All news in category “Vendor and Hyperscaler Watch”

🔁 AWS Clean Rooms now supports incremental processing for rule-based ID mapping workflows using AWS Entity Resolution, enabling collaborators to populate ID mapping tables with only new, modified, or deleted records since the last analysis. This reduces the need for full-table reprocessing and enables near-real-time synchronization of matched identifiers across partners while preserving Clean Rooms’ privacy controls. Use cases include measurement providers keeping offline purchase data current with advertisers and publishers to enable always-on campaign measurement, lower costs, and maintain collaborator privacy.

🔎 Cloudflare Radar now publishes public IRR AS-SET monitoring on each ASN routing page, enabling operators to inspect, filter, and export AS-SET memberships and inclusion trees. The feature surfaces inferred ASN, IRR sources, counts of AS and AS-SET members, AS cone sizes, and upstream relationships, and provides direct/indirect toggles for focused views. These capabilities help build accurate BGP route filters, detect misuse, and reduce the risk of route leaks by making AS-SET data easier to validate and share.

🔍 Cloudflare is launching a private beta of AI Index, a per-domain, AI‑optimized search index that site owners control and can monetize via Pay per crawl and x402 integrations. The service automatically builds and maintains indexes and exposes standardized APIs — an MCP server, LLMs.txt, a search API, bulk transfer endpoints, and pub/sub subscriptions for real-time updates. It integrates with AI Crawl Control so owners can set access rules or opt out entirely.

🚀 Cloudflare today launched Observatory (open beta) and Smart Shield, integrated tools that combine real-user monitoring, synthetic testing, backend telemetry and prescriptive remediation to help teams measure and improve web performance and resiliency. Observatory centralizes RUM-focused Core Web Vitals, synthetic browser and network tests, error and cache telemetry, and delivers Smart Suggestions to pinpoint root causes and recommended fixes. Smart Shield offers one-click origin protections — dynamic caching, connection reuse, health monitoring and dedicated egress options — to reduce origin load and validate improvements in real time; both features are available to all plans, including Free.

🚀 Cloudflare announced FL2, a complete reimplementation of its FL request-processing layer using Rust and the Oxy framework. FL2 adopts strict modular phases, eliminates cross-language overhead, and supports graceful restarts with systemd socket activation and the Rust-based shellflip coordinator. Internal and third-party tests show FL2 reduces median response times by ~10 ms and delivers a ~25% performance improvement; staged rollouts, automated testing, and fallbacks to FL1 enabled safe incremental migration.

🧊 Cloudflare describes a new Worker sharding technique that uses a consistent hash ring to route requests to existing Worker instances across a data center, reducing cold starts. The approach trades a sub-millisecond proxy hop for far fewer expensive cold starts, improving memory efficiency and latency. The system leverages Cap'n Proto RPC to implement optimistic forwarding, lazy capabilities, and seamless context transfer for nested Worker invocations.

🌐 Cloudflare Radar now offers regional traffic insights and expanded Certificate Transparency data to provide more granular, localized visibility into Internet health and trust. Regional views break traffic down by first-order administrative divisions (ADM1), showing bytes, requests, device (mobile/desktop) and bot/human splits, and can be joined with ASN filters in the Data Explorer. The CT dashboard, built on prior Merkle Town work, surfaces certificate volumes, CA and log-level metrics, issuance trends, signature and key algorithm distributions, and richer domain certificate details accessible via the Radar UI and API.

⚡Cloudflare reports it remains the fastest network for the largest number of last‑mile ISPs in its Birthday Week 2025 update. Using Real User Measurements (RUM) from Cloudflare‑branded error pages, the company compares TCP connection time trimeans against CloudFront, Google, Fastly and Akamai for the top 1,000 networks. Measured from August 6 to September 4, Cloudflare is #1 in 40% of measured ISPs and is prioritizing targeted fixes where gaps remain.

🧩 Cloudflare introduces Code Mode, a new approach that converts Model Context Protocol (MCP) tool schemas into a generated TypeScript API so LLMs write code instead of emitting synthetic tool-call tokens. This lets models leverage broad exposure to real-world TypeScript, improving correctness when selecting and composing many or complex tools. Code Mode executes the generated code inside fast, sandboxed Cloudflare Workers isolates that expose only typed bindings to authorized MCP servers, preserving MCP's uniform authorization and discovery while reducing token overhead and orchestration latency.

🔒 Okta introduced an Identity Security Fabric to secure AI agents and unify identity, application, and agent management across enterprises. The platform combines AI agent lifecycle management, a Cross App Access protocol, and Verifiable Digital Credentials (VDC) to enforce least privilege, discover and monitor agents, and replace fragmented point solutions. Early access features begin in fiscal 2027.

🔍Compute Optimizer now supports 99 additional Amazon EC2 instance types, including the latest Compute Optimized (C8gn, C8gd), General Purpose (M8i, M8i-flex, M8gd), Memory Optimized (R8i, R8i-flex, R8gd), and Storage Optimized (I8ge) families. This expansion helps customers identify additional savings and capture improved price-to-performance from newer instances without manual analysis. The update is available in all regions where Compute Optimizer operates except AWS GovCloud (US) and China, and can be accessed via Console, AWS CLI, or AWS SDK.

🔧 Amazon Elastic Block Store (EBS) gp3 volumes now support up to 64 TiB, 80,000 IOPS, and 2,000 MiB/s throughput — raising previous limits of 16 TiB, 16,000 IOPS, and 1,000 MiB/s. This change simplifies storage architectures by allowing consolidation of striped volumes into a single gp3 volume, reducing operational complexity for storage-intensive and containerized workloads that struggle with multi-volume striping. Pricing remains based on storage plus any additional provisioned IOPS and throughput; the new limits are available in all AWS Commercial and GovCloud (US) regions.

🔒 AWS WAF's Targeted Bot Control, Fraud, and DDoS Prevention Rule Group are now available in Asia Pacific (Taipei), Asia Pacific (Bangkok), and Mexico (Central). These managed rule groups deliver detection and mitigations for sophisticated bots, application-layer DDoS, and account-takeover attacks at the web edge. Customers can deploy them to improve application resilience, reduce fraudulent activity, and limit resource consumption during attack campaigns.

💰 Amazon RDS for Db2 now offers Reserved Instances with up to 47% cost savings versus On-Demand pricing. The offering is available for all supported instance types and supports both Bring Your Own License (BYOL) and Db2 licenses purchased through the AWS Marketplace. Reserved Instances include size flexibility so the discounted rate can automatically apply across sizes within the same instance family (for example, a db.r7i.2xlarge RI applying to two db.r7i.xlarge instances). Reserved Instances can be purchased via the AWS Management Console, AWS CLI, or AWS SDK; consult Amazon RDS for Db2 Pricing for details.

🔍 Cloudflare explains how it leverages the world’s largest performance dataset, combining passive transport logs with Real User Measurement (RUM), to refine congestion control across its global network. Using a new Rust-based stack and experimentation framework, the company evaluates multiple algorithms (including BBR) to predict user experience from passive signals and validate with RUM. Early tests on free-tier QUIC traffic show roughly 10% average improvement versus the prior baseline, with staged rollouts and an early-access program planned for enterprises.

⚡ Cloudflare is leveraging telemetry from its vast Free Plan and global edge to refine congestion control and improve routing across its network. By combining passive connection logs, Real User Measurement (RUM) and cross-network models, the team evaluates multiple algorithms beyond classic loss-based and BBR approaches. A migration to a Rust-based stack enables faster experimentation and parameter tuning; early QUIC tests show up to 10% performance gains. Cloudflare plans staged rollouts through 2026 and offers enterprise early access.

🚀 Amazon Managed Streaming for Apache Kafka (Amazon MSK) now supports Express brokers in eight additional AWS Regions: AWS GovCloud (US-West), AWS GovCloud (US-East), Jakarta, Melbourne, Osaka, Zurich, Tel Aviv, and Hong Kong. Express brokers are a Provisioned broker type that deliver up to 3x more throughput per broker, scale up to 20x faster, and reduce recovery time by 90% versus standard Apache Kafka brokers. They arrive pre-configured with Kafka best practices, support all Kafka APIs, and maintain low-latency performance so existing client applications require no changes.

🔒 Amazon Web Services announced that Amazon Bedrock AgentCore Runtime, AgentCore Browser, and AgentCore Code Interpreter now support VPC connectivity, AWS PrivateLink, CloudFormation, and resource tagging. These additions let developers deploy AI agents that access private resources such as databases and internal APIs without internet exposure. CloudFormation integration enables infrastructure-as-code provisioning, while tagging provides cost allocation and access-control organization. AgentCore is in preview in US East (N. Virginia), US West (Oregon), Asia Pacific (Sydney), and Europe (Frankfurt).

🔒 The Cloud Security Alliance has published the SaaS Security Capability Framework (SSCF), a standardized set of customer-facing security controls designed to reduce long-standing gaps in third-party risk management. SSCF defines minimum technical capabilities across six domains — including identity and access, data lifecycle, logging, and incident management — that vendors should expose under the Shared Responsibility Model. The framework is intended to add transparency and consistency to SaaS security, complementing business-focused standards such as ISO 27001, and aims to evolve into practical implementation guidance, auditing criteria, and a certification scheme.

🧪 Research and Engineering Studio (RES) 2025.09 on AWS delivers fractional GPU support, simplified AMI handling, and greater deployment flexibility for research and engineering teams. The update adds support for Amazon EC2 g6f instances to enable GPU fractionalization, Systems Manager Parameter Alias support for AMI IDs to streamline image management, and optional integration with existing Amazon Cognito user pools to simplify authentication during deployment. Administrators can now customize CIDR ranges in the CloudFormation external resources template, and regional availability expands to Asia Pacific (Osaka), Asia Pacific (Jakarta), Middle East (UAE), and South America (São Paulo).