White Paper | GenAI Security with CloudGuard Q4 2025

White Paper | GenAI Security with CloudGuard Q4 2025

Explains how CloudGuard extends WAF and Hybrid Mesh Firewalls to secure GenAI apps. It covers protections against prompt injection, data leakage, and zero-day threats. Download the White Paper now.

White Paper | GenAI Security with CloudGuard Q4 2025

Securing GenAI Apps with CloudGuard Extending the Tried tnd Tested Foundations of

Web App Security to GenAI Applications

2SECURING GENAI APPS WITH CLOUDGUARD

Standing on the shoulders of giants Decades of experience have provided us with well-established tools and principles to protect clouds and web apps: From Next-Generation Hybrid Mesh Firewalls that protect and segment cloud and on- prem resources, to Web and API Firewalls (WAFs) that protect web-facing applications and exposed API endpoints.

However, with the meteoric rise of Generative AI (GenAI) applications, such as chatbot assistants in internal and external-facing applications, and multi-step/multi-agent agentic flows/systems with access to sensitive data and tools such as web-browsing and code execution, new attack vectors and unique risks have emerged that challenge our established notions of web app security.

Additionally, to reduce costs and rapidly adopt the era-defining revolution of GenAI technologies, companies are forced to move to heterogeneous multi- and hybrid-cloud deployments, making infrastructure-agnostic IP-free firewalls an absolute necessity for consistent, repeatable NAT, Access Control, Zero Trust, and segmentation policies, including inter-cloud segmentation.

This white paper discusses Check Point’s approach and its new capabilities to address the security risks of GenAI applications by seamlessly extending existing security controls and well-established security practices. Specifically, Check Point’s Hybrid Mesh Firewall with extended cloud-native capabilities, and the CloudGuard Web Application and API Firewall (WAF), which has been supercharged with specially crafted GenAI security capabilities.

Background The mess and necessity of securing traffic from packets up to APIs, in any environment.

The proliferation of networks across regions, branches, and on-premises data centers, along with the expansion into an increasing number of private and public cloud providers, as well as the increasing reliance on web applications and APIs with CVE-riddled open source dependencies; has created, over the years, a sprawl of variants and types of firewalls, including hardware, virtual, cloud, and web application/API firewalls.

This sprawl has eventually led to the rise of integrated security controls such as centrally managed, infrastructure-agnostic, and IP-free Hybrid Mesh Firewalls. It also extended WAFs to include API security and enforcement, with an increasing emphasis on embedded intrusion prevention systems capable of handling zero-day exploits.

Now, with the advent of GenAI, the traditional security blueprints and controls are being challenged yet again by new attack methods that network firewalls and WAFs cannot handle.

3SECURING GENAI APPS WITH CLOUDGUARD

For instance:

• Jailbreaking models directly (user prompts) or indirectly (prompt injection) to trick GenAI-powered assistants/agents to exfiltrate sensitive data in DLP-resistant outputs (e.g., output privileged information in ASCII art), mint unauthorized coupons, sell cars for $1, and more.

• Tricking AI Agents into launching attacks, such as executing arbitrary code, performing SQL injections on an SQL database in Retrieval Augmented Generation (RAG) setups.

• The introduction of agentic frameworks such as CrewAI, Flowise, and n8n that introduce an ever- increasing number of CVEs in internet-exposed systems with direct or indirect access to highly sensitive assets via Model Context Protocol (MCP) servers.

Now, over three decades after Check Point invented the first-ever firewall, Check Point has extended the battle-tested foundations of web application and cloud security to address the challenges of GenAI security. To achieve this, Check Point has (1) added GenAI-specific security layers to its Web Application and API Firewall (WAF), addressing issues such as model jailbreaking, misuse, excessive agency, and more, and (2) increased its Hybrid Mesh Firewall ability to inspect cloud-spanning networks with deep cloud-native integrations to facilitate rapid adoption of hosted GenAI-based systems.

In other words, Check Point now offers a holistic threat-prevention security solution to secure traffic from the packets in your network, through APIs in your apps, and up to prompts in your LLMs.

Definitions and Disambiguation • AI: Unless specified otherwise, for the purposes of this document, AI stands for Generative AI, such

as Large Language Models (LLMs), Vision Language Models (VLMs), etc.

• Web Apps: Unless specified otherwise, for the purposes of this document, web applications stand for home-grown applications accessible via browsers for internal or external use, for instance: (1) An eCommerce shop serving external users; (2) A Chatbot assistant for sales to query a customer database.

• AI Agents: Autonomous AI-based systems that can perceive their environment, reason, and take action to achieve a specific goal. For instance: translating a user’s data request into SQL queries, initiating a product return on ERP systems, sending emails, and more.

• Retrieval Augmented Generation: A technique that allows LLMs to query internal and external data sources to improve the accuracy and relevance of LLMs (e.g., looking for products currently in stock on an e-commerce app).

https://www.generalanalysis.com/blog/imessage-stripe-exploit https://arxiv.org/html/2503.12188v2

4SECURING GENAI APPS WITH CLOUDGUARD

• Model Context Protocol (MCP) servers: Services that provide tools, data, and functionality to an AI model through a standardized protocol (see examples here: Check Point MCP Servers - AI-Powered Security Management). Note: While there are other MCP-like protocols, what is true for MCPs is also true for similar systems.

• Agentic Flows: Workflows that use multiple autonomous AI agents in multi-step flows to make decisions, plan tasks, and perform actions such as searching in internal stores of data (e.g., S3 Buckets), searching the web, filling out forms, communicating with MCP servers, and more.

• Public Cloud: A service that provides distinct and separate tenets on hardware and software that is managed and owned by third-party Cloud Service Providers (CSPs), such as Amazon, Microsoft, or Google.

• Private Cloud: An environment dedicated to a single organization that can be hosted on-premises or by CSPs without sharing underlying software services with other organizations (for instance, VMware deployments running on AWS infrastructure).

• Multi-Cloud: Simultaneous use of interconnected cloud services from multiple CSPs (public or private deployments alike, but not self-hosted on-prem infrastructure).

• Hybrid Cloud: A combination of private/public clouds and on-prem infrastructure (e.g., datacenters), allowing data to move between them.

Existing Cloud/Web-App Security & Generative AI Current Network/Web-App Firewalls and GenAI Security

The existing combination of WAFs and multi-/hybrid-cloud gateways ensures that security encompasses all traffic layers—from packets traversing the network to API/HTTP requests.

For this reason, Hybrid Mesh Firewalls and WAFs together form the foundation of modern web application security and, for the most part, remain effective at blocking many attacks targeting GenAI- powered web applications.

Specifically:

• The WAF will still enforce API schemas, including LLM-bound APIs.

• Layer 3 and Layer 7 DLPs will still capture many instances of sensitive data leaks.

• IPSs will still block most malicious activities – GenAI-bound or otherwise.

https://mcp.checkpoint.com/ https://mcp.checkpoint.com/

5SECURING GENAI APPS WITH CLOUDGUARD

• · Multi-faceted cross-cloud segmentation will still ensure that only your chatbot can communicate with your agents, only your agents can talk to a specific MCP server, and only a specific MCP server can access your data.

• Zero Trust Network Access (ZTNA) will minimize the likelihood of unauthorized actors poisoning RAG databases and prevent meddling in system prompts and fine-tuning/training pipelines.

In the following sections, we will explore the adequacy and relevance of current Hybrid Mesh Firewalls and Web Application and API Firewalls to address GenAI security.

Current State of Hybrid Mesh Firewalls

The one core truth in cyber security: All threats ultimately manifest as packets traversing the network, whether it’s server-side request forgery, cross-site scripting, lateral movement, or malicious activity targeted at—or triggered by—large language models (LLMs) – everything translates to network traffic, and thus can be spotted and stopped at the network layers.

Modern environments are often composed of multiple disjoint networks that are merged into a single overlay network using various Network Connectivity Mesh tools, such as SD-WAN, Cloud/Virtual WAN, VPNs, and inter-cloud connectivity solutions like AWS Direct Connect, Azure ExpressRoute, and similar technologies.

6SECURING GENAI APPS WITH CLOUDGUARD

The principal driver of the Hybrid Mesh Firewall is a similar convergence at the gateway level to create a conceptual “overlay firewall” that merges the disparate on-prem, branch, cloud, and virtual firewalls, protecting the “single” overlay network.

Check Point’s Hybrid Mesh Firewall does just that. It seamlessly integrates Check Point Quantum Next- Gen Firewall (NGFW) with its cloud-native sibling, CloudGuard Network Security, via a single unified management system and IP-free, infrastructure-agnostic policies that dynamically adapt to on-prem and cloud networks/assets, with seamless integration with Network Connectivity Mesh tools and unmatched threat-prevention capabilities.

The Hybrid Mesh Firewall & GenAI While hybrid- and multi-cloud deployments are already commonplace, the adoption of GenAI has accelerated the adoption of heterogeneous environments and increased cloud architecture complexity. The main drivers for this push are: (1) Building robust GenAI pipelines with simple-to-use out-of-the-box tooling, (2) Avoiding the datacenter and GPU price tags associated with LLM inference, and (3) Allowing non-experts to build complicated multi-step agentic flows, eliminating the need to hire pricy AI experts.

Therefore, most companies adopting GenAI turn to cloud service providers such as Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform, and others, to facilitate rapid GenAI adoption with minimal upfront investment.

7SECURING GENAI APPS WITH CLOUDGUARD

The adoption of multi- and hybrid-cloud environments has been further exacerbated by data governance in Retrieval Augmented Generation (RAG) deployments and the increasing use of GenAI in internal- facing enterprise applications that rely on private-cloud/self-hosted architectures. For instance:

1. Data Governance: In RAG-based systems, governance might require data to be stored on-prem or in regions with stringent cross-border data transfer rules, forcing companies to establish complicated region-based routing and hybrid clouds.

2. Hybrid-Cloud Applications: Sometimes, companies deploy AI assistants to applications hosted in private clouds and data stored on-prem. For instance, many HR, CRM, and ERP systems can only be deployed in private clouds with immutable deployment blueprints, forcing companies to wire applications running in private clouds to AI systems and agentic flows running in public clouds.

Current State of Web Application and API Firewalls

GenAI-powered web apps are still web apps that rely on edge APIs. Therefore, GenAI-specific attacks are, at the end of the day, HTTP/API-based requests that WAFs can inspect and block.

At their core, WAFs share many similarities with more traditional gateways in terms of active defense mechanisms, including Data Loss Prevention (DLP), Intrusion Prevention Systems (IPS), rate limiters, and anti-bot systems.

8SECURING GENAI APPS WITH CLOUDGUARD

However, while gateways inspect network traffic at Layers 3 and 4 (e.g., TCP, UDP, IP), WAFs inspect traffic at Layer 7 (e.g., HTTP and API requests), filtering and blocking traffic that might look benign to standard gateways, as well as covering blind spots that network gateway cannot inspect such as inter- container traffic in Kubernetes (K8s) deployments, malformed API requests, and abuse of shadow APIs.

From Signatures to Machine Learning

Due to the dynamic nature of vulnerabilities, the rapid growth of zero-days, and CVEs’ median time to exploit of less than 5 days after disclosure, modern WAFs like Check Point CloudGuard are machine– learning–first rather than signature-dependent. The CloudGuard WAF exemplifies this evolution with its multi-step detection and filtering layers:

As seen above, in the case of CloudGuard WAF, a patented ML engine continuously analyzes users’ HTTP/S requests and their interactions with the web application to automatically detect and block malicious activity and bad actors. The ML contextual engine, together with the WAF’s IPS, Anti-Bot, File Security, and Snort-based intrusion detection layers, provides pre-emptive protection against emerging and zero-day threats, without relying on software or signature updates.

The Advent of Modern API Security

As applications increasingly depend on APIs, including headless and machine-to-machine endpoints, CloudGuard WAF automatically discovers and maps active APIs, creating a “living schema” that evolves over time. Security teams can then review and approve suggested updates, preventing schema drift while ensuring complete visibility.

CloudGuard’s Schema Validation capability enforces OpenAPI (OAS) contracts as the definitive source of truth for permitted API calls, blocking all invalid or out-of-contract requests. Finally, by combining positive (schema-based) and negative (ML-based) security models, CloudGuard protects APIs against both known and unknown attack vectors.

9SECURING GENAI APPS WITH CLOUDGUARD

The “Hybrid Mesh WAF”

As mentioned in the Hybrid Mesh Firewall section, modern app estates span on-prem, private cloud, multiple public clouds, and Kubernetes. The same logic that drove the emergence of Hybrid Mesh Firewalls now applies to WAFs, especially amid the GenAI-driven adoption of multi- and hybrid clouds.

In other words, WAFs need an equivalent to the Hybrid Mesh Firewall: a “Hybrid Mesh WAF”, allowing companies to deploy a single-vendor, centrally administered, infrastructure-agnostic WAF across multiple form factors. And indeed, just as the Hybrid Mesh Firewall unifies network security policy across environments, CloudGuard WAF delivers a single, ML-first web and API protection layer that runs consistently everywhere.

Regardless of where it is deployed, CloudGuard WAF enforces the same prevention models, policies, software updates, and learning synchronization while collecting telemetry across every footprint. Whether deployed as (1) a virtual gateway (VM-based) on public or private clouds (including self- hosted), (2) an add-on to NGINX or Kong, (3) a Kubernetes Ingress (NGINX/Kong/Istio), (4) a single managed Docker container, or (5) a fully managed WAF-as-a-Service (WAF SaaS) instance, CloudGuard WAF provides unified protection across all application environments, eliminating configuration drift, duplicated tuning, and inconsistent outcomes that multi-vendor WAF sprawl inevitably creates.

The Hybrid Mesh WAF & GenAI

Blocking the Common Denominators of GenAI and Traditional Web Apps’ Attacks

While attackers target GenAI-powered apps with GenAI-specific techniques, some abuses will manifest either first or downstream as common HTTP/API abuses, which is why, even without GenAI-specific defenses, CloudGuard WAF already mitigates many top 10 LLM risks. Specifically:

• Prompt Injection: Prompt injections coax models/agents into performing unintended actions. If the resulting HTTP/API calls include unexpected admin endpoints, payload parameters, etc., they will be blocked.

• Improper Output: If an LLM’s output is fed to downstream systems (e.g., code execution, form-fillers, etc.), CloudGuard WAF’s Schema Validation will reject out-of-contract and block malformed or over- privileged requests.

• Sensitive Information Disclosure: CloudGuard WAF can detect and surface sensitive data usage (credit cards, SSNs, email addresses, SSH keys, etc.) per endpoint and highlight where responses include such data.

10SECURING GENAI APPS WITH CLOUDGUARD

• Excessive Agency: To handle cases where agents calling tools have too much power, CloudGuard’s contractual guardrails can ensure only approved endpoints/methods are allowed and deny unexpected verbs/paths and parameter shapes. At the same time, the Rate Limiter can blunt over- eager tool loops.

• Supply chain weaknesses in GenAI: GenAI apps’ edges remain susceptible to CVE-driven exploits in web frameworks, SDKs, and RAG connectors. CloudGuard’s ML engine blocks unknown payloads, CVE exploits, and supports custom Snort 3 rules.

• Denial-of-Service against chat/RAG endpoints: CloudGuard WAF’s Rate Limiter can help, in some instances, to control abuse of token-expensive endpoints.

• Automated scraping & credential-stuffing against GenAI UIs: CloudGuard’s WAF Anti-Bot injects lightweight scripts on login/registration flows to distinguish humans from automation and block scripted abuse.

API Agility for Fast-Moving LLM Platforms

An additional benefit of CloudGuard WAF’s architecture is its ability to adapt to API changes without human intervention. This is crucial because LLM vendors frequently change their APIs (new endpoints/ parameters, renamed resources).

CloudGuard’s API Discovery continuously learns the actual APIs in use (REST & GraphQL), builds a suggested schema, and, after sufficient maturity, recommends promotion to enforcement. Then, you can select a discovered revision, multi-select API subsets, and choose Endpoints-only vs Full schema, thus keeping protection aligned with reality while avoiding schema drift.

Current Controls Are Good, But Not Good Enough for GenAI The security blueprint below provides an overview of CloudGuard’s current security posture. As noted, even without GenAI-specific features, these security controls and blueprints provide adequate security, either directly or indirectly, against the most common GenAI attacks and their consequences as long as the GenAI-borne attack shares common denominators with more standard attacks against cloud infrastructure and web applications.

Unfortunately, no matter how effective these systems are at protecting cloud apps and assets, they do not address the new attack methods to which LLMs are exposed, nor the attacks that LLMs expose the company to. Attacks such as model jailbreaking, prompt injection, model misuse, excessive agency (e.g., too many tools/permissions), and RegEx-resistant data exfiltration cannot be fully addressed by traditional security blueprints and the firewalls they employ.

11SECURING GENAI APPS WITH CLOUDGUARD

The following chapter will explore the capabilities required for GenAI-ready WAFs and Hybrid Mesh Firewalls, enabling companies to secure their GenAI applications without changing their existing security blueprint.

How to Build a GenAI-Ready WAF To counter the new risks posed by GenAI and its various use cases, Check Point has enhanced its CloudGuard WAF with an AI-driven, bidirectional, low-latency security system that includes prompt- attack defenses, data-leakage prevention, content-policy moderation, and malicious-link inspection, all evaluated in real time on both inputs to and outputs from LLMs.

In practice, these new set of GenAI dedicated layers screen each user interaction or agent step and lets security owners block, warn, or log when threats are detected, stopping abuses such as prompt injection/ jailbreak attempts, exfiltration of sensitive data (e.g., PII, credentials, system prompts), agent/tool overreach that triggers dangerous downstream API calls, and RAG-driven phishing via poisoned URLs.

12SECURING GENAI APPS WITH CLOUDGUARD

In addition to these new capabilities, we have ensured we continue the hybrid mesh philosophy of central management, deployment choice, and infrastructure-agnostic protection, which, in the case of GenAI, means model-agnostic: Supporting any LLM, whether a self-hosted open-source Foundation Model, A frontier lab model such as OpenAI, Anthropic, and Google, or LLMs offered by Cloud Service Providers such as Amazon Nova.

Like all other CloudGuard WAF policies, GenAI protections are centrally managed, policy-driven, and cloud-agnostic. Policies can be applied uniformly across CloudGuard WAF’s deployment options, so one control plane governs the same prevention logic everywhere your apps run. Moreover, CloudGuard’s new GenAI security engine supports 100+ languages and scripts, which is critical, as real-world prompts, data, and attacks often mix languages, obfuscations, and locale-specific formats, where multilingual screening helps preserve accuracy while minimizing false negatives.

GenAI Threats and How CloudGuard WAF Prevents Them The following list outlines the primary inputs to and outputs of GenAI-related threats—from malicious user prompts and poisoned retrieval data to model misuse and data leakage—and details how CloudGuard WAF’s newly added AI-driven security layers detect and prevent these attacks.

• Prompt Injection & Jailbreak Attacks: CloudGuard detects and responds to direct and indirect prompt attacks, including jailbreaks and prompt injections, by screening every LLM input and output for manipulation attempts that try to override system instructions or gain unauthorized access. Our Real-Time Prompt Defense Engine automatically flags or blocks these attacks across 100+ languages, allowing the application to stop the interaction or warn the user.

• Data Leakage & Sensitive Information Exposure: CloudGuard prevents accidental or malicious exposure of PII, system prompts, trigger words, and proprietary data within both inbound and outbound LLM communications. Our GenAI DLP layer can block interactions or mask sensitive fields, detecting entities (including obfuscated ones) that include full names, email addresses, credit card numbers, IBANs, social security numbers, and more.

13SECURING GENAI APPS WITH CLOUDGUARD

• Malicious or Unknown Links: CloudGuard stops phishing and poisoned-RAG attacks, including Data Injection and Supply Chain Vulnerabilities that try to insert or fetch malicious URLs during a model’s reasoning or response. Our Unknown Links Detector flags any URL outside our top 1,000,000 trusted domains and enables security teams to define custom allow lists for approved sources.

• Off-Policy or Harmful Content Generation: CloudGuard blocks the model from producing or relaying hate speech, violent, profane, or sexual content, or following manipulative instructions that breach corporate policy. Our Content Moderation Module flags and stops harmful or obfuscated content before it reaches users, using six built-in detectors for Crime, Hate, Profanity, Sexual, Violence, and Weapons.

• Agentic or Tool Overreach (i.e., Excessive Agency): CloudGuard prevents autonomous agents from issuing unintended or over-privileged API/tool calls that could modify or exfiltrate data. Our Input/ Output Screening, combined with Schema Validation and Rate Limiting, ensures only authorized, in- contract API actions are permitted while excessive sequences are throttled.

• Insecure Outputs, Cross-System Injection, and Insecure Output: CloudGuard protects downstream applications from consuming tainted LLM responses (e.g., injected SQL, XSS, or code fragments). CloudGuard WAF’s GenAI security modules screen and evaluate every model response, flagging content that violates prompt-defense or data-leakage rules before it reaches integrated systems.

• Custom and Context-Specific Threats: CloudGuard addresses organization-specific or proprietary risks, such as internal IDs, classified project names, or banned phrases. Leveraging our Custom Detectors, your teams can define their own RegEx-based filters for PII or content moderation, enabling bespoke policy enforcement.

• False-Positive Management and Continuous Tuning: CloudGuard maintains its unmatched false positive rate in its GenAI security modules, maintaining accuracy and adaptability across diverse GenAI use cases. To ensure a high catch rate with low false positives, our WAF offers configurable Confidence Thresholds aligned with OWASP’s paranoia levels, allowing administrators to tune sensitivity. At the same time, Allow/Deny Lists temporarily override misclassifications during incident investigation.

These new capabilities, paired with CloudGuard WAF’s existing signature-free threat prevention and autonomous API schema enforcement, close the gap left by the traditional WAFs, allowing the same security controls and policies to be used for web applications that do not rely on or use GenAI that can extend, with a simple API decorator, to secure both internet facing LLMs (e.g., assistant chatbots) and LLM-based agents running in agentic frameworks behind the scenes, including their tool usage.

14SECURING GENAI APPS WITH CLOUDGUARD

GenAI-Ready Hybrid Mesh Firewall In the gateway world, GenAI reediness is measured by two key metrics:

1. Features including scalability, infrastructure-agnostic capabilities, and dynamic policies that can adapt to rapidly changing environments.

2. Security against the unknown threats that GenAI exposes the organization to.

The Features that Make a GenAI Ready Gateway

To help illustrate the power of Check Point’s infrastructure-agnostic and IP-free decentralized cloud gateway and how it facilitates speedy and secure GenAI deployments, let’s consider a hypothetical deployment pattern for an Order Support Assistant that helps customers answer real-time questions about orders, inventory, returns, refunds, and shipping using customer PII data, and non-sensitive terms-of-service and rules. In our deployment, the sensitive data (order records, personal details, and transactional history) remains protected in an on-premises database hosted on a private cloud while the web app and its AI logic run in a scalable public cloud environment with out-of-the-box GenAI tools that help non-AI experts build AI-powered systems. This division reflects a pattern increasingly common in enterprise GenAI: high-performance AI in the public cloud, with data sovereignty on-prem.

While most cloud providers provide such tools, for our example, we will use AWS as our public cloud with (1) AWS Step Functions as the AI Agent orchestrator with access to (2) non-sensitive terms-of-service stored in RAG-specialized S3 buckets (vectorized plain-text), and (3) an MCP Server that translates questions into structured MySQL queries sent to (4) a MySQL DB with sensitive data stored in a self-hosted Nutanix private cloud.

With this environment in mind, let’s explore the key features of CloudGuard gateways that facilitate secure multi- and hybrid clouds and accelerate GenAI adoption.

15SECURING GENAI APPS WITH CLOUDGUARD

Connectivity Powered by a Single “Overlay Gateway”

The first step is to connect both clouds over a secure connection (e.g., an IPsec VPN or AWS Direct Connect). In CloudGuard’s case, a built-in VPN provides the easiest deployment; however, CloudGuard’s deployment blueprint makes it just as easy to use secure connectivity tools such as AWS Direct Connect, which CloudGuard treats as a transparent network tunnel. Moreover, since CloudGuard behaves as our proverbial “overlay gateway”, the gateways sitting on the edges of Nutanix and AWS behave, in a sense, like one single distributed gateway using the same policies, combined logging, and a shared management console.

Note: This is also the case if the database sits on-prem behind Check Point Quantum rather than on a private cloud behind CloudGuard, since the Quantum NGFW is, under the hood, CloudGuard, only in a hardware form factor.

Auto-Scaling Cloud-Agnostic Deployments

Since GenAI-based applications are prone to frequent increases and decreases in compute instances, GenAI deployments often trigger frequent, massive scaling events. This real-time elasticity is crucial for security, as even during AI workloads’ scaling events, no asset is ever exposed without governance.

When such scale-up and scale-down events occur, CloudGuard is automatically deployed via AWS Auto Scaling Groups to scale with workloads and then:

(1) CloudGuard provisions the gateways seamlessly

(2) CloudGuard automatically establishes Secure Internal Communication (SIC)

(3) CloudGuard applies a restrictive zero-trust baseline policy by default, and

(4) CloudGuard promotes them to a full policy once validation is completed.

Note: The exact same behavior is mirrored on any cloud. For instance, on Nutanix’s side, CloudGuard leverages its deep integration with Nutanix NCM Self-Service (AKA Calm), Prism Central, and the underlying AHV cluster orchestration to deploy additional security gateways as infrastructure needs grow

Crucially, CloudGuard continuously synchronizes assets across clouds (in our case, AWS and Nutanix), with self-adaptive policies eliminating the need for manual replumbing and rule tweaking. This brings us to the next point:

16SECURING GENAI APPS WITH CLOUDGUARD

IP-Free Policy and Dynamic Enforcement

Modern GenAI applications, such as the Order Support Assistant used in our example, introduce a fluid infrastructure model. Components are continuously redeployed, scaled, and versioned; web apps run as ephemeral Kubernetes pods; orchestration logic executes within AWS-managed Step Functions; and MCP servers scale dynamically based on load. In such environments, static IP-based rules are both brittle and unmanageable.

To address this, CloudGuard Network Security uses attribute-driven policies that enforce segmentation and threat prevention based on cloud metadata, workload identity, and service type rather than network location or path. Attributes such as Kubernetes labels, AWS tags, security groups, and Nutanix categories are automatically discovered and continuously synchronized by CloudGuard, allowing policies to follow workloads seamlessly across clouds, clusters, and private data centers.

This declarative, metadata-driven policy design makes CloudGuard’s protection elastic and self-adjusting, defined by workload identity and protocol rather than fixed IPs, for maximum flexibility. Hence, as new pods spin up, EC2 instances are replaced, or on-prem categories change, CloudGuard automatically refreshes all associated objects. And the result? A living security fabric that adapts dynamically to the state of the infrastructure without sacrificing governance or visibility.

The Security that Makes a GenAI Ready Gateway

GenAI-driven environments evolve faster than traditional IT systems. With each new model release, API version, code-execution agent, retrieval engine, agentic frameworks, programmatic scaffolding, and off- the-shelf MCP servers, organizations face an expanding attack surface that legacy detection logic cannot anticipate. In such conditions, static security approaches collapse under the weight of the unknown. Defending these AI ecosystems requires a prevention-first security architecture that stops both known and zero-day threats before they are exploited.

Independent testing by CyberRatings.org and Miercom in 2025 provides empirical proof that Check Point’s CloudGuard Network Security leads the industry in this capability; consistently outperforming both native cloud firewalls and other third-party vendors across every dimension of security effectiveness, exploit blocking, and evasion resilience.

Security Effectiveness

According to the CyberRatings Cloud Network Firewall Comparative Test (Q1 2025), Check Point achieved a 100% exploit block rate across 2,028 tested attacks, including zero-day and multi-vector payloads, making it the only vendor to deliver perfect protection alongside Fortinet and ahead of every hyperscaler-native firewall. By contrast, the average score of all other 3rd-party firewalls fell just short of 90%. In comparison, AWS Network Firewall, Microsoft Azure Firewall, and GCP Firewall Plus failed all multi-layer evasion tests, resulting in an overall security effectiveness score of 0%.

https://www.checkpoint.com/resources/items/report-cyberratings-cloud-firewall-test-results-q1-2025

17SECURING GENAI APPS WITH CLOUDGUARD

Check Point’s results were further amplified by its 100% false-positive rate, meaning that legitimate traffic, such as API calls between model orchestration layers and data backends, passed unimpeded. Beyond raw detection, CyberRatings tested 2,500 evasion scenarios across L3 to L7 protocols, including fragmentation, obfuscation, content encoding, and Unicode manipulation, all of which Check Point successfully neutralized without fail.

This resilience is directly relevant to GenAI environments where attackers exploit serialized JSON payloads, multi-part uploads, or vector-store injections. CloudGuard’s advanced traffic normalization and AI-driven IPS engine ensure that even mutated requests and encoded data streams cannot evade inspection. By combining these capabilities with autonomous policy synchronization, TLS decryption for model API calls, and context-aware application control, CloudGuard delivers the highest independently validated protection for hybrid, multi-cloud, and GenAI deployments.

Zero-Day Prevention

The Miercom Enterprise & Hybrid Mesh Firewall Security Report (Q1 2025) reinforces Check Point’s leadership, ranking it #1 in every major protection category with our IPS found to have 98% average block rate against Keysight Breaking Point simulated exploits, outperforming Fortinet (94.6%) and Palo Alto (91.6%) and our Zero-Day+1 malware prevention blocking 99.9% of freshly discovered malware blocked within 24 hours. Far above other market players, as seen below:

These outcomes underscore CloudGuard’s prevention-first philosophy: stop threats immediately rather than detect them post- execution, a crucial distinction in GenAI systems, where LLMs and code-execution agents can amplify a single intrusion into massive data leakage or supply-chain compromise.

18SECURING GENAI APPS WITH CLOUDGUARD

Worldwide Headquarters 5 Shlomo Kaplan Street, Tel Aviv 6789159, Israel | Tel: +972-3-753-4599

U.S. Headquarters 100 Oracle Parkway, Suite 800, Redwood City, CA 94065 | Tel: 1-800-429-4391

www.checkpoint.com

© 2025 Check Point Software Technologies Ltd. All rights reserved.

The Only Firewall Ready for the Unknown

In both independent studies, Check Point was the only vendor to achieve a perfect score across exploit blocking, false-positive accuracy, and stability under load, making it the only solution proven to deliver consistent zero-day prevention across on-prem, cloud, and Firewall-as-a-Service deployments.

As GenAI architectures introduce unprecedented interconnectivity—API gateways, agentic toolchains, data pipelines—CloudGuard Network Security stands as the benchmark for adaptive defense against the unknown.

Conclusion In an era where GenAI applications blur the boundaries between code, content, and cognition, Check Point empowers organizations to innovate with confidence, transforming security from a constraint into a catalyst for safe, intelligent progress.

Generative AI has redefined what applications can do and how they can be attacked. As enterprises embed LLMs and agentic workflows into mission-critical systems, they inherit new layers of risk: unpredictable model behavior, ever-changing APIs, and exposure paths that defy traditional perimeters. Securing this landscape demands more than reactive detection; it demands prevention that moves as fast as innovation itself.

Check Point CloudGuard delivers precisely that. By extending the Hybrid Mesh Firewall and ML-first Web Application and API Firewall architectures into the GenAI era, CloudGuard unifies protection from packets to prompts under a single, policy-driven fabric.

Whether deployed across clouds, Kubernetes clusters, or private data centers, CloudGuard enforces scalable, infrastructure-agnostic controls that automatically adapt as workloads scale, evolve, or migrate, and blocks malicious prompt-based attacks—from excessive agency to prompt injection.


Item Type: pdf