All news with #cloudflare tag

Amazon Disrupts APT29 Campaign Targeting Microsoft 365

🔒 Amazon disrupted an operation attributed to the Russian state-sponsored group APT29 that used watering-hole compromises to target Microsoft 365 accounts. The attackers injected obfuscated JavaScript into legitimate sites to redirect roughly 10% of visitors to fake Cloudflare verification pages and then into a malicious Microsoft device code authentication flow. Amazon isolated attacker EC2 instances and worked with Cloudflare and Microsoft to take down identified domains; the campaign did not affect Amazon's infrastructure.

Amazon Thwarts APT29 Watering Hole Targeting Microsoft

🔒 Amazon’s threat intelligence team disrupted a watering hole attack attributed to the Russian state‑linked group APT29 that attempted to abuse Microsoft device code authentication flows. Compromised websites injected JavaScript that redirected about 10% of visitors to attacker-controlled domains mimicking Cloudflare verification pages. Amazon reported no AWS service compromise; attackers used evasion techniques and quickly rotated infrastructure.

Attackers Abuse Velociraptor to Tunnel C2 via VS Code

🔍 In a recent Sophos report, unknown actors abused the open-source forensic tool Velociraptor to download and execute Visual Studio Code, enabling an encrypted tunnel to an attacker-controlled command-and-control server. The intruders used the Windows msiexec utility to fetch MSI installers hosted on Cloudflare Workers, staged additional tooling including a tunneling proxy and Radmin, and invoked an encoded PowerShell command to enable VS Code's tunnel option. Sophos warns that misuse of incident response tools can precede ransomware and recommends deploying EDR, monitoring for unauthorized Velociraptor activity, and hardening backup and monitoring processes.

Cloudy AI Agent Automates Threat Analysis and Response

🔍 Cloudflare has integrated Cloudy, its first AI agent, with security analytics and introduced a conversational chat interface to accelerate root-cause analysis and mitigation. The chat lets users ask natural-language questions, refine investigations, and pivot from a single indicator to related threat events in minutes. Paired with the Cloudforce One Threat Events platform and built on the Agents SDK running on Workers AI, Cloudy surfaces contextual IOCs, attacker timelines, and prioritized actions at scale. Cloudflare emphasizes Cloudy was not trained on customer data and plans deeper WAF debugging and Alerts integrations.

Cloudflare AI for WARP and Network Troubleshooting Tools

🔍 Cloudflare is introducing two AI-powered tools to simplify troubleshooting for the Cloudflare One SASE platform: the new WARP diagnostic analyzer in the Zero Trust dashboard and a DEX MCP server for Digital Experience Monitoring. Both features are available to all Cloudflare One customers by default and convert diagnostic logs into clear, actionable insights. The WARP analyzer highlights events, device details, and exports JSON for deeper analysis, while the DEX MCP server enables natural-language queries and custom analytics without heavy SIEM integration.

Cloudflare Realtime Voice AI Platform for Edge Agents

🔊 Cloudflare announced new realtime voice AI capabilities to simplify building low-latency conversational agents on its global edge. The release includes Realtime Agents, a composable runtime for orchestrating STT, LLM, and TTS pipelines at the edge, plus the ability to pipe raw WebRTC audio as PCM into Workers, WebSocket-based realtime inference in Workers AI, and Deepgram models deployed across 330+ cities. These features aim to reduce infrastructure complexity and latency for voice-enabled applications.

Cloudy-driven Email Detection Summaries and Guardrails

🛡️Cloudflare extended its AI agent Cloudy to generate clear, concise explanations for email security detections so SOC teams can understand why messages are blocked. Early LLM implementations produced dangerous hallucinations when asked to interpret complex, multi-model signals, so Cloudflare implemented a Retrieval-Augmented Generation approach and enriched contextual prompts to ground outputs. Testing shows these guardrails yield more reliable summaries, and a controlled beta will validate performance before wider rollout.

Amazon Disrupts APT29 Watering Hole Campaign Targeting Users

🔒 Amazon's threat intelligence team identified and disrupted a watering hole campaign conducted by APT29, a group linked to Russia’s SVR. The actor compromised legitimate websites and injected obfuscated JavaScript to redirect a subset of visitors to attacker-controlled pages that mimicked Cloudflare verification. The campaign aimed to abuse Microsoft's device code authentication flow to trick users into authorizing attacker-controlled devices; Amazon isolated affected EC2 instances and coordinated with partners to disrupt infrastructure and share intelligence.

AI Crawler Traffic: Purpose and Industry Breakdown

🔍 Cloudflare Radar introduces industry-focused AI crawler insights and a new crawl purpose selector that classifies bots as Training, Search, User action, or Undeclared. The update surfaces top bot trends, crawl-to-refer ratios, and per-industry views so publishers can see who crawls their content and why. Data shows Training drives nearly 80% of crawl requests, while User action and Undeclared exhibit smaller, cyclical patterns.

Cloudflare Launches AI Crawl Control with 402 Support

🛡️Cloudflare has rebranded its AI Audit beta as AI Crawl Control and moved the tool to general availability, giving publishers more granular ways to manage AI crawlers. Paid customers can now block specific bots and return customizable HTTP 402 Payment Required responses containing contact or licensing instructions. The feature aims to replace the binary allow-or-block choice with a channel for negotiation and potential monetization, while pay-per-crawl remains in beta.

Background Removal: Evaluating Image Segmentation Models

🧠 Cloudflare introduces background removal for Images, running a dichotomous image segmentation model on Workers AI to isolate subjects and produce soft saliency masks that map pixel opacity (0–255). The team evaluated U2-Net, IS-Net, BiRefNet, and SAM via the open-source rembg interface on the Humans and DIS5K datasets, prioritizing IoU and Dice metrics over pixel accuracy. BiRefNet-general achieved the best overall balance of fidelity and detail (IoU 0.87, Dice 0.92) while lightweight models were faster on modest GPUs and SAM was excluded for unprompted tasks. The feature is available in open beta through the Images API using the segment parameter and can be combined with other transforms or draw() overlays.

Signed Agents: Cryptographic Identification of Agent Traffic

🔐 Cloudflare introduces signed agents, a new classification that cryptographically verifies agent-originated traffic using Web Bot Auth HTTP message signatures. Signed agents represent end-user-directed automation rather than operator-owned crawlers, enabling sites to allow or block them with finer granularity. The update adds signed agents to the public Radar directory and to the bots and agents dashboard for visibility and submissions.

Make Websites Conversational with NLWeb and AutoRAG

🤖 Cloudflare offers a one-click path to conversational search by combining Microsoft’s NLWeb open standard with Cloudflare’s managed retrieval engine, AutoRAG. The integration crawls and indexes site content into R2 and a managed vector store, serves embeddings and inference via Workers AI, and exposes both a user-facing /ask endpoint and an agent-focused /mcp endpoint. Publishers get continuous re-indexing, controlled agent access, and observability through an AI Gateway, removing much of the infrastructure burden for conversational experiences.

Cloudflare AI Gateway updates: unified billing, routing

🤖 Cloudflare’s AI Gateway refresh centralizes AI traffic management, offering unified billing, secure key storage, dynamic routing, and built-in security through a single endpoint. The update integrates Cloudflare Secrets Store for AES-encrypted BYO keys, provides an automatic normalization layer for requests/responses across providers, and introduces dashboard-driven Dynamic Routes for traffic splits, chaining, and limits. Native Firewall DLP scanning and configurable profiles add data protection controls, while partner access to 350+ models across six providers and a credits-based billing beta simplify procurement and cost management.

How Cloudflare Runs More AI Models on Fewer GPUs with Omni

🤖 Cloudflare explains how Omni, an internal platform, consolidates many AI models onto fewer GPUs using lightweight process isolation, per-model Python virtual environments, and controlled GPU over-commitment. Omni’s scheduler spawns and manages model processes, isolates file systems with a FUSE-backed /proc/meminfo, and intercepts CUDA allocations to safely over-commit GPU RAM. The result is improved availability, lower latency, and reduced idle GPU waste.

Cloudflare Workers AI Adds Leonardo and Deepgram Models

🚀 Cloudflare is expanding Workers AI to include closed-source partner models from Leonardo and Deepgram, bringing optimized image generation and real-time audio capabilities to the edge. The launch includes Leonardo's @cf/leonardo/phoenix-1.0 and @cf/leonardo/lucid-origin and Deepgram's @cf/deepgram/nova-3 and @cf/deepgram/aura-1. These models run on Cloudflare's low-latency GPU infrastructure and integrate with Workers, R2, Images, and Realtime for end-to-end developer workflows.

Cloudflare's Edge-Optimized LLM Inference Engine at Scale

⚡ Infire is Cloudflare’s new, Rust-based LLM inference engine built to run large models efficiently across a globally distributed, low-latency network. It replaces Python-based vLLM in scenarios where sandboxing and dynamic co-hosting caused high CPU overhead and reduced GPU utilization, using JIT-compiled CUDA kernels, paged KV caching, and fine-grained CUDA graphs to cut startup and runtime cost. Early benchmarks show up to 7% lower latency on H100 NVL hardware, substantially higher GPU utilization, and far lower CPU load while powering models such as Llama 3.1 8B in Workers AI.

Cloudflare Introduces MCP Server Portals for Zero Trust

🔒 Cloudflare has launched MCP Server Portals in Open Beta to centralize and secure Model Context Protocol (MCP) connections between large language models and application backends. The Portals provide a single gateway where administrators register MCP servers and enforce identity-driven policies such as MFA, device posture checks, and geographic restrictions. They deliver unified visibility and logging, curated least-privilege user experiences, and simplified client configuration to reduce the risk of prompt injection, supply chain attacks, and data leakage.

SASE Best Practices for Securing Generative AI Deployments

🔒 Cloudflare outlines practical steps to secure generative AI adoption using its SASE platform, combining SWG, CASB, Access, DLP, MCP controls and AI infrastructure. The post introduces new AI Security Posture Management (AI‑SPM) features — shadow AI reporting, provider confidence scoring, prompt protection, and API CASB integrations — to improve visibility, risk management, and data protection without blocking innovation. These controls are integrated into a single dashboard to simplify enforcement and protect internal and third‑party LLMs.

Block Unsafe LLM Prompts with Firewall for AI at the Edge

🛡️ Cloudflare has integrated unsafe content moderation into Firewall for AI, using Llama Guard 3 to detect and block harmful prompts in real time at the network edge. The model-agnostic filter identifies categories including hate, violence, sexual content, criminal planning, and self-harm, and lets teams block or log flagged prompts without changing application code. Detection runs on Workers AI across Cloudflare's GPU fleet with a 2-second analysis cutoff, and logs record categories but not raw prompt text. The feature is available in beta to existing customers.