Cloudflare Blog

Why it matters: Cloudflare's approach shows how to solve data sprawl at scale by combining a unified lakehouse with AI. It enables secure, natural language access to massive, unsampled datasets, reducing the engineering burden of manual data discovery and complex SQL authoring.

Cloudflare built 'Town Lake,' a unified data lakehouse architecture using Apache Trino to query across Postgres, ClickHouse, and Kafka.
The platform leverages Apache Iceberg on Cloudflare R2 for cost-effective storage, schema evolution, and managing massive unsampled event streams.
A custom service called 'Skimmer' uses Workers AI to automatically detect and classify PII across all data tables for automated governance.
Built 'Skipper,' an AI agent using Llama 3 and Workers AI that translates natural language questions into executable SQL queries.
Skipper utilizes a multi-agent design (Planner, SQL Generator, Answerer) and integrates with DataHub metadata to ensure query accuracy.
The system moves away from 'tribal knowledge' by providing a single, auditable interface for both technical and non-technical internal users.

#data #mlp #security

Read original

Cloudflare BlogMay 27, 2026

Iran's Internet is partially restored, Cloudflare Radar data shows

Why it matters: This analysis demonstrates how network observability tools detect state-level internet disruptions and identify the technical mechanisms, such as application filtering versus BGP routing changes, used to implement large-scale connectivity restrictions.

Cloudflare Radar data shows a partial restoration of Iran's internet starting May 26, 2026, following a nearly three-month total shutdown.
Traffic volume surged 15x compared to the previous week, though it remains at only 40% of pre-disruption levels.
DNS query spikes to Cloudflare's 1.1.1.1 resolver confirm increased user-initiated requests for web services.
Regional data indicates the recovery is highly localized, with over 91% of HTTP requests originating from Tehran.
Analysis of IP address space shows IPv6 announcements remain at zero, while IPv4 stability suggests the shutdown relied on application filtering or whitelisting.

#data #security #sre

Read original

Cloudflare BlogMay 21, 2026

Announcing Claude Compliance API support with Cloudflare CASB

Why it matters: As AI adoption outpaces traditional governance, engineers need tools to monitor sensitive data in conversational workflows. This integration provides programmatic visibility into AI interactions, helping prevent data leaks and ensuring compliance without impacting user performance.

Cloudflare CASB now supports the Claude Compliance API, providing out-of-band visibility into AI usage without requiring endpoint agents.
The integration allows security teams to monitor Claude Enterprise and Platform activities, including projects, chat messages, and file attachments.
Automated scans detect Data Loss Prevention (DLP) violations in user prompts, uploaded files, and AI-generated artifacts.
Security findings are centralized in the Cloudflare dashboard, enabling unified triage alongside other SaaS applications like Microsoft 365 and Salesforce.
The service complements Cloudflare AI Gateway and Gateway DLP to provide a full-lifecycle security model for AI adoption.
Administrators can use CASB findings to quickly inform and update inline Gateway policies for granular access control.

#security #data

Read original

Cloudflare BlogMay 19, 2026

Announcing Claude Managed Agents on Cloudflare

Why it matters: This integration decouples AI logic from execution, allowing engineers to run Claude agents securely on Cloudflare's infrastructure. It provides granular control over sandboxes, enhanced observability, and the ability to scale via V8 isolates while maintaining private service connectivity.

Cloudflare and Anthropic have integrated Claude Managed Agents with Cloudflare Sandboxes to decouple agent logic from execution infrastructure.
Developers can run the agent loop on Anthropic's platform while using Cloudflare to execute code, secure connections, and manage tool calls.
The integration supports two execution environments: full Linux microVMs for complex tasks and lightweight V8 isolates for high-scale, low-latency execution.
Enhanced security features include customizable proxies for credential injection, data exfiltration prevention, and private service connectivity.
Built-in observability provides detailed sandbox metrics, logs, session recordings for browser-based agents, and interactive SSH access.
A Workers-based control plane manages agent sessions, automatically persisting state across session sleeps and providing a built-in management UI.

#mlp #security #sre

Read original

Cloudflare BlogMay 18, 2026

Project Glasswing: what Mythos showed us

Why it matters: This marks a shift from AI as a simple scanner to an autonomous security researcher capable of verifying exploits. It highlights the potential for automated defense and an evolving threat landscape where attackers can autonomously chain minor bugs into major system vulnerabilities.

Mythos Preview enables complex exploit chain construction, linking multiple minor vulnerabilities into severe, functional exploits.
The model automates proof generation by writing and executing code in scratch environments to verify exploitability.
Testing showed that memory-unsafe languages like C/C++ generate higher noise and false positives than memory-safe alternatives.
Model refusals are inconsistent; the same security task may be blocked or allowed based on framing or environment.
Effective AI security research requires specialized infrastructure and harnesses rather than generic coding agents.

#security #mlp

Read original

Cloudflare BlogMay 14, 2026

Our billing pipeline was suddenly slow. The culprit was a hidden bottleneck in ClickHouse

Why it matters: This case study demonstrates that even logically sound architectural changes can trigger hidden internal bottlenecks at scale. It highlights the importance of profiling query planning and shows how massive part counts in ClickHouse can lead to unexpected lock contention.

Cloudflare migrated a 2PiB+ ClickHouse table to a (namespace, day) partitioning scheme to enable granular per-tenant data retention.
Despite queries filtering by namespace, performance degraded linearly as the total number of data parts in the cluster increased.
Investigation using ClickHouse trace_log and flame graphs revealed that the bottleneck was in the query planning phase, not execution.
The root cause was identified as lock contention during partition pruning, where a global lock was held while iterating over all parts.
Cloudflare engineers developed and contributed patches to ClickHouse to optimize the planning phase and reduce lock duration.
The fix allowed the billing pipeline to meet its deadlines while supporting a new automated storage management system using max-min fairness.

#data #sre #dist

Read original

Cloudflare BlogMay 13, 2026

Browser Run: now running on Cloudflare Containers, it’s faster and more scalable

Why it matters: This migration demonstrates how moving from eventually consistent stores to transactional databases and specialized container infrastructure can drastically improve performance and scalability for high-concurrency workloads like headless browsers and AI agents.

Browser Run migrated from shared Browser Isolation infrastructure to Cloudflare Containers, increasing usage limits to 60 browsers per minute and 120 concurrent instances.
Quick Action response times improved by over 50% due to better global distribution and reduced container image sizes.
Implemented regional pre-warmed container pools to minimize latency between Durable Objects and browser instances across the global network.
Transitioned state management from Workers KV to D1 to utilize SQL transactions, eliminating race conditions caused by KV's eventual consistency.
Integrated Cloudflare Queues to batch high-frequency heartbeat updates, preventing D1 concurrency bottlenecks during peak demand from AI agents.

#dist #sre #data

Read original

Cloudflare BlogMay 12, 2026

When "idle" isn't idle: how a Linux kernel optimization became a QUIC bug

Why it matters: This bug highlights the risks of porting optimizations between protocols like TCP and QUIC. Understanding congestion control state machines is critical for maintaining high-performance networking and ensuring reliable recovery from congestion collapse in production environments.

Cloudflare engineers identified a bug in the quiche implementation of the CUBIC congestion control algorithm where the congestion window (cwnd) remained pinned at its minimum floor.
The issue originated from a Linux kernel optimization ported to QUIC that prevents cwnd growth during 'app-limited' or idle periods to avoid window inflation.
Under heavy initial packet loss, the cwnd dropped so low that the sender's activity was incorrectly flagged as idle, creating a feedback loop that suppressed recovery.
The bug manifested as rapid oscillations between recovery and congestion avoidance states, occurring in lockstep with the connection's round-trip time (RTT).
A near-one-line fix was implemented to ensure cwnd growth is not suppressed when the sender is actively transmitting data, even at the minimum window size.
The investigation utilized qlog visualizations to identify the 14ms oscillation pattern that matched the simulated network RTT.

#dist #sre

Read original

Cloudflare BlogMay 7, 2026

Building for the future

Why it matters: Cloudflare's massive restructuring signals a shift in how tech giants view workforce composition in the age of AI agents. It highlights the transition from traditional engineering roles to AI-augmented workflows, setting a precedent for industry-wide organizational changes.

Cloudflare is reducing its global workforce by over 1,100 employees to restructure for the agentic AI era.
The company reports a 600% increase in internal AI usage over the last three months, with employees running thousands of AI agent sessions daily.
This shift involves reimagining all internal processes, roles, and organizational structures to prioritize AI-driven workflows.
Departing employees receive significant severance, including base pay through 2026 and accelerated equity vesting.
The move aims to maintain high growth and innovation by moving away from legacy organizational structures that no longer suit an AI-native company.

#culture #mlp

Read original

Cloudflare BlogMay 7, 2026

How Cloudflare responded to the “Copy Fail” Linux vulnerability

Why it matters: This vulnerability highlights how performance optimizations in kernel memory management can introduce critical security flaws. It demonstrates the importance of automated patching pipelines and LTS kernel maintenance in protecting large-scale infrastructure from local privilege escalation.

CVE-2026-31431 ('Copy Fail') is a Linux kernel local privilege escalation vulnerability targeting the AF_ALG socket family and AEAD crypto modules.
The exploit leverages the splice() system call to pass page cache references into kernel scatterlists, enabling out-of-bounds writes to shared memory.
Attackers can overwrite the page cache of setuid-root binaries like /usr/bin/su with arbitrary shellcode to gain root access.
Cloudflare avoided impact due to its automated kernel release pipeline, which integrates upstream LTS security patches weeks before public disclosure.
The vulnerability was fixed by reverting a 2017 performance optimization that allowed unsafe in-place memory operations in the algif_aead module.

#security #sre

Read original

Page 2 of 18

Prev 1 2 3 4...18 Next