Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Turning Cloudflare's threat indicators into real-time WAF rules

Cloudflare’s Threat Events provides security analysts with a window into the global threat landscape. The platform offers a peek into the immense traffic that Cloudflare processes every day, so you can see in real time which IPs are attacking specific industries or which threat actors are trending globally. However, translating that visibility into active mitigation has often been a manual, reactive process.

Your AI bill is out of control. Cloudflare can fix it now.

There isn't a CIO on the planet not worried about AI spend right now. CFOs are increasingly nervous, too. For fear of falling behind, many companies have pushed their employees to use AI as aggressively as possible. The edict was clear: "Move fast, we'll figure out the bill later." And for the most part, it worked: AI has been genuinely transformational for the teams that leaned in. But the costs are real: we’ve heard countless horror stories of huge bills and painful overages on token spend.

Announcing Claude Compliance API support with Cloudflare CASB

Today, we are extending Cloudflare’s cloud access security broker (CASB) to support the Claude Compliance API. Security and compliance teams can now monitor Claude usage directly in the Cloudflare dashboard. No endpoint agents required. Enterprise security teams have long struggled to see how users interact with sanctioned and unsanctioned applications. The rapid adoption of AI applications has made this harder.

How Cloudflare responded to the "Copy Fail" Linux vulnerability

On April 29, 2026, a Linux kernel local privilege escalation vulnerability was publicly disclosed under the name "Copy Fail" (CVE-2026-31431). Cloudflare’s Security and Engineering teams began assessing the vulnerability as soon as it was disclosed. We reviewed the exploit technique, evaluated exposure across our infrastructure, and validated that our existing behavioral detections could identify the exploit pattern within minutes.

When DNSSEC goes wrong: how we responded to the .de TLD outage

On May 5, 2026, at roughly 19:30 UTC, DENIC, the registry operator for the.de country-code top-level domain (TLD), started publishing incorrect DNSSEC signatures for the.de zone. Any validating DNS resolver receiving these signatures was required by the DNSSEC specification to reject them and return SERVFAIL to clients, including 1.1.1.1, the public DNS resolver operated by Cloudflare. The country-code top-level domain for Germany, .de, is one of the largest on the Internet.

Code Orange: Fail Small is complete. The result is a stronger Cloudflare network

Over the past two and a bit quarters, we've undertaken an intensive engineering effort, internally code-named "Code Orange: Fail Small", focused on making Cloudflare's infrastructure more resilient, secure, and reliable for every customer. Earlier this month, the Cloudflare team finished this work.

How Cloudflare Got 2x Faster Servers With Less Cache

In this episode of This Week in NET, JQ Lau and Victor Hwang from our Network & Infrastructure Strategy team walk us through Cloudflare's 13th generation of servers — the machines that power a significant part of the internet across 330+ cities worldwide. The Gen 13 program doubled compute density by jumping from 96 to 192 cores, but that came with an 83% drop in L3 cache. The team explains how a bold hardware bet, combined with Cloudflare's FL2 Rust-based software rewrite, turned that trade-off into a win across throughput, latency, and power efficiency.

Post-quantum encryption for Cloudflare IPsec is generally available

While more than two-thirds of human-generated TLS traffic to Cloudflare is already protected by post-quantum cryptography, the world of site-to-site networking has been a different story. For years, the IPsec community remained caught between the high bar of Internet-scale interoperability and the niche requirements of specialized hardware. That gap is now closing.