Cloudflare Blog

Why it matters: It allows engineers to secure WAN traffic against future quantum threats using existing Cisco and Fortinet hardware. By standardizing on hybrid ML-KEM, it provides a scalable, interoperable path to post-quantum security without requiring specialized, non-scalable QKD hardware.

Cloudflare has announced the general availability of post-quantum encryption for its IPsec WAN Network-as-a-Service.
The implementation utilizes a hybrid ML-KEM (FIPS 203) approach, combining classical Diffie-Hellman with post-quantum algorithms for the IKEv2 handshake.
Interoperability is confirmed with major hardware vendors, including Cisco 8000 Series routers and Fortinet FortiOS 7.6.6+.
This update protects against 'harvest-now-decrypt-later' attacks by securing data plane traffic with quantum-resistant session keys.
The software-based approach avoids the scalability and hardware limitations of Quantum Key Distribution (QKD) by running on standard processors.

#security #dist

Read original

Cloudflare BlogApr 30, 2026

Agents can now create Cloudflare accounts, buy domains, and deploy

Why it matters: This integration removes manual friction from infrastructure setup, allowing AI agents to handle end-to-end deployment. By standardizing service discovery, identity, and payments, it enables fully autonomous DevOps workflows while maintaining human-in-the-loop oversight.

Cloudflare and Stripe have co-designed a new protocol allowing AI agents to autonomously provision accounts, register domains, and deploy software.
The system utilizes Stripe as an identity provider to automatically create or link Cloudflare accounts without manual dashboard intervention.
Agents can discover infrastructure services via a REST API catalog, enabling them to select and configure necessary resources for a project.
Integrated payment tokenization allows agents to handle paid subscriptions and domain purchases on behalf of the user.
The workflow supports Cloudflare’s Code Mode MCP server and Agent Skills to enhance the agent's ability to interact with Cloudflare APIs.
Human-in-the-loop oversight is maintained for granting permissions and accepting terms of service, while eliminating manual API token management.

#sre #finops #mlp

Read original

Cloudflare BlogApr 28, 2026

Shutdowns, power outages, and conflict: a review of Q1 2026 Internet disruptions

Why it matters: Monitoring global disruptions helps engineers distinguish between application bugs and systemic infrastructure failures. These events underscore the importance of multi-region redundancy and the technical mechanisms, like BGP and filtering, that govern global internet reachability.

Uganda's election-related shutdown reduced domestic traffic from 72 Gbps to 1 Gbps, demonstrating the impact of state-mandated mobile network suspensions.
Iran's first Q1 shutdown involved a massive loss of announced IPv6 address space, specifically impacting ISPs like Asiatech and RASANA.
Technical analysis suggests Iran's second shutdown utilized filtering rather than BGP route withdrawals, as IP space remained announced despite traffic drops.
Physical infrastructure failures, including three grid collapses in Cuba and cable damage in Congo, caused significant regional connectivity gaps.
Military actions in Ukraine and the Middle East directly impacted hyperscaler cloud infrastructure and regional network stability.

#dist #security #data

Read original

Cloudflare BlogApr 22, 2026

Making Rust Workers reliable: panic and abort recovery in wasm‑bindgen

Why it matters: This update solves sandbox poisoning where a single Rust panic could crash an entire Wasm instance. By upstreaming recovery to wasm-bindgen, engineers get better reliability for stateful workloads like Durable Objects and improved error handling across the Rust-JS boundary.

Cloudflare improved Rust Worker reliability by contributing panic and abort recovery mechanisms to the upstream wasm-bindgen toolchain.
Implemented panic=unwind support using the WebAssembly Exception Handling proposal, allowing Rust destructors to run and preserving instance state for stateful workloads.
Updated the walrus parser and wasm-bindgen descriptor interpreter to support Wasm try/catch instructions and proper stack unwinding.
Introduced extern C-unwind for exports and the MaybeUnwindSafe trait for closures to ensure safe error propagation across the Rust-JavaScript boundary.
Developed abort recovery to detect fatal traps like OOM, preventing the re-execution of poisoned Wasm modules and ensuring clean reinitialization for subsequent requests.

#sre #dist

Read original

Cloudflare BlogApr 21, 2026

Moving past bots vs. humans

Why it matters: As AI agents blur the lines between human and bot traffic, engineers must pivot from binary detection to behavioral security. This shift is crucial for protecting resources, ensuring fair data usage, and maintaining the economic viability of the open web.

Traditional bot detection based on human interaction patterns is becoming obsolete as AI agents and automation tools mimic or bypass standard browser behaviors.
The shift from binary human vs. bot classification to intent-based analysis is necessary to manage resource allocation and content distribution effectively.
AI agents disrupt the historical balance between publishers and users by fetching raw data without rendering pages, bypassing ad monetization and attribution.
Modern web protection must focus on specific outcomes like attack mitigation and crawler load proportionality rather than abstract humanity.
Emerging standards like HTTP message signatures for bot authentication and private rate limiting help identify legitimate automated traffic.

#security #dist #mlp

Read original

Cloudflare BlogApr 20, 2026

Building the agentic cloud: everything we launched during Agents Week 2026

Why it matters: Cloudflare is building 'Cloud 2.0' to support millions of autonomous agents. By providing persistent compute, Git-compatible storage, and zero-trust security for non-human identities, they enable developers to move agentic prototypes into production at global scale.

Cloudflare introduced 'Artifacts,' a Git-compatible versioned storage system designed for agents to manage code and data at scale.
Cloudflare Sandboxes reached GA, providing persistent, isolated environments with full shell and filesystem access for autonomous agents.
New 'Durable Object Facets' enable dynamic instantiation of isolated SQLite databases for AI-generated applications.
Cloudflare Mesh and Managed OAuth for Access provide secure, private networking and identity-aware authentication for non-human agent identities.
The Workflows control plane was rearchitected to support 50,000 concurrency, facilitating high-scale durable execution for background agents.

#mlp #security #dist

Read original

Cloudflare BlogApr 20, 2026

Orchestrating AI Code Review at scale

Why it matters: Scaling AI code reviews requires moving beyond simple prompts to multi-agent orchestration. This architecture demonstrates how to integrate LLMs into CI/CD pipelines reliably, handling large-scale diffs and specialized domain knowledge while maintaining high signal-to-noise ratios.

Cloudflare replaced naive AI summarization with a multi-agent orchestration system built on OpenCode to reduce code review bottlenecks.
The architecture uses a composable plugin system with distinct lifecycle phases to isolate VCS logic from AI provider configurations.
Seven specialized agents cover domains like security and performance, managed by a coordinator that deduplicates findings and judges severity.
To handle massive merge requests, the system passes prompts via stdin to avoid Linux kernel ARG_MAX limits and E2BIG errors.
The implementation leverages the Model Context Protocol (MCP) to allow agents to interact with GitLab APIs for context and commenting.
The system is CI-native and has been deployed across tens of thousands of internal merge requests to improve engineering resiliency.

#mlp #sre #security

Read original

Cloudflare BlogApr 20, 2026

The AI engineering stack we built internally — on the platform we ship

Why it matters: Cloudflare demonstrates how to build a production-grade AI engineering stack using its own infrastructure. It provides a blueprint for using MCP, AI Gateway, and sandboxed execution to boost developer velocity while maintaining security and cost control at scale.

Cloudflare integrated AI into its engineering stack using its own platform, resulting in 93% adoption across R&D and a near doubling of weekly merge requests.
The architecture leverages AI Gateway for centralized LLM routing, cost tracking, and zero-trust security across multiple model providers.
Internal developers use MCP (Model Context Protocol) servers to give AI agents access to internal tools, documentation, and infrastructure.
The stack utilizes Workers AI for low-latency inference on open-weight models, reducing reliance on external frontier model providers.
New tools like the Sandbox SDK and Agents SDK provide isolated environments and stateful sessions for agent-generated code execution.
A Knowledge Layer using Backstage and AGENTS.md files helps agents understand complex internal systems and service dependencies.

#mlp #culture #security

Read original

Cloudflare BlogApr 17, 2026

Introducing the Agent Readiness score. Is your site agent-ready?

Why it matters: As AI agents become primary web consumers, sites must transition from human-centric to machine-readable formats. Adopting these standards ensures content is accurately indexed by LLMs, reduces scraping overhead, and enables automated agentic workflows and commerce.

Cloudflare launched isitagentready.com, a tool that audits websites for AI agent compatibility across discoverability, content, access control, and capabilities.
A new Cloudflare Radar dataset tracks global adoption of AI standards, revealing that while 78% of sites use robots.txt, fewer than 4% support Markdown content negotiation.
The readiness score evaluates support for emerging standards like the Model Context Protocol (MCP), API Catalogs (RFC 9727), and Web Bot Auth.
Cloudflare overhauled its own developer documentation to serve as a model for agent-friendly design, utilizing Markdown and structured metadata to lower LLM processing costs.
The audit tool provides specific prompts that developers can give to coding agents to automatically implement missing standards and improve site scores.
The initiative introduces support for agentic commerce protocols, including x402 and the Universal Commerce Protocol (UCP), to facilitate automated transactions.

#mlp #data #dist

Read original

Cloudflare BlogApr 17, 2026

Shared Dictionaries: compression that keeps up with the agentic web

Why it matters: As web pages grow heavier and deployment cycles shorten, traditional caching fails. Shared dictionaries enable delta compression, sending only file diffs to clients. This drastically reduces bandwidth and improves load times for returning users and bots in an increasingly automated web.

Web page weight is increasing 6-9% annually, while frequent AI-assisted deployments are making traditional caching less effective.
Shared dictionaries allow servers to use previously cached resources as a reference, sending only the differences (delta compression) to the client.
The mechanism utilizes new HTTP headers like Use-As-Dictionary and Available-Dictionary to coordinate diff-based transfers.
This approach can reduce large JavaScript bundle transfers to just a few kilobytes, significantly saving bandwidth and CPU.
Modern implementations aim to solve historical security issues like CRIME and BREACH side-channel attacks that hindered earlier versions.
Cloudflare is introducing support for these dictionaries to handle the rise of agentic web traffic and high-frequency deployment cycles.

#dist #frontend #security

Read original

Page 1 of 15

Prev1 2 3...15 Next