Getting Started
Welcome to the AI Security Bootcamp hands-on lab. You'll build Zero Trust foundations from zero, then protect AI-powered applications and govern workforce AI usage using Cloudflare.
What You'll Build
Over 6 modules you will:
- Set up Zero Trust — configure SAML IdP, reusable Access policies, and CF1 Client / WARP
- Explore a vulnerable AI-powered e-commerce assistant
- Detect attacks using AI Security for Apps
- Mitigate them with WAF rules
- Govern workforce AI usage with Gateway and DLP
- Secure sanctioned MCP access via portal and block shadow MCP
Lab Components
You'll need the following resources, all provided for you:
| Component | Description |
|---|---|
| Cloudflare account & zone | A dedicated lab account with WAF, Zero Trust, and all required entitlements |
| Windows 11 client | A managed Windows workstation for CF1 Client / WARP enrollment |
| Ubuntu server | An Ubuntu origin server |
| SAML identity provider | A shared SAML-based IdP with preconfigured test users |
| AI Shopping Assistant | A prebuilt e-commerce app with an LLM-powered chat assistant |
| KiwiCart MCP Server | A shared remote MCP server with read-only tools |
| Lab guide | This step-by-step guide with validation checkpoints |
Your Lab Slug
Throughout this guide, you will see references to your lab slug. You can find it in the name of your Cloudflare account — it is the two-word suffix after the hyphen (e.g., ... - adjective-noun).
Lab Architecture
The lab uses two control planes across multiple traffic paths:
Inbound (AI App Protection)
You (browser) → Cloudflare WAF + AI Security for Apps → AI Shopping Assistant + LLM
Outbound (Workforce AI Governance)
Win11 client (WARP) → Cloudflare Gateway + DLP → Public AI Tools
Sanctioned MCP Path
MCP Inspector → MCP Portal → Cloudflare Access (auth) → KiwiCart MCP Server
Unsanctioned MCP Path (blocked)
MCP Inspector → Gateway/SWG → Direct MCP Server URL → BLOCKED
Identity & Trust Model
| Layer | Component | Purpose |
|---|---|---|
| Identity | SAML IdP | Provides user identities for Access and MCP portal auth |
| Access | Reusable policies | Controls who can reach protected resources |
| Client | CF1 Client / WARP | Routes device traffic through Gateway for policy enforcement |
| Gateway | HTTP policies + DLP | Enforces AI usage governance and blocks shadow MCP |
| MCP Portal | AI controls | Provides sanctioned, identity-aware MCP access |
What You Will Build From Zero
In M0, every attendee creates the Zero Trust foundation:
- Configure SAML identity provider — register and test the IdP
- Create reusable Access policies —
All employeesandIT admins - Set up CF1 Client / WARP — enroll the Windows 11 client, connect to Gateway
Do not skip M0. The Gateway AI governance (M4) and MCP portal (M5) labs require a working identity provider, Access policies, and WARP client connection.
Module Overview
| Module | Title | Time | What You'll Do |
|---|---|---|---|
| M0 | Zero Trust Foundation | 35 min | Configure SAML IdP, Access policies, CF1 Client / WARP |
| M1 | Explore & Attack | 20 min | Enable AI Security for Apps, label endpoints, then send normal and adversarial prompts to the AI app |
| M2 | AI Security — Monitor | 30 min | Configure custom topics, inspect detections from M1 traffic |
| M3 | AI Security — Mitigate | 25 min | Apply WAF rules per detection type, compare before/after |
| M4 | Zero Trust AI Governance | 30 min | Gateway AI controls, DLP prompt inspection, Shadow AI |
| M5 | Sanctioned MCP Portal | 40 min | Configure MCP portal, Access policy, block direct MCP |
How to Use This Guide
Each module page includes:
- Task — what you're doing in one sentence
- Why — why this matters
- Steps — numbered steps with exact dashboard paths
- Expected Result — what you should see
- Validation — checkboxes to confirm success
- Troubleshooting — common issues and fixes
Complete each module's Validation step before moving to the next module.
Prerequisites
- A laptop with a modern web browser (Chrome, Firefox, or Edge)
- Your lab credentials (provided by the facilitator)
- Access to the Windows 11 VM and Ubuntu server
- Node.js 18+ installed (for MCP Inspector in M5)
Need Help?
- Check the Troubleshooting section in each module
- Raise your hand — facilitators are available to help
- If the dashboard looks different from the screenshots, check that you're in the correct account/zone