All news with #cloudflare tag

Cloudflare Confidence Scorecards for AI and SaaS Risk

🔒 Cloudflare today launched Application Confidence Scorecards, a new capability in the Cloudflare One SASE suite that automates safety and trust assessments for AI and SaaS applications. The feature combines an Application Posture Score and a Gen‑AI Posture Score to surface certifications, data‑management practices, security controls, and vendor maturity. Cloudflare crawls trust centers and public policies, uses LLMs for structured extraction and source validation, and pairs automated scoring with analyst review to reduce errors. Scores appear in the Application Library and can inform policy enforcement, warnings, or blocks so teams can reduce Shadow AI risk without manual audits.

Open-source VibeSDK for Self-hosted AI Coding Platforms

🚀 VibeSDK is an open-source platform that enables organizations to deploy a complete AI-powered "vibe coding" experience with one click, integrating LLMs, secure sandboxes, and scalable hosting. It provisions isolated development environments to safely execute AI-generated code, offers templates and live previews, and automates build, test, and deploy workflows. The SDK also provides multi-model routing, observability, and caching, plus one-click export to users' Cloudflare accounts or GitHub so teams retain control of code and costs.

Per-Customer Bot Defenses: Behavioral Anomaly Detection

🚨 Cloudflare is introducing per-customer machine learning models that build dynamic baselines of legitimate traffic and detect behavioral anomalies to stop sophisticated, AI-driven scraping. The system ingests zone-level data to identify patterns like sequential page traversal or automated API access and then emits actionable outputs such as new Bot Detection IDs and adjustments to the Bot Score. Early beta results show hundreds of millions of flagged requests, and the capability will be available through Super Bot Fight Mode and Enterprise Bot Management.

Cloudflare and Coinbase Launch x402 Foundation and SDK

💳Cloudflare is partnering with Coinbase to form the x402 Foundation and to ship developer support for the x402 protocol, enabling machine-to-machine payments on the web. The announcement introduces a proposed deferred payment scheme that decouples cryptographic commitment from settlement, tailored to agentic use cases like pay-per-crawl. Developers can experiment with x402 today via Cloudflare's Agents SDK, MCP integrations, and a live x402 playground funded with Testnet USDC.

Cloudflare Adds AI Crawl Control to Project Galileo

🛡️ Cloudflare is extending Project Galileo to include Bot Management and AI Crawl Control, giving participating journalists, independent publishers, and non-profits free tools to monitor and manage AI crawlers. These services help distinguish legitimate search crawlers from AI scrapers, analyze crawler behavior by type and provider, and apply tailored rules to protect content. The goal is to help news organizations preserve traffic, protect intellectual property, and negotiate fair compensation with AI companies.

Cloudflare Sponsors Astro and TanStack for Open Web

🔧 Cloudflare announced financial sponsorships for two key open-source frontend projects, Astro and TanStack. The company is partnering with Webflow to support Astro and with Netlify to support TanStack, creating a coalition of contributors to bolster project sustainability. Cloudflare runs its developer documentation on Astro, citing its “zero JS by default” model and framework-agnostic approach as essential for fast, SEO-friendly docs. The announcement also highlights TanStack’s libraries and the release candidate for TanStack Start as strategic investments for building ambitious, type-safe web applications.

ShadowV2 Industrializes DDoS via Misconfigured Docker

🚨 ShadowV2 is a new botnet campaign that converts misconfigured Docker containers on AWS into a DDoS-for-hire platform. Darktrace’s analysis shows attackers exploiting exposed Docker daemons via the Python Docker SDK, building containers on victims' hosts and deploying a Go-based RAT that polls operators and launches large HTTP floods. The operation is highly professionalized, offering APIs, dashboards, operator logins and modular attack options that make DDoS easily rentable.

ShadowV2 Botnet Targets Misconfigured AWS Docker Containers

⚠️ Researchers at Darktrace disclosed ShadowV2, a DDoS-focused botnet that exploits misconfigured Docker daemons on AWS EC2 instances to deploy a Go-based RAT and enlist hosts as attack nodes. The campaign uses a Python spreader to spawn an Ubuntu setup container, build a custom image, and run an ELF payload that checks in with a Codespaces-hosted C2. Operators leverage HTTP/2 Rapid Reset floods, a Cloudflare UAM bypass via ChromeDP, and a FastAPI/Pydantic operator API, signaling a modular DDoS-for-hire service.

Cloudflare Expands Intern Program to Hire 1,111 in 2026

🚀Cloudflare will hire up to 1,111 interns in 2026 across global hub offices to accelerate the creative application of AI and broaden its talent pipeline. Interns will be embedded on cross-functional teams—from engineering and product to marketing, legal, and finance—and are expected to deliver concrete, customer-facing work. Positions are paid, typically 12 weeks in length, with hybrid in-office attendance and dedicated mentors. Software engineering applicants can be fast-tracked by submitting an AI-powered project built on Cloudflare.

Cloudflare Backs Ladybird Browser and Omarchy Linux

🌐 Cloudflare announced sponsorships for two independent open-source projects: Ladybird, a browser built from scratch with new LibWeb and LibJS engines, and Omarchy, an opinionated Arch Linux setup for developers. The company frames its contributions as unconditional, aimed at preserving diversity, privacy, security, and performance across client and developer tooling. Both projects are early-stage, invite community contributions, and may influence broader web platform standards and developer workflows.

Cloudflare launches office hubs for startups in 2026

🚀 Cloudflare will open select office locations as free coworking hubs for early-stage companies beginning January 2026. The pilot will allow a capped number of external visitors on select days in San Francisco, Austin, London, and Lisbon, with registration coordinated through the Cloudflare for Startups program. Visitors will have access to common spaces at no cost, with simple ground rules and cohort-based scheduling—no mandatory talks or obligations.

Cloudflare Offers Startup Credits to Nonprofits Globally

🚀 Cloudflare has opened its Startup program to registered non-profit, civil society, and public interest organizations, offering up to $250,000 in credits to support developer and core services. Eligible groups can use credits for databases & storage, compute, AI, media, and performance and security tools. Applications are open now through December 1, 2025; awards will be made based on project description, technical needs, and expected impact. Applicants must be a registered 501(c)(3) or equivalent and describe the tool they plan to build or scale.

Cloudflare Launches Free Developer Tools for Students

🚀 Cloudflare is offering 12 months of its paid Developer features free to eligible US students with a verified .edu billing email. The program expands usage allotments for Workers, Pages Functions, KV, Durable Objects, Hyperdrive, Workers Logpush, and Queues so students can build APIs, full‑stack apps, and data pipelines without immediate cost. Eligible accounts also gain access to a dedicated student Discord community and clear redemption steps for new and existing .edu accounts.

Cap'n Web: Lightweight TypeScript RPC for Web Applications

🔧 Cap'n Web is a compact, open-source RPC protocol and TypeScript implementation designed for the modern web stack. It provides an object-capability model with bidirectional calls, function and object references, and promise pipelining while using human-readable JSON for transport. The library runs in browsers, Node.js, and Cloudflare Workers, ships as a sub-10KB minified bundle, and integrates with TypeScript tooling. It's experimental but already used inside Cloudflare and released under the MIT license.

Cloudflare Workers Launchpad Cohort #6 and Program Update

🚀 Cloudflare’s Workers Launchpad helps startups build and scale by providing cloud credits, technical mentorship, and direct access to product teams. Since expanding to a $2B funding commitment, the program has supported 145 startups across 23 countries, spanning AI, developer tools, and infrastructure. Cohort #6 introduces a new slate of founders and emphasizes hands-on collaboration, community, and pathways to funding and acquisition.

Cloudflare 2025 Founders’ Letter: AI, Content, and Web

📣 Cloudflare’s 2025 Founders’ Letter reflects on 15 years of Internet change, highlighting encryption’s rise thanks in part to Universal SSL, slow IPv6 adoption, and the rising costs of scarce IPv4 space. It warns that AI answer engines are shifting value away from traffic-based business models and threatening publishers. Cloudflare previews tools and partnerships — including AI Crawl Control — to help creators control access and negotiate compensation.

You Don’t Need Quantum Hardware for PQC Readiness Now

🔐 Cloudflare explains that post-quantum cryptography (PQC) protects communications against future quantum computers and does not require specialized quantum hardware. PQC runs today on existing phones, servers, and network infrastructure, can scale at Internet level, and in many cases matches or exceeds classical performance. The post argues that quantum technologies like QKD and QRNG are interesting scientific tools but are neither necessary nor sufficient for broad post-quantum security; organizations should prioritize cryptographic agility and migration to PQC.

Route Cloudflare Tunnel Traffic by Hostname, Not IP

🔒 Cloudflare now lets administrators route traffic to a Cloudflare Tunnel by hostname or domain, removing the need to track changing IP addresses. By binding hostnames or wildcard domains to tunnels and writing Access or Gateway policies, teams can enforce per-resource zero-trust rules and secure egress without touching IP lists. Gateway uses synthetic initial IPs to tag hostname intent at Layer 4, map traffic back to private IPs, and forward it through the correct tunnel.

RUM Diaries: Enabling Privacy-First Web Analytics by Default

🔍 Cloudflare is upgrading its real user monitoring (RUM) suite by enabling Web Analytics for free domains by default on October 15, 2025 (EU/UK traffic excluded by default). A lightweight JavaScript beacon will collect aggregated client-side metrics—Core Web Vitals, resource timings and client-observed TLS durations—and pre-process data at the edge to remove personal identifiers before aggregation. The company emphasizes a privacy-first approach with no cookies, no localStorage, and no fingerprinting, and plans to correlate client metrics with in-network and origin telemetry to provide actionable debugging insights while preserving user privacy.

Microsoft and Cloudflare Disrupt RaccoonO365 Phishing

🔒 Microsoft and Cloudflare coordinated a disruption of the RaccoonO365 Phishing-as-a-Service operation in early September 2025, seizing 338 malicious websites and Cloudflare Worker accounts. The service is linked to at least 5,000 stolen Microsoft 365 credentials from 94 countries since July 2024 and was used in large campaigns, including a tax-themed sweep that targeted over 2,300 U.S. organizations. Kits bundled CAPTCHA and anti-bot evasion, were sold via a private Telegram channel, and investigators identified a suspected leader, prompting a criminal referral.