Curated topic

security

Posts tagged with security

Cloudflare BlogJun 3, 2026

Why it matters: BGP hijacks using forged paths threaten global internet stability. Enforcing First AS checks prevents peers from advertising routes they do not actually transit, closing a security gap that RPKI and ASPA alone may miss. This is vital for maintaining routing integrity and trust.

Recent BGP hijacks involve attackers forging AS_PATHs with unused ASNs to misdirect traffic and conceal their identity.
Analysis of these hijacks reveals implausible routing relationships, such as unused regional ASNs appearing behind global transit providers.
First AS enforcement is a critical BGP security mechanism that verifies a peer's ASN is the first entry in an advertised route.
While RPKI-ROV and ASPA improve security, they can be bypassed if attackers use valid origin ASNs, making First AS checking a necessary defense.
Cloudflare's research indicates that some major networks fail to enforce First AS checks, allowing forged paths to propagate globally.

#security #dist

Read original

Slack EngineeringMay 28, 2026

Slack AI: The Path to Multi-Cloud

Why it matters: This article provides a blueprint for scaling enterprise LLM infrastructure. It details the transition from manual GPU management to managed services, highlighting how to balance security, cost-efficiency, and reliability through strategic multi-cloud orchestration and capacity forecasting.

Slack transitioned from AWS SageMaker to Amazon Bedrock to reduce operational overhead and address GPU scarcity.
The architecture uses an escrow VPC strategy to maintain a zero-knowledge environment, ensuring data privacy and model security.
Infrastructure evolved from managing raw GPU instances to utilizing Model Units for deterministic throughput and easier scaling.
Slack optimized costs by using Provisioned Throughput for interactive features and On Demand capacity for bursty, scheduled tasks.
A zero-incident migration was achieved through extensive load testing, shadow requests, and gradual feature flag rollouts.
The shift enabled faster adoption of new LLM models, reducing the feature lag previously experienced with custom serving solutions.

#mlp #sre #security

Read original

Cloudflare BlogMay 28, 2026

How we built Cloudflare's data platform and an AI agent on top of it

Why it matters: Cloudflare's approach shows how to solve data sprawl at scale by combining a unified lakehouse with AI. It enables secure, natural language access to massive, unsampled datasets, reducing the engineering burden of manual data discovery and complex SQL authoring.

Cloudflare built 'Town Lake,' a unified data lakehouse architecture using Apache Trino to query across Postgres, ClickHouse, and Kafka.
The platform leverages Apache Iceberg on Cloudflare R2 for cost-effective storage, schema evolution, and managing massive unsampled event streams.
A custom service called 'Skimmer' uses Workers AI to automatically detect and classify PII across all data tables for automated governance.
Built 'Skipper,' an AI agent using Llama 3 and Workers AI that translates natural language questions into executable SQL queries.
Skipper utilizes a multi-agent design (Planner, SQL Generator, Answerer) and integrates with DataHub metadata to ensure query accuracy.
The system moves away from 'tribal knowledge' by providing a single, auditable interface for both technical and non-technical internal users.

#data #mlp #security

Read original

Salesforce EngineeringMay 27, 2026

Agentforce’s Agent Script: Building Deterministic Control for Enterprise AI Workflows

Why it matters: Engineers need ways to bridge the gap between unpredictable LLM reasoning and the deterministic requirements of enterprise systems. Agent Script provides a structured control plane that ensures security and consistency while allowing agents to remain flexible and easy to develop.

Agent Script is an open-source programming language and control plane designed to provide deterministic control over AI agent workflows.
The platform addresses the limitations of probabilistic LLM reasoning in security-sensitive areas like authentication and permissions.
A single executable script file replaces fragmented metadata, simplifying the developer experience and agent orchestration.
The team solved a dual source-of-truth problem by implementing robust roundtripping between visual UI and code-based representations.
The architecture evolved from a rigid parser to a schema-driven system to improve extensibility and maintainability.
Engineers utilized AI-assisted workflows and explored CRDT-inspired models to ensure state synchronization across distributed interfaces.

#mlp #security #dist

Read original

Salesforce EngineeringMay 27, 2026

Agentforce’s AgentScript: Building Deterministic Control for Enterprise AI Workflows

Why it matters: Engineers must balance LLM flexibility with enterprise reliability. AgentScript provides a deterministic control plane for AI agents, ensuring security-sensitive workflows like authentication remain predictable while maintaining the reasoning power of modern large language models.

AgentScript is an open-source programming language and control plane designed to provide deterministic control over Agentforce AI agents.
The platform addresses the limitations of probabilistic LLM reasoning by allowing developers to define structured execution paths for security-sensitive tasks.
A major technical challenge involved synchronizing CodeView and UIView representations to prevent state corruption and data loss during edits.
The architecture evolved into a schema-driven system to improve extensibility and maintainability across the parser and execution layers.
The team utilized AI-assisted engineering workflows to prototype and refine the parser's roundtripping behavior and error robustness.

#mlp #dist #security

Read original

Cloudflare BlogMay 27, 2026

Iran's Internet is partially restored, Cloudflare Radar data shows

Why it matters: This analysis demonstrates how network observability tools detect state-level internet disruptions and identify the technical mechanisms, such as application filtering versus BGP routing changes, used to implement large-scale connectivity restrictions.

Cloudflare Radar data shows a partial restoration of Iran's internet starting May 26, 2026, following a nearly three-month total shutdown.
Traffic volume surged 15x compared to the previous week, though it remains at only 40% of pre-disruption levels.
DNS query spikes to Cloudflare's 1.1.1.1 resolver confirm increased user-initiated requests for web services.
Regional data indicates the recovery is highly localized, with over 91% of HTTP requests originating from Tehran.
Analysis of IP address space shows IPv6 announcements remain at zero, while IPv4 stability suggests the shutdown relied on application filtering or whitelisting.

#data #security #sre

Read original

Salesforce EngineeringMay 26, 2026

Building an Enterprise Agent Platform: Enforcing Identity, Data, and API Governance

Why it matters: As AI agents move to complex multi-system workflows, siloed security fails. This platform-centric approach ensures consistent identity, data, and API governance, preventing unauthorized access and ensuring auditability across distributed enterprise environments.

Salesforce implements a unified governance system to secure AI agent interactions at the platform level rather than the individual agent level.
Identity propagation ensures that user and system identities flow through multi-system workflows, maintaining consistent authorization and auditability.
A centralized enforcement layer applies RBAC, ABAC, and field-level security to all data requests, preventing agents from bypassing governance.
Data 360 enables agents to access structured and unstructured data, including zero-copy sources, while enforcing PII detection and masking.
The architecture decouples security from agent behavior, ensuring agents only retrieve data permitted by the underlying access model.

#security #data #mlp

Read original

Salesforce EngineeringMay 22, 2026

Agent Fabric Context Catalog and the Future of AI Governance

Why it matters: As AI agents become more autonomous, traditional governance fails. This integration provides engineers with deterministic lineage and tracing, allowing them to audit AI decisions, ensure data quality, and mitigate risks like hallucinations in complex, dynamic execution environments.

Salesforce and Informatica have integrated Agent Fabric with Cloud Data Governance & Catalog to create a unified governance control plane for AI agents.
The system addresses the governance gap in agentic workflows where execution paths change dynamically based on prompts and retrieved context.
MuleSoft provides deterministic lineage by observing runtime bindings between APIs and datasets, rather than relying solely on fuzzy semantic inference.
MuleSoft Omni Gateway injects trace identifiers to reconstruct execution paths across agents, MCP servers, APIs, and Snowflake or other data sources.
A confidence-based lineage model explicitly labels relationships as either observed metadata or inferred mappings with associated confidence scores.
The catalog enables engineers to identify which datasets influenced specific agent responses and apply runtime policies to contain hallucinations.

#data #mlp #security

Read original

GitHub EngineeringMay 22, 2026

GitHub recognized as a Leader in the Gartner® Magic Quadrant™ for Enterprise AI Coding Agents for the third year in a row

Why it matters: AI is evolving from simple autocomplete to autonomous agents that handle complex SDLC tasks. GitHub's leadership highlights the shift toward orchestrating outcomes rather than just writing code, promising significant productivity gains and better governance for enterprise engineering teams.

GitHub has been recognized as a Leader in the 2026 Gartner Magic Quadrant for Enterprise AI Coding Agents for the third consecutive year.
The platform achieved the highest position for 'Ability to Execute,' reflecting its deep integration across the software development lifecycle (SDLC).
Gartner predicts that asynchronous AI coding agents will improve engineering productivity by 30% to 50% by 2028.
GitHub Copilot now serves 140,000 organizations, emphasizing a shift from simple code generation to autonomous agentic workflows like code review and security auditing.
Future investments focus on multi-model flexibility, intelligent routing, and expanding agentic capabilities across CLI, IDE, and mobile surfaces.

#mlp #security #culture

Read original

Cloudflare BlogMay 21, 2026

Announcing Claude Compliance API support with Cloudflare CASB

Why it matters: As AI adoption outpaces traditional governance, engineers need tools to monitor sensitive data in conversational workflows. This integration provides programmatic visibility into AI interactions, helping prevent data leaks and ensuring compliance without impacting user performance.

Cloudflare CASB now supports the Claude Compliance API, providing out-of-band visibility into AI usage without requiring endpoint agents.
The integration allows security teams to monitor Claude Enterprise and Platform activities, including projects, chat messages, and file attachments.
Automated scans detect Data Loss Prevention (DLP) violations in user prompts, uploaded files, and AI-generated artifacts.
Security findings are centralized in the Cloudflare dashboard, enabling unified triage alongside other SaaS applications like Microsoft 365 and Salesforce.
The service complements Cloudflare AI Gateway and Gateway DLP to provide a full-lifecycle security model for AI adoption.
Administrators can use CASB findings to quickly inform and update inline Gateway policies for granular access control.

#security #data

Read original

Page 2 of 22

Prev 1 2 3 4...22 Next