Cloudflare Blog

https://blog.cloudflare.com/

Cloudflare BlogApr 15, 2026

Introducing Agent Lee - a new interface to the Cloudflare stack

Why it matters: Agent Lee shifts cloud management from manual navigation to natural language intent. By using TypeScript code generation and secure proxying, it provides a blueprint for building autonomous agents that safely perform complex multi-step infrastructure tasks in production environments.

Agent Lee is an in-dashboard AI assistant that allows users to manage, troubleshoot, and configure Cloudflare resources using natural language.
The system uses 'Codemode' to convert Model Context Protocol (MCP) tools into TypeScript APIs, enabling LLMs to write and chain code for improved accuracy over standard tool calling.
Security is enforced through Durable Objects acting as credentialed proxies, classifying operations as read or write and requiring explicit user approval for any state changes.
The interface features generative UI, dynamically rendering interactive charts and visualizations based on real-time account data and traffic logs.
Built entirely on Cloudflare's public primitives like the Agents SDK and Workers AI, the tool serves 18,000 daily users and executes 250,000 tool calls per day.

#mlp #sre #security

Read original

Cloudflare BlogApr 15, 2026

Project Think: building the next generation of AI agents on Cloudflare

Why it matters: Project Think shifts AI agents from ephemeral tools to durable infrastructure. By combining the actor model with sandboxed execution, it enables cost-effective, persistent, and self-evolving agents that scale per-user or per-task without the overhead of traditional VMs.

Introduces Project Think, a set of primitives for building long-running, durable AI agents on Cloudflare's Agents SDK.
Utilizes the Actor model and Durable Objects to give every agent persistent state, identity, and a dedicated SQLite database.
Implements durable execution via fibers, allowing agents to checkpoint state and recover automatically from platform restarts or crashes.
Enables secure, sandboxed code execution using Dynamic Workers, allowing agents to author and run their own tools at runtime.
Reduces operational costs by hibernating idle agents, making it economically viable to deploy unique agent instances per user or task.
Supports hierarchical workflows through sub-agents with isolated storage and typed RPC for complex task orchestration.

#mlp #dist #finops

Read original

Cloudflare BlogApr 15, 2026

Why it matters: This API enables seamless domain registration within automated pipelines and AI-driven development environments. By removing manual UI steps, engineers can programmatically provision infrastructure and identity directly from their code editors or CI/CD workflows.

Cloudflare launched the Registrar API in beta, enabling programmatic domain search, availability checking, and registration.
The API is optimized for agentic workflows, allowing AI agents in tools like Cursor or Claude Code to handle domain purchases via Cloudflare MCP.
A three-step machine-friendly process includes Search (cached results), Check (authoritative registry query), and Register (execution).
Registration defaults to account-level contact and payment info with WHOIS privacy protection enabled automatically at no extra cost.
The service maintains Cloudflare's at-cost pricing model with no markups, supporting both standard and premium TLDs.

#sre #mlp

Read original

Cloudflare BlogApr 14, 2026

Managed OAuth for Access: make internal apps agent-ready in one click

Why it matters: AI agents often fail at human-centric login redirects. Managed OAuth provides a standardized, secure way for agents to access protected internal data using user-scoped tokens rather than risky static credentials, ensuring auditability and fine-grained access control without refactoring code.

Cloudflare Access now supports managed OAuth to enable AI agents to authenticate with internal applications without manual intervention.
The system implements RFC 9728 for discovery and RFC 7591 for Dynamic Client Registration, allowing agents to identify authentication requirements automatically.
Agents use the PKCE (Proof Key for Code Exchange) flow to obtain a JWT, ensuring secure delegation of user permissions.
This approach replaces the need for static service tokens or service accounts, which often lead to 'confused deputy' security risks.
Managed OAuth maintains full auditability by attributing all agent actions to the specific human user who authorized the session.
The feature is designed to work with the Model Context Protocol (MCP) and requires no code changes to legacy internal applications.

#security #sre #mlp

Read original

Cloudflare BlogApr 14, 2026

Scaling MCP adoption: Our reference architecture for simpler, safer and cheaper enterprise deployments of MCP

Why it matters: As AI agents become ubiquitous, securing the connection between LLMs and sensitive data is critical. This architecture provides a blueprint for enterprise-grade MCP deployments that balance developer productivity with robust security, observability, and cost control.

Cloudflare advocates for remote MCP servers over local ones to mitigate supply chain risks and enable centralized governance.
Integrated Cloudflare Access provides SSO and MFA for MCP servers, ensuring only authorized users can access sensitive internal data.
MCP Server Portals centralize discovery and governance, allowing administrators to manage tool access across the organization.
The new Code Mode feature reduces LLM token costs by transmitting tool definitions as code instead of verbose natural language descriptions.
Cloudflare Gateway enables Shadow MCP detection to identify and block unauthorized remote MCP server usage across the network.
AI Gateway provides observability, caching, and rate limiting for all MCP-driven LLM interactions to manage costs and performance.

#security #mlp #dist

Read original

Cloudflare BlogApr 14, 2026

Securing non-human identities: automated revocation, OAuth, and scoped permissions

Why it matters: As AI agents and automation scale, the risk of credential leaks grows. Automated token revocation and granular RBAC ensure non-human identities are secured throughout their lifecycle, preventing unauthorized access and reducing the blast radius of accidental exposures.

Cloudflare is introducing automated revocation for leaked API tokens through a partnership with GitHub's Secret Scanning program.
New API tokens now feature a distinct 'cf' prefix and a checksum to improve detection accuracy and reduce false positives for security scanners.
Cloudflare One customers can use DLP profiles to detect and block tokens across network traffic, email, and SaaS applications.
The platform is enhancing identity management by providing better visibility into OAuth principals and granular, resource-scoped RBAC policies.
These updates specifically target the risks associated with non-human identities, such as AI agents and automated scripts, in modern development workflows.

#security #sre

Read original

Cloudflare BlogApr 14, 2026

Secure private networking for everyone: users, nodes, agents, Workers — introducing Cloudflare Mesh

Why it matters: AI agents require secure, non-interactive access to private resources. Cloudflare Mesh bridges the gap between autonomous software and legacy networking, enabling secure, auditable, and low-latency connections for developers building agentic workflows.

Cloudflare Mesh provides a unified private network for humans, servers, and autonomous AI agents.
The platform integrates with Cloudflare Workers and the Agents SDK, allowing serverless functions to reach private infrastructure securely.
It leverages existing Cloudflare One Zero Trust features, including Gateway policies, device posture checks, and DNS filtering.
Mesh simplifies connectivity using Mesh nodes (formerly WARP Connector) and the Cloudflare One Client for cross-environment routing.
The solution addresses the unique needs of AI agents, such as non-interactive login and visibility into autonomous network requests.
Traffic is routed through Cloudflare’s global network across 330+ cities for improved reliability and lower latency.

#security #dist #mlp

Read original

Cloudflare BlogApr 13, 2026

Building a CLI for all of Cloudflare

Why it matters: Managing thousands of API endpoints manually is error-prone. Cloudflare's new schema-driven CLI ensures consistency across all products, providing a reliable interface for both humans and AI agents to automate infrastructure-as-code and local development workflows.

Cloudflare is rebuilding the Wrangler CLI to cover its entire API surface of over 3,000 operations across 100+ products.
A new TypeScript-based schema replaces manual updates, serving as a single source of truth for SDKs, CLI commands, and documentation.
The system standardizes command syntax and flags to improve ergonomics for both human developers and AI agents.
A technical preview is now available via the npx cf command, allowing early testing of the unified interface.
The architecture supports complex interactions, including local resource simulation and RPC-based Workers bindings.

#sre #dist

Read original

Cloudflare BlogApr 13, 2026

Agents have their own computers with Sandboxes GA

Why it matters: Engineers building AI agents need secure, scalable environments to run untrusted code. Cloudflare Sandboxes solve the 'burstiness' and security risks of agentic workloads with a serverless-like pricing model and deep integration into the Workers ecosystem.

Cloudflare Sandboxes and Containers are now Generally Available, providing isolated environments for AI agents to execute untrusted code.
Secure credential injection uses a programmable egress proxy to allow agents to authenticate with services without accessing raw secrets.
Full PTY support enables real-time terminal sessions over WebSockets, allowing both agents and humans to interact with a real shell.
Active CPU Pricing ensures cost-efficiency by charging only for active compute cycles rather than idle standby time.
The platform supports persistent code interpreters for Python, JavaScript, and TypeScript, maintaining state across sessions.
Snapshots and filesystem watching allow for quick state restoration and faster iteration during agentic development tasks.

#mlp #security #dist

Read original

Cloudflare BlogApr 13, 2026

Durable Objects in Dynamic Workers: Give each AI-generated app its own database

Why it matters: This feature allows AI-generated or user-provided code to have its own persistent, low-latency database without manual provisioning. It bridges the gap between ephemeral serverless execution and stateful application needs in a secure, sandboxed environment.

Cloudflare introduced Durable Object Facets to provide persistent storage for code loaded via Dynamic Workers.
Dynamic Workers use isolates instead of containers, offering 100x faster load times and 1/10 the memory usage.
Durable Object Facets allow dynamic code to extend the DurableObject class and access a dedicated SQLite database.
A supervisor Durable Object acts as a controller, managing the lifecycle and requests for dynamic facets.
This architecture enables AI-generated applications to maintain long-lived state with zero-latency local disk access.

#dist #data #security

Read original

Page 6 of 18

Prev 1...4 5 6 7 8...18 Next