Episode Matters
This conversation offers valuable insights not only for cybersecurity professionals but also for developers, IT leaders, and executives navigating AI adoption.
It demonstrates that successful AI transformation is not about chasing hype or deploying the newest model every month.
Instead, success comes from:
- Incremental experimentation
- Human-centered transformation
Cloudflare’s approach highlights how organizations can embrace AI while maintaining control, visibility, and operational resilience.
The future of AI will not belong solely to organizations with the biggest models.
It will belong to organizations that can adapt fastest.
Listen Now
Want to understand how Cloudflare approaches AI governance, secure agents, edge AI infrastructure, and digital transformation?
Listen to the full NEVERHACK CyberCast episode with Gregory Van Den Top now.
Visit our website for more cybersecurity insights, expert interviews, and practical discussions on the future of AI and security.
Subscribe to NEVERHACK CyberCast for future episodes and follow Louis Zezeran and Gregory Van Den Top on LinkedIn for continued discussion and updates.
