Curated topic

security

Posts tagged with security

Cloudflare BlogApr 14, 2026

Secure private networking for everyone: users, nodes, agents, Workers — introducing Cloudflare Mesh

Why it matters: AI agents require secure, non-interactive access to private resources. Cloudflare Mesh bridges the gap between autonomous software and legacy networking, enabling secure, auditable, and low-latency connections for developers building agentic workflows.

Cloudflare Mesh provides a unified private network for humans, servers, and autonomous AI agents.
The platform integrates with Cloudflare Workers and the Agents SDK, allowing serverless functions to reach private infrastructure securely.
It leverages existing Cloudflare One Zero Trust features, including Gateway policies, device posture checks, and DNS filtering.
Mesh simplifies connectivity using Mesh nodes (formerly WARP Connector) and the Cloudflare One Client for cross-environment routing.
The solution addresses the unique needs of AI agents, such as non-interactive login and visibility into autonomous network requests.
Traffic is routed through Cloudflare’s global network across 330+ cities for improved reliability and lower latency.

#security #dist #mlp

Read original

Slack EngineeringApr 13, 2026

Managing context in long-run agentic applications

Why it matters: Managing context in long-run agentic systems is critical as context windows fill and performance degrades. This architecture shows how to use structured memory and specialized agent roles to maintain coherence and accuracy across complex, multi-step workflows.

LLMs are stateless, requiring the full message history to be sent with each request, which can quickly exhaust context windows in long-running tasks.
Slack uses a multi-agent architecture consisting of a Director, Experts, and a Critic to manage security investigations spanning hundreds of inference requests.
The Director's Journal provides structured working memory, using specific entry types like 'hypothesis' and 'decision' to maintain strategic alignment.
The Critic agent generates a Review and Timeline with credibility scores to consolidate findings and prevent information overload for other agents.
Effective context management balances the need for team-wide coherence with the need to limit information sharing to prevent confirmation bias.

#security #mlp #dist

Read original

GitHub EngineeringApr 13, 2026

GitHub for Beginners: Getting started with GitHub Pages

Why it matters: GitHub Pages offers engineers a zero-cost, integrated solution for hosting documentation, portfolios, and static web apps. It simplifies the deployment pipeline by leveraging existing Git workflows and GitHub Actions, removing the overhead of managing external hosting infrastructure.

GitHub Pages provides free, secure hosting for static websites directly from any GitHub repository.
Users can deploy sites using two primary methods: the simple 'Deploy from a branch' option or automated GitHub Actions workflows.
The platform supports modern frameworks like Next.js through pre-configured GitHub Actions templates.
Custom domains can be integrated by configuring DNS records and verifying domain ownership at the profile or organization level.
Security is managed through an 'Enforce HTTPS' setting that provides free SSL certificates for all hosted sites.
Even if a repository is private, the published GitHub Pages site remains public, allowing for easy project sharing.

#frontend #security

Read original

Cloudflare BlogApr 13, 2026

Agents have their own computers with Sandboxes GA

Why it matters: Engineers building AI agents need secure, scalable environments to run untrusted code. Cloudflare Sandboxes solve the 'burstiness' and security risks of agentic workloads with a serverless-like pricing model and deep integration into the Workers ecosystem.

Cloudflare Sandboxes and Containers are now Generally Available, providing isolated environments for AI agents to execute untrusted code.
Secure credential injection uses a programmable egress proxy to allow agents to authenticate with services without accessing raw secrets.
Full PTY support enables real-time terminal sessions over WebSockets, allowing both agents and humans to interact with a real shell.
Active CPU Pricing ensures cost-efficiency by charging only for active compute cycles rather than idle standby time.
The platform supports persistent code interpreters for Python, JavaScript, and TypeScript, maintaining state across sessions.
Snapshots and filesystem watching allow for quick state restoration and faster iteration during agentic development tasks.

#mlp #security #dist

Read original

Cloudflare BlogApr 13, 2026

Durable Objects in Dynamic Workers: Give each AI-generated app its own database

Why it matters: This feature allows AI-generated or user-provided code to have its own persistent, low-latency database without manual provisioning. It bridges the gap between ephemeral serverless execution and stateful application needs in a secure, sandboxed environment.

Cloudflare introduced Durable Object Facets to provide persistent storage for code loaded via Dynamic Workers.
Dynamic Workers use isolates instead of containers, offering 100x faster load times and 1/10 the memory usage.
Durable Object Facets allow dynamic code to extend the DurableObject class and access a dedicated SQLite database.
A supervisor Durable Object acts as a controller, managing the lifecycle and requests for dynamic facets.
This architecture enables AI-generated applications to maintain long-lived state with zero-latency local disk access.

#dist #data #security

Read original

Cloudflare BlogApr 13, 2026

Dynamic, identity-aware, and secure Sandbox auth

Why it matters: Outbound Workers solve the 'untrusted agent' problem by moving auth logic out of the sandbox. This enables zero-trust security for AI workloads, allowing engineers to inject secrets and enforce granular RBAC at the network edge without exposing sensitive tokens to LLMs.

Cloudflare introduced outbound Workers for Sandboxes, acting as programmatic egress proxies for microVM-based environments.
These proxies enable zero-trust authentication by injecting secrets at the egress point, keeping credentials hidden from untrusted AI agents.
Developers can implement granular traffic control, allowing for logging, modification, or blocking of requests based on destination or method.
The system supports identity-aware routing, applying specific rules and credentials dynamically based on the sandbox's unique identity.
By executing on the same host as the sandbox, the proxy minimizes latency while remaining transparent to the sandboxed application.

#security #mlp #dist

Read original

Cloudflare BlogApr 10, 2026

500 Tbps of capacity: 16 years of scaling our global network

Why it matters: This milestone demonstrates how massive-scale infrastructure can handle record-breaking DDoS attacks (31.4 Tbps) autonomously. It showcases the power of pushing security and compute to the edge using eBPF and XDP, allowing for high-performance, distributed application hosting.

Cloudflare reached 500 Tbps of external capacity across 330+ cities, supporting over 20% of the web.
Autonomous DDoS mitigation uses eBPF and XDP (l4drop) to drop malicious packets at line rate without human intervention.
The 'dosd' daemon samples traffic and broadcasts mitigation rules globally via Quicksilver, a distributed KV store.
Layer 4 load balancing is handled by Unimog, while flowtrackd provides stateful TCP inspection for enterprise traffic.
The network has evolved into a distributed developer platform (Workers) that now supports V8 isolates and edge containers.

#security #dist #sre

Read original

GitHub EngineeringApr 8, 2026

GitHub Universe is back: We want you to take the stage

Why it matters: GitHub Universe is a premier event for engineers to showcase technical achievements and learn about the latest in AI-driven development and security. It offers a unique opportunity to influence the community and discover tools that accelerate the software development lifecycle.

GitHub Universe returns to San Francisco on October 28–29, focusing on developer learning and technical innovation.
The Call for Sessions is open until May 1, inviting engineers to submit proposals on their builds and lessons learned.
Past highlights include deep dives into advanced Git features like sparse checkouts, partial clones, and reflog rescues.
Technical themes emphasize CI/CD automation using GitHub Actions and AI-assisted security with Copilot.
The event showcases creative ways to teach complex topics, such as using roleplay to explain Kubernetes security and clusters.
A major focus remains on improving Developer Experience (DevEx) and accelerating the path from idea to shipped product.

#culture #security #frontend

Read original

Cloudflare BlogApr 8, 2026

From bytecode to bytes: automated magic packet generation

Why it matters: This approach automates the analysis of stealthy BPF-based malware, allowing engineers to quickly identify and replicate the 'magic' packets used to trigger backdoors. It demonstrates how symbolic execution and theorem provers like Z3 can solve complex reverse-engineering bottlenecks.

Linux malware uses Berkeley Packet Filter (BPF) socket programs to remain dormant until a specific 'magic' packet is received.
Manually reverse-engineering complex BPF filters with hundreds of instructions is a significant bottleneck for security researchers.
Symbolic execution treats code as a series of constraints rather than instructions, allowing researchers to work backward from a target state.
By integrating the Z3 theorem prover, researchers can automatically generate the exact network packet required to trigger a malicious filter.
The tool calculates the shortest execution path to an 'ACCEPT' state by tracking conditional jumps and instruction offsets.
This automation reduces the time required to analyze sophisticated backdoors like BPFDoor from hours to just a few seconds.

#security

Read original

Cloudflare BlogApr 7, 2026

Cloudflare targets 2029 for full post-quantum security

Why it matters: The timeline for quantum computers to break standard encryption has accelerated to 2029. Engineers must prioritize post-quantum migration now to protect against both 'harvest-now/decrypt-later' threats and future authentication bypasses as cryptographic standards become obsolete.

Cloudflare has accelerated its post-quantum (PQ) security roadmap, targeting full PQ-readiness including authentication by 2029.
Recent breakthroughs in neutral atom quantum computing have drastically reduced the physical qubit count required to break RSA-2048 and P-256.
Oratomic research indicates that reconfigurable qubits allow for highly efficient error correction, requiring only 3-4 physical qubits per logical qubit.
Google has demonstrated significant algorithmic improvements that speed up the process of cracking elliptic curve cryptography.
The industry-wide estimate for Q-Day has shifted from 2035+ to as early as 2029, prompting urgent migration efforts across major tech providers.

#security #dist

Read original

Page 3 of 18

Prev 1 2 3 4 5...18 Next