AI Security

Encrypting Customer Documents for Secure AI Summaries with Cloudflare Workers AI

TL;DR: Encrypt files at rest, upload them to a private Cloudflare Workers AI bucket, run the summarization inside a sandboxed Worker, and delete the plaintext after the response. Use per‑request keys, short‑lived tokens, and audit logs to keep the data private and compliant.

What encryption strategy works best for a one‑off summarization request?

Generate a unique symmetric key (AES‑256‑GCM) for each request on the client side. Encrypt the document locally, then send the ciphertext together with the key wrapped by a short‑lived Cloudflare Access token. This “encryption‑in‑flight” model ensures that the plaintext never touches the network.

How do I store encrypted files safely for the Worker to process?

Use Cloudflare Workers AI’s KV store or R2 bucket with bucket‑level encryption disabled (since the file is already encrypted). Set the bucket’s ACL to private and attach a signed URL that expires in 60 seconds. The Worker reads the ciphertext via the signed URL, decrypts it in memory, runs the summarization model, and discards the plaintext immediately.

How can I keep the decryption key secret from the Worker runtime?

Pass the wrapped key as an Authorization header to the Worker. Inside the Worker, use Cloudflare’s crypto.subtle API to unwrap the key using the Access token’s public key. Because the key lives only in the request context, it never persists in environment variables or disk.

What sandboxing measures prevent a malicious model from exfiltrating data?

Cloudflare Workers run in a V8 isolate with no outbound network access unless explicitly allowed. Disable fetch for the Worker during summarization and only re‑enable it after the response is generated. This limits the model to processing data locally and prevents it from calling external endpoints.

How should I log the operation without exposing the content?

Log only metadata: request ID, user ID, bucket object name, and timestamps. Never log the ciphertext or the plaintext. Use Cloudflare’s logpush integration to ship logs to a secure SIEM. Example log entry:

{"request_id":"abc123","user":"[email protected]","object":"doc‑enc‑20240708-01","status":"completed","duration_ms":842}

When and how do I delete the encrypted file?

After the summarization response is sent, issue a DELETE request to the signed URL. Verify the deletion with a HEAD request. For compliance, retain the encrypted blob for a configurable retention period (e.g., 7 days) before a scheduled purge.

What compliance checks should I run before deploying?

How can I scale this pattern for many concurrent documents?

Leverage Cloudflare’s Durable Objects to coordinate a per‑user rate limit. Each incoming request creates a short‑lived Durable Object that holds the encrypted blob reference and ensures only one summarization runs per user at a time, preventing race conditions and excessive token usage.

What are the fallback steps if the model returns an error?

1. Return a generic error message to the caller without exposing internal details.
2. Log the error code and stack trace (redacted) to the SIEM.
3. Trigger an alert to the on‑call engineer via a webhook.
4. Delete the encrypted file immediately to avoid lingering data.

How do I audit the entire pipeline?

Build a weekly report that aggregates log entries by user and counts successful vs. failed summarizations. Cross‑reference the report with the R2 bucket inventory to ensure no orphaned encrypted files exist. Store the report in a read‑only location and grant access only to compliance officers.

Implementing this workflow gives you end‑to‑end confidentiality while still benefiting from powerful AI summarization. The approach follows zero‑trust principles and aligns with OWASP GenAI guidance, making it suitable for small businesses handling contracts, medical records, or any PII‑laden documents.

For teams that need help designing or reviewing such a pipeline, AISecAll offers a quick security review service that fits into your sprint schedule.

Need a practical AI security review?

AISecAll reviews prompts, tool permissions, document flows, and agent behavior so small teams can use AI without guessing where the risk sits.

Book a call Discuss a project