Curated topic

security

Posts tagged with security

Cloudflare BlogFeb 23, 2026

Cloudflare One is the first SASE offering modern post-quantum encryption across the full platform

Why it matters: With NIST setting a 2030 deadline to deprecate classical encryption, engineers must adopt post-quantum standards now to prevent 'Harvest Now, Decrypt Later' attacks. This update provides built-in crypto agility for SASE, simplifying the transition to quantum-resistant networking.

Cloudflare One is the first SASE platform to implement post-quantum (PQ) encryption across its entire suite, including Secure Web Gateway, Zero Trust, and WAN.
The platform utilizes hybrid ML-KEM (Module-Lattice-based Key-Encapsulation Mechanism) alongside classical ECDHE to provide quantum-resistant key agreement.
Support extends to Cloudflare IPsec and the Cloudflare One Appliance, securing both site-to-site and outbound internet traffic against future quantum threats.
The implementation specifically targets 'Harvest Now, Decrypt Later' attacks by upgrading the key establishment phase of cryptographic handshakes.
Cloudflare One Appliance version 2026.2.0 is generally available with these upgrades, while the Cloudflare IPsec upgrade has entered closed beta.

#security #dist

Read original

Salesforce EngineeringFeb 21, 2026

From Audio to Action: How Speech Invocable Action Powers Native AI Automation Across Salesforce

Why it matters: This shift to native speech automation eliminates third-party security risks and simplifies complex AI integration. It demonstrates how to build resource-intensive AI features within a multi-tenant environment while maintaining strict data residency and platform stability.

Salesforce developed Speech Invocable Action to provide native, secure speech-to-text and translation within its platform trust boundary.
The architecture manages shared memory and compute resources to ensure stability across concurrent multi-tenant workloads.
Defensive design uses structured error categories, enabling developers to implement explicit fallback logic in Flows and Agentforce.
The team leveraged AI-assisted development tools like Claude Code to navigate complex internal APIs and accelerate production delivery.
Standardizing speech as a composable action removes the need for external integrations and boilerplate code for audio streaming.

#mlp #security #data

Read original

Cloudflare BlogFeb 20, 2026

Code Mode: give agents an entire API in 1,000 tokens

Why it matters: Code Mode solves the context window bottleneck for AI agents by replacing thousands of tool definitions with a programmable interface. This allows agents to interact with massive APIs efficiently and securely, significantly reducing token costs and latency while improving task performance.

Cloudflare's Code Mode reduces AI agent context usage by 99.9%, fitting the entire Cloudflare API into just 1,000 tokens.
It replaces thousands of individual tool definitions with two primary tools: search() for discovery and execute() for action.
Agents generate JavaScript code to interact with a typed SDK, enabling complex multi-step operations in a single round trip.
Execution occurs within a secure Dynamic Worker isolate, a V8 sandbox that prevents prompt injection leaks and unauthorized access.
This pattern allows agents to handle massive APIs that would otherwise exceed the context limits of modern foundation models.
Cloudflare has open-sourced a Code Mode SDK to facilitate this pattern in third-party MCP servers and AI agents.

#mlp #security #dist

Read original

GitHub EngineeringFeb 17, 2026

Securing the AI software supply chain: Security results across 67 open source projects

Why it matters: Securing the open-source supply chain is critical as a single vulnerability can impact thousands of downstream systems. This initiative provides the resources and training necessary to harden the libraries and tools that form the bedrock of modern AI and cloud infrastructure.

The GitHub Secure Open Source Fund provides $10,000 in non-dilutive funding and expert training to maintainers of critical open source infrastructure.
Session 3 involved 67 projects, resulting in 99% of participants enabling core GitHub security features like CodeQL and secret scanning.
The program has collectively issued 191 new CVEs and resolved over 600 leaked secrets across 138 projects to date.
Training focuses on threat modeling, secure coding, and AI-specific security to harden the foundations of modern software stacks.
Participating projects receive Azure credits and ongoing access to the GitHub Security Lab for 12 months to ensure long-term security maintenance.

#security #culture

Read original

GitHub EngineeringFeb 12, 2026

Welcome to the Eternal September of open source. Here’s what we plan to do for maintainers.

Why it matters: As AI and low-friction tools flood open source with low-quality contributions, maintainer burnout is rising. GitHub's new features aim to restore balance by giving maintainers better tools to filter noise, manage PR volume, and protect the sustainability of the open-source ecosystem.

Open source is facing an 'Eternal September' where the volume of low-quality contributions, often AI-generated, exceeds maintainer review capacity.
The cost to create pull requests and security reports has dropped significantly, while the cost to review them remains a high manual burden.
GitHub is introducing features like pinned comments and noise-reduction banners to minimize 'low-value' interactions like '+1' comments.
Performance improvements to PR diffs and issue navigation aim to reduce the time maintainers spend on administrative triage.
New repo-level controls will allow maintainers to limit PR creation to collaborators or delete spam PRs directly from the UI.
The industry is seeing a shift toward 'invitation-only' contribution models to restore trust and ensure high-quality engagement.

#culture #security

Read original

Microsoft Azure BlogFeb 5, 2026

Claude Opus 4.6: Anthropic’s powerful model for coding, agents, and enterprise workflows is now available in Microsoft Foundry

Why it matters: This integration brings Anthropic's most advanced reasoning to Azure, enabling engineers to build secure, agentic workflows with a 1M token context window. It simplifies the path to production by combining frontier intelligence with enterprise-grade governance and data connectivity.

Claude Opus 4.6 is now available in Microsoft Foundry, integrating Anthropic's most advanced reasoning model with Azure's secure infrastructure.
The model features a 1M token context window (beta) and 128K max output, optimized for large-scale codebases and complex document analysis.
Integration with Foundry IQ enables agents to access and act on data across Microsoft 365, Fabric, and the web.
Engineers can leverage the model for autonomous coding tasks, including refactoring, bug detection, and full-lifecycle development.
The platform provides enterprise-grade governance, access controls, and operational tools to accelerate the transition from experimentation to production.
Specific industry applications include high-context financial analysis, legal drafting, and cybersecurity workflows.

#mlp #data #security

Read original

Cloudflare BlogFeb 5, 2026

2025 Q4 DDoS threat report: A record-setting 31.4 Tbps attack caps a year of massive DDoS assaults

Why it matters: The scale of DDoS attacks is reaching unprecedented levels, with botnets leveraging IoT devices to hit 31.4 Tbps. Engineers must prioritize automated, multi-vector mitigation strategies as manual intervention is no longer viable against such hyper-volumetric volume.

DDoS attacks surged by 121% in 2025, totaling 47.1 million incidents with an average of 5,376 mitigations per hour.
A record-breaking 31.4 Tbps attack occurred in late 2025, highlighting a massive increase in attack volume.
The Aisuru-Kimwolf botnet, composed of 1-4 million infected Android TVs, launched hyper-volumetric HTTP attacks exceeding 200 million requests per second.
Network-layer DDoS attacks more than tripled year-over-year, accounting for 78% of all attacks in Q4 2025.
Multi-vector campaigns utilized SYN floods, Mirai-based attacks, and SSDP amplification to target global internet infrastructure.
Telecommunications emerged as the most-attacked industry, while Hong Kong and the UK saw the highest growth in attack frequency.

#security #sre #dist

Read original

Engineering at MetaFeb 4, 2026

No Display? No Problem: Cross-Device Passkey Authentication for XR Devices

Why it matters: This approach enables secure, phishing-resistant authentication for devices with limited UI, like XR headsets and IoT. By replacing QR codes with companion app transport, it maintains FIDO security standards while significantly improving the user experience for passwordless logins.

Meta introduced a novel cross-device passkey flow for XR and screenless devices that eliminates the need for scanning QR codes.
The approach utilizes the FIDO CTAP hybrid protocol, replacing visual data transfer with a secure message transport via a companion mobile app.
The XR device generates a FIDO URL containing an ECDH public key and session secret, delivered to the phone via GraphQL-based push notifications.
The companion app triggers native iOS or Android passkey verification flows upon receiving the notification, maintaining standard security requirements.
Proximity verification via Bluetooth or NFC is still enforced to ensure the authenticating device is physically near the XR hardware.

#security #mobile

Read original

Salesforce EngineeringJan 29, 2026

Scaling Code Reviews: Adapting to a Surge in AI-Generated Code

Why it matters: AI tools accelerate code creation but overwhelm traditional review workflows. Salesforce’s approach shows how to scale human oversight using intent-based analysis and automated context, ensuring technical rigor and security aren't sacrificed for development speed.

Salesforce developed Prizm to address a 30% surge in code volume and increased PR complexity caused by AI-assisted coding tools.
The system moves beyond file-by-file diffs to 'intent reconstruction,' using token-aware chunking and graph-based merging to group related changes.
Context is treated as a first-class dependency, aggregating data from work items, historical defects, and architectural patterns to inform reviewers.
Prizm automates the identification of security vulnerabilities and design risks, providing line-level remediation guidance to augment human judgment.
The architecture shifts review from mechanical validation to a high-level analysis of conceptual structure and cross-module interactions.

#mlp #culture #security

Read original

Cloudflare BlogJan 29, 2026

Introducing Moltworker: a self-hosted personal AI agent, minus the minis

Why it matters: Moltworker demonstrates the maturity of Cloudflare's serverless platform for hosting complex AI agents. It shows how improved Node.js compatibility and sandboxing allow engineers to deploy secure, stateful tools globally without the overhead of managing physical hardware.

Moltworker is a Cloudflare-hosted adaptation of Moltbot, allowing users to run a personal AI agent on serverless infrastructure instead of dedicated local hardware.
The project leverages Cloudflare Workers' improved Node.js compatibility, which now supports 98.5% of the top 1,000 NPM packages natively, including node:fs.
The architecture utilizes Cloudflare Sandboxes for isolated code execution and Browser Rendering for headless automation and web interaction.
Persistent data is managed via R2 storage, while the AI Gateway provides centralized logging, cost tracking, and unified billing for LLM providers.
Security is enforced through Cloudflare Access, protecting the entrypoint Worker that acts as a proxy between the user and the isolated agent environment.

#mlp #dist #security

Read original

Page 5 of 12

Prev 1...3 4 5 6 7...12 Next