< ciso
brief />
Tag Banner

All news with #cloudflare tag

318 articles

Cloudflare on ML‑DSA and the PQ signature landscape

🔒 Cloudflare explains why ML‑DSA, the NIST‑standardized post‑quantum signature, must be used for the initial migration even though better schemes may arrive later. The post‑quantum transition is underway: most traffic already uses ML‑KEM encryption, and Cloudflare targets full post‑quantum protection by 2029. The post outlines tradeoffs among candidate signature families — size, speed, and implementation risks — and highlights why specialization and generalist schemes will both be needed.
read more →

Introducing Meerkat: Cloudflare’s New Consensus Service

🟢 Cloudflare introduces Meerkat, an experimental distributed consensus service designed to provide strong consistency and global fault tolerance across 330+ data centers. Built atop the QuePaxa algorithm, Meerkat lets every replica accept writes and avoids leader-timeout availability failures common in Raft. Initially internal, Meerkat hosts applications like a transactional key-value store and leasing system by converting client operations into a replicated log, ensuring linearizability and majority-based safety.
read more →

Cloudflare joins UK cyber resilience pledge

🔐 Cloudflare announced it has joined the UK government's Cyber Resilience Pledge as a founding signatory, aligning with the pledge’s pillars of democratized security, leadership accountability, and radical transparency. The post highlights rising cyber threats — including massive DDoS volumes and AI-driven attack vectors — and describes how Cloudflare's global network, zero trust controls, and free protections support resilience across the UK economy. Cloudflare emphasizes supply-chain assurance, board-level governance, and international certifications to meet the pledge's aims.
read more →

Why CAPTCHAs are Disappearing from the Web

🔍 CAPTCHAs began as distorted text and audio tests but have evolved into image challenges and now experimental gesture videos as AI improves. Google’s new hand-gesture approach records brief camera footage to verify 21 hand key points, raising privacy concerns despite reassurances about data handling. Alternative defenses include behavioral analysis, Cloudflare Turnstile, and hCaptcha, while passkeys offer a passwordless path that can reduce the need for human checks.
read more →

Cloudflare Workers Cache: Tiered Edge Caching

🧭 Today Cloudflare launched Workers Cache, a tiered cache that sits in front of your Worker and is enabled via a simple Wrangler config and standard Cache-Control headers. Cacheable requests hit Cloudflare first so fresh responses are returned without running the Worker; on a miss the Worker runs and stores the response for subsequent requests. The cache supports stale-while-revalidate, Vary, tag- and prefix-based purges, and per-entrypoint control, and is available to all Workers on any plan.
read more →

Cloudflare Expands AI Bot Controls and Taxonomy

🛡️ Cloudflare updates its bot management to distinguish between three AI use cases—Search, Agent, and Training—so site owners can better control access and compensation for their content. The company will change defaults on September 15, 2026, blocking Training and Agent bots on ad-bearing pages while leaving Search allowed. Cloudflare also launched BotBase, a searchable directory of tracked bots, and added a new content-use signal for robots.txt to express preferences like use=reference.
read more →

Cloudflare Monetization Gateway and x402 Payments

🔒 Cloudflare announced the Monetization Gateway, a control plane to charge for any asset protected by Cloudflare — web pages, APIs, datasets, or MCP tools — and to enforce payments at the edge. At launch payments will settle in stablecoins over the open x402 protocol, enabling micropayments and sub-second settlement. The Gateway moves metering and payment verification off your origin while preserving your pricing and rules.
read more →

Agentic Internet: Bot Traffic and Content Market

🧭 Cloudflare reports a rapid shift toward an agent-driven Internet where AI training and mixed-use crawlers dominate. Publishers face falling referral traffic as over 50% of Internet traffic is now non-human, and AI companies increasingly ingest content without compensation. Cloudflare highlights tools and marketplace developments that restore publisher control, enable attribution, and support licensing between content owners and AI firms.
read more →

Cloudflare Proposes New Economics for AI Search

🔍 Cloudflare outlines initiatives to make AI-driven search more efficient and to compensate creators fairly. The company will launch a research program using network signals to surface fresher, higher-quality content and reduce unnecessary crawling. It is also evolving Pay Per Crawl toward Pay Per Use, experimenting with partners like Ceramic.ai and You.com to enable pay-per-query and other payment models.
read more →

Cloudflare launches Attribution Business Insights dashboard

📊 Cloudflare introduces the Attribution Business Insights dashboard to help publishers and business leaders distinguish valuable human referrals from extractive AI crawler traffic. The dashboard provides site-wide and per-operator crawl-to-referral ratios, top bot breakdowns, and updated crawler classifications like Training, Search, and Agent. Available to Cloudflare Bot Management customers, it centralizes visibility so decision-makers can evaluate impact before acting via existing security rules.
read more →

Cloudflare Workflows adds durable saga rollbacks

🛠️ Cloudflare Workflows now supports saga rollbacks, letting developers declare per-step compensation logic directly in step.do() calls. This feature simplifies undoing partial work when later steps fail by running rollback handlers in reverse step-start order and preserving idempotency via idempotency keys. Rollback handlers are durable, configurable with retries and timeouts, emit lifecycle events, and execute only when the Workflow fails terminally.
read more →

Threatsday bulletin: proxyware, exploits, and trends

🛡️ This week’s bulletin highlights a string of practical and persistent threats: privacy-preserving bot defense work from Cloudflare and browsers, six serious curl vulnerabilities fixed in 8.21.0, and a critical unauthenticated takeover in Hoppscotch. Spur Intelligence found widespread proxyware in LG and Samsung smart TV apps, while Teams-based social engineering delivered the Edgecution extension. Other items include legacy credential breaches, state-crime convergence, admin reset alerts, and macOS ClickFix campaigns.
read more →

Cloudflare Opens Self‑Managed OAuth to All Customers

🔐 Cloudflare announced self-managed OAuth, allowing any customer to create and manage OAuth clients for delegated access to the Cloudflare API. The company upgraded its underlying OAuth engine (Hydra) through staged 1.X and 2.X migrations, implemented blue‑green cutovers, and used queues to preserve revocations during the transition. Post‑upgrade improvements reduced latency and resource usage and enabled broader, safer integration patterns for developers.
read more →

U.S. Executive Order Accelerates PQC Adoption

🔒 On June 22, 2026, President Trump signed Executive Order 14409, setting federal deadlines to adopt post-quantum cryptography: key establishment by December 31, 2030, and authentication by December 31, 2031, with contractors required to comply by 2030. Cloudflare supports the EO, noting federal procurement has historically driven industry adoption and highlighting that post-quantum encryption deployment is already widespread across its services while authentication work continues. The EO focuses on NIST-standardized PQC, excludes National Security Systems, and directs OMB and agencies to plan and report migration progress.
read more →

Race condition in hyper caused truncated image responses

🛠️ Cloudflare’s Images service, built in Rust on Workers, encountered intermittent truncation of larger transformed images after a 2025 rearchitecture that connected Workers to Images via a local binding. The failure returned HTTP 200 with a shortened body and no logged errors, appearing only under production concurrency and reproducible as a timing-dependent race in the hyper HTTP library. Instrumentation, strace, and controlled reproductions identified premature shutdown calls from the Images service that left most response bytes in hyper’s internal buffer; a four-line change ultimately fixed the issue.
read more →

Cloudflare introduces temporary agent accounts

⚙️ Today Cloudflare announced Temporary Cloudflare Accounts for AI agents, enabling agents to run wrangler deploy --temporary to deploy Workers instantly without human sign-up. Temporary deployments remain live for 60 minutes and can be claimed by a user to become permanent; unclaimed accounts expire automatically. The feature integrates with Wrangler, which now informs agents about the --temporary flag, letting agent-driven development iterate quickly through deploy, verify, and redeploy cycles.
read more →

Building a Model-Agnostic Vulnerability Harness

🔧 This post describes how Cloudflare evolved a single-repo security skill into a fleet-scale, model-agnostic Vulnerability Discovery Harness (VDH) and a separate Vulnerability Validation System (VVS). It explains why single-agent prompts fail at scale and why treating models as interchangeable components improves coverage. The article outlines stages like Recon, Hunt, Validate, Trace, Dedup, Gapfill, and Feedback and emphasizes persistence, strict context controls, and cross-repo reasoning.
read more →

Cloudflare Celebrates 12 Years of Project Galileo

🎉 Project Galileo provides free cybersecurity services to over 3,400 websites belonging to journalists, human rights defenders, and nonprofits across 120 countries. Cloudflare published its first comprehensive report on cyberattacks targeting civil society, released 16 participant case studies, and announced new partners. The findings show civil society faces more frequent and intense attacks, including prolonged DDoS, higher exploitation attempts, and elevated phishing rates. Cloudflare calls for broader, affordable protections and will produce this report annually.
read more →

Cloudflare Agents SDK and Flue for production agents

🛠️ Cloudflare describes how the Agents SDK provides durable execution, dynamic code execution, a durable filesystem, and dynamic workflows as platform primitives to run agent harnesses in production. The new Flue framework (1.0 Beta) builds on the Pi harness and targets Cloudflare Durable Objects to offer declarative agent development, integrations with Slack/GitHub/Discord, headless UI hooks, and Durable Streams for reliable checkpointing. Flue uses runFiber(), stash(), onFiberRecovered(), @cloudflare/codemode, and @cloudflare/shell to securely execute LLM-generated code, provide a virtual filesystem, and enable durable, resumable agent turns at low cost.
read more →

Cloudflare releases Cloudflare One stack for Zero Trust

🛡️ Cloudflare announced the Cloudflare One stack, a pair of agent skills designed to automate planning, deploying, migrating, and managing Zero Trust environments. The toolkit packages Cloudflare’s institutional migration expertise into two skill files — cloudflare-one and cloudflare-one-migration — to assist with VPN replacement, Gateway policies, connectivity, vendor-to-vendor translation, and troubleshooting. When paired with the Cloudflare code mode MCP server, agents gain typed, controlled access to the Cloudflare API for live inventory, configuration inspection, and curated change workflows.
read more →