Whatever message this page gives is out now! Go check it out!

ColdFusion AI features- Frequently asked questions

Last update:
May 18, 2026
Build AI-powered applications in ColdFusion with configurable guardrails, prompt validation, monitoring, and enterprise controls for secure and reliable AI behavior.
What AI capabilities are being added to ColdFusion?
ColdFusion 2025.0.08 adds a toolkit that lets you build AI-powered applications directly in CFML:
  • Talk to AI models: connect to AI providers (OpenAI, Anthropic, Google Gemini, Mistral, Azure OpenAI) or run models locally on your own server using Ollama.
  • Semantic search: use embedding models and vector databases to find content by meaning, not just keywords.
  • Retrieval-Augmented Generation (RAG): ground AI answers in your own documents. Load, chunk, embed, and query your content with built-in pipelines.
  • MCP support: connect ColdFusion to AI agents and tools using the Model Context Protocol, both as a client (connecting to MCP servers) and as a server (exposing your CFC methods as AI tools).
  • Conversation memory: AI services can remember the history of a conversation, stored in server memory or persisted to Redis, Memcached, or EHCache.
  • Monitoring: track every AI call, token usage, RAG pipeline phase, guardrail result, and tool execution in the Performance Monitoring Toolset (PMT).
Note: Adobe recommends the use of guardrails as a best practice when developing AI‑based applications to help promote secure, reliable, and ethically aligned behavior. Guardrails are not enabled by default, and customers are responsible for configuring and implementing guardrails based on their specific use cases, requirements, and risk tolerance. Guardrails can help mitigate risk by constraining inputs and outputs, enforcing policies, and improving overall system robustness.
Where is my AI-related data stored when I use ColdFusion AI features?
Unlike cloud-hosted AI services, ColdFusion AI features run entirely within your own infrastructure. Adobe has no access to your data, prompts, or documents at any point.
Conversation history
Stored in the in-memory environment of the ColdFusion server running within the customer’s on-premise setup. This data may be transmitted to Adobe servers for certain processing operations. Optionally persisted to your own Redis, Memcached, or EHCache. If chat memory is not enabled, nothing is stored.
RAG content (document chunks + vector embeddings)
Your configured vector store, either in ColdFusion's own memory, or an external service you own and control.
AI provider credentials and settings
Configuration files on your ColdFusion server. API keys are encrypted at rest using industry-standard encryption before being saved.
Monitoring data
Your ColdFusion Performance Monitoring Toolset (PMT) server.
Does ColdFusion send my documents or data to Adobe servers?
ColdFusion AI features run within your ColdFusion server environment.
When you interact with AI features, your prompts and data are processed locally within your server and may be transmitted to the AI provider you have configured (for example, OpenAI, Anthropic, or other supported providers).
Adobe does not process or store your prompts or documents as part of model execution. Any processing by Adobe is limited to system-level operations required to enable the feature and does not involve using your data for training AI models.
Data handling and retention are determined by:
  • Your ColdFusion server configuration
  • The AI provider you select
  • Your own application-level controls
If you use locally hosted models (for example, via Ollama), your data can remain entirely within your network.
Does ColdFusion use my prompts or documents to train the AI models?
No. ColdFusion does not train any AI models and has no mechanism to do so. Adobe does not have access your prompts or documents and plays no role in how they are processed.
What happens to your data after it reaches an AI provider depends on that provider's data policies and the terms of your agreement with them. If this is a concern, you may consider:
  • Using providers that offer zero-data-retention agreements (available from providers such as OpenAI and Anthropic for enterprise customers), which helps ensure your prompts are not retained or used for training.
  • Using Ollama to run models locally so your prompts never leave your network at all.
What privacy controls are in place for prompts and RAG content?
Prompt injection detection
When ColdFusion injects retrieved document content into a prompt during RAG, it automatically scans the combined prompt for suspicious patterns that could be used to hijack the AI's behavior. Detections are logged as warnings but do not block the request. This scan applies to RAG-augmented prompts only, not to direct prompts sent without retrieval.
Prompt size limits
Prompts are capped at 500,000 characters to prevent runaway costs or memory issues.
Input and output guardrails
You can write custom validation logic in ColdFusion (CFC methods) that inspects every prompt before it is sent and every response before it is returned. Guardrails can block, modify, or flag content.
Encrypted credentials
AI provider API keys and vector store passwords are encrypted before being saved in the server's configuration files.
Conversation isolation
Chat memory is scoped to the ColdFusion application. Conversations in one application cannot be accessed by another.
How is access to RAG content controlled?
ColdFusion provides the tools to enforce access control but does not enforce it automatically — that is your application's responsibility.
What ColdFusion provides:
Metadata filtering
When documents are ingested into a vector store, you can attach identifying metadata (such as a user ID, organization ID, or department). At retrieval time, you can apply filters so that each query only returns documents belonging to the appropriate user or group.
Separate vector store configurations
You can configure entirely separate vector stores, with different credentials and connection settings, for different users, applications, or tenants.
Encrypted credentials
Vector store connection details and API keys are encrypted on disk on your ColdFusion server.
If you are building an application where multiple users or organizations share the same ColdFusion instance, you must design and enforce the data isolation at the application level using these mechanisms.
Is my data sent to third parties when using MCP?
It depends entirely on the configuration you select.
Using ColdFusion as an MCP client
ColdFusion connects to MCP servers that you specify. Your data flows to those endpoints. If you point it at a third-party MCP server, your data goes there. If you point it at a local server you run, it stays local.
Using ColdFusion as an MCP server
ColdFusion exposes your application's functions as tools that MCP clients can call. Who can call those tools and what data they can access is controlled by your application. ColdFusion validates the tool calls but does not restrict which MCP clients can connect, that is your application's responsibility.
When AI uses MCP tools
Tool inputs and outputs are part of the AI conversation and are sent to your configured LLM provider.
Adobe does not operate any MCP endpoints. No data flows to Adobe infrastructure via MCP.
Which models are supported?
ColdFusion 2025.0.08 supports the following AI providers out of the box:
ProviderModels
OpenAIGPT-4o, GPT-4, and any OpenAI-compatible model
AnthropicClaude 3.x and newer
Azure OpenAIYour Azure-hosted OpenAI deployment
Google AIGemini 1.5, 2.0, and compatible models
Mistral AIMistral Large and other Mistral models
OllamaAny model in the Ollama library (Llama 3, Gemma, Phi, etc.); runs locally on your server
You specify the model name in your configuration and ColdFusion passes it to the provider, so any model that provider supports will work.
For embedding models (used in RAG and semantic search), ColdFusion supports OpenAI, Mistral, Gemini, Azure OpenAI, Ollama (any embedding model available in Ollama), and the built-in ALL-MiniLM model which runs locally with no external calls.
The listed models/services are offerings by Third-Party Providers that are supported for use with AI Services feature. Adobe does not own, control, or operate them. All names, trademarks, and associated branding are the property of their respective third-party owners and are used for identification purposes only. Their inclusion does not imply any partnership with, endorsement by, or sponsorship of Adobe.
Can I keep everything on-premises (no external AI calls)?
Yes, fully offline operation is possible.
  • Language models: Use Ollama, which runs open-weight models (Llama 3, Gemma, Mistral, Phi, and many others) directly on your server. No internet connection required.
  • Embedding models: Ollama also supports embedding models (such as nomic-embed-text or mxbai-embed-large). The built-in ALL-MiniLM model is another local option that requires no external calls.
Others, vector stores, conversation memory, monitoring, is infrastructure you control regardless of which AI provider you use. None of it involves an external AI service.
For connecting ColdFusion as an MCP client to local tools, you can use the stdio transport option which launches a local process with no network call.
How are models configured?
ColdFusion Administrator
The server admin UI includes an AI features section where you set up AI providers, enter API keys, and configure defaults such as temperature and maximum response length. Settings are saved to the server and API keys are encrypted before being stored.
In your ColdFusion application code
Models can also be configured programmatically by passing a configuration structure directly in your application. This lets you override server defaults or set up models inline without using the Administrator.
Available settings vary by provider but generally include: provider name, model name, API key, endpoint URL (required for Azure OpenAI and Ollama), maximum tokens, temperature, and other provider-specific parameters.
Are prompts and responses stored anywhere by default?
No. Prompts and responses are not stored by default.
  • Conversation history is stored only if you explicitly enable chat memory. When enabled:
    • It is stored in the ColdFusion server running in your environment (in-memory by default).
    • It expires after 24 hours unless you configure an external cache (such as Redis, Memcached, or EHCache).
    • If chat memory is not enabled, no conversation data is stored.
  • Monitoring (PMT) records only metadata by default (such as provider used, token usage, and request status).
    • It does not store prompt or response content unless you explicitly enable it.
    • If enabled, the data is stored in your ColdFusion Performance Monitoring Toolset (PMT) environment, which you deploy and manage.
All data processed by ColdFusion AI features remains within your infrastructure or flows only to the AI provider you configure. No prompts, responses, or related data are sent to Adobe servers.
When using RAG, what exactly is stored in the vector DB?
For each chunk of text ingested from your documents, three things are stored:
  1. The text itself — the actual content of that chunk, as it will appear when retrieved
  2. A vector embedding — a numerical representation of the text's meaning, used for similarity search
  3. Metadata — information about where the chunk came from (such as file name and chunk number) plus any custom metadata you add at ingestion time
ColdFusion stores document content in the vector store exactly as provided during ingestion. It does not automatically modify, filter, or anonymize the content. If your source documents contain sensitive or personal information, you should review and sanitize them before ingestion based on your organization's data handling policies.
How are RAG responses scoped across users, applications, or organizations?
Retrieval-Augmented Generation (RAG) responses are generated based on how your data is configured in the underlying vector store. By default, retrieval queries operate on the configured dataset, so it’s important to design appropriate data isolation strategies depending on your use case.
ColdFusion provides mechanisms such as metadata filtering, separate vector stores, and scoped service configurations to help you control how content is retrieved across users, applications, or tenants.
MechanismIsolation typeUse case
Separate vector store backends — give each tenant its own collection, namespace, index, or database (collectionName, namespace, tenantName, separate credentials)Hard isolation at the storage layer; no cross-tenant query is possibleStrict regulatory boundaries, separate organizations
Metadata + metadataFilter — tag every chunk at ingest time with metadata and pass a matching metadataFilter at retrievalSoft isolation; one shared store, retrieval scoped per queryMulti-user apps within one organization, departmental scoping
Separate Agent() / SimpleRAG() instances per tenant — each instance carries its own metadataFilter baked in at build timeUseful when filters cannot vary per requestPer-tenant pre-built services held in application scope
Can prompts or RAG content be shared across tenants?
Chat memory (conversation history)
ConfigurationBehavior
chatMemory not enabledNothing is stored. No sharing risk.
chatMemory enabled, perUser: false (default)All users sharing this Agent() / SimpleRAG instance share one conversation history. Internally a single global memory ID is used.
chatMemory enabled, perUser: trueEach userId gets its own memory. You must pass userId to agent.chat(message, userId).
Pitfalls when using perUser: true:
  • If perUser: true is set but no userId is provided, ColdFusion falls back to the HTTP session ID, and finally to the literal string "anonymous" if there is no session. Two unauthenticated users can collide on the "anonymous" bucket. Always pass an explicit, stable userId for authenticated users.
  • The userId is also used as the memory key for persistent stores (Redis, Memcached, EHCache). Choose a value that uniquely identifies the user for the entire memory lifetime.
Cross-application boundaries (same CF server, multiple applications)
  • Persistent chat memory caches are keyed by the CF application name. Two CF applications on the same server using the same Redis/Memcached/EHCache backend will not see each other's chat history because the cache entry includes the application name.
  • Vector stores are not bounded by CF application name. If two CF applications connect to the same external vector store with the same credentials, they share the data.
RAG-retrieved content (documents and chunks)
  • RAG content is shared by default for any caller that hits the same store with the same configuration. It is not scoped per user automatically.
  • Setting perUser: true on chat memory isolates conversation history only — it does not change vector retrieval. To prevent RAG content sharing across tenants, apply metadata filtering or use separate stores as described in the previous question.
Quick checklist for safe multi-tenant deployment
  • Set chatMemory.perUser = true whenever the same Agent() / SimpleRAG serves more than one user.
  • Always pass a stable, authenticated userId to chat().
  • Tag every ingested chunk with tenant/user metadata.
  • Apply a metadataFilter (or use separate stores) for every retrieval that should be scoped.
  • If two CF applications must remain isolated, give them separate vector store backends or non-overlapping metadata namespaces — sharing the same external index with the same credentials does not isolate them.
  • Treat the in-memory default vector store as appropriate only for development or single-tenant workloads.
What AI telemetry is available?
The Performance Monitoring Toolset (PMT) captures detailed metrics for every AI operation:
OperationMetrics captured
AI service callsOperation type, which template and line number triggered it, timing, status, errors
LLM callsProvider, model, token usage (input + output + total), response time, finish reason
RAG pipelineTiming for each phase — document loading, splitting, embedding, ingestion, retrieval, content injection
Document journeyHow each document moved through the RAG pipeline
Embedding callsTiming and status
MCP callsTiming and outcome for MCP client and server tool calls
Tool executionsEach function tool called during a chat turn
Guardrail evaluationsPass/fail and timing for each input and output guardrail
All records are linked by a shared request ID, so you can trace an entire AI interaction from start to finish.
How does monitoring help with compliance and audits?
PMT gives you a traceable record of every AI interaction:
  • End-to-end traceability — every LLM call, tool execution, and guardrail check is tied to the same request ID. You can reconstruct exactly what happened during any AI interaction.
  • Source attribution — each record includes which CFML template and line number triggered the AI call, so you know exactly which part of your application made the request.
  • Guardrail evidence — every guardrail evaluation is recorded with its result, letting you demonstrate that content validation was applied.
  • Document provenance — the RAG document journey tracks each document through every pipeline phase, giving you records of what source data was used to generate an answer.
  • Token-level accounting — input and output token counts are recorded per call, useful for cost allocation and usage audits.
  • Optional full content capture — enable "Save AI inputs and responses for tracking" to record actual prompts and responses in PMT. Only enable this if your audit requirements demand it, and ensure your PMT environment is appropriately secured.
Can I control how failures are exposed to end users via logs?
Partially.
What your users see
Full control. AI errors are thrown as standard ColdFusion exceptions, which you catch with try/catch and handle however your application requires. Nothing is shown to end users unless your code shows it.
What goes into ColdFusion server logs
Limited control. ColdFusion's AI components automatically write warnings, errors, and diagnostic information to the server log. You can adjust the log verbosity level (for example, to suppress debug-level messages) in the logging configuration, but you cannot selectively suppress individual AI log messages.
What goes into PMT
The "Save AI inputs and responses for tracking" setting controls whether prompt and response text is stored. Error metadata, type, message, and status, always recorded in PMT regardless of that setting.

Share this page

Was this page helpful?
We're glad. Tell us how this page helped.
We're sorry. Can you tell us what didn't work for you?
Thank you for your feedback. Your response will help improve this page.
Previous page Guardrails for AI ethics and safety

On this page