Home / Companies / Cloudflare / Blog / March 2025

March 2025 Summaries

41 posts from Cloudflare

Filter
Month: Year:
Post Summaries Back to Blog
I'm excited to join Cloudflare's board of directors and retire from my full-time position as CTO after more than 13 years at the company. I joined Cloudflare in 2012, seeking a technical role that would allow me to focus on systems that make up the Cloudflare platform. During my time here, I've had the opportunity to work on various projects, including the Universal SSL launch, which doubled the size of the encrypted web overnight. I've also been proud to contribute to the company's mission to build a better Internet through standards and protocols. One of the key aspects of my experience has been working with an incredible team, many of whom have become like family to me. As I move into my new role on the board, I'm looking forward to continuing to help Cloudflare grow and succeed from a different perspective, while also exploring opportunities in AI and machine learning within the company's product suite.
Mar 27, 2025 1,185 words in the original blog post.
Cloudflare has emerged victorious against patent troll Sable IP and Sable Networks after a three-year campaign of meritless patent infringement claims. Cloudflare aggressively litigated the case, knocking out nearly 100 claims spanning four patents, and ultimately won a single claim at trial. The jury found that Cloudflare did not infringe on the remaining live claim, and also found the claim to be invalid. As a result, Sable agreed to pay Cloudflare $225,000, grant a royalty-free license to its entire patent portfolio, and dedicate all of its patents to the public. With the fight against Sable ended, Project Jengo, a prior art bounty program that helps crowdsource evidence to invalidate patents, has announced its final winners for the Sable case, including Jean-Pierre Le Rouzic and George J., who each received $10,000 for their contributions. Additionally, Cloudflare has sent a message to other patent trolls, warning them that it will not back down in the face of frivolous lawsuits, with another troll, Touchpoint Projections Innovations, having voluntarily dismissed its case against Cloudflare just two weeks after filing.
Mar 26, 2025 1,484 words in the original blog post.
The Cloudflare R2 object storage service experienced an elevated rate of errors for approximately 1 hour and 7 minutes on March 21, 2025. The incident started with the rotation of credentials used by the R2 Gateway service to authenticate with the storage infrastructure. However, instead of deploying the new credentials to the production environment, they were deployed to a non-production Worker, causing authentication errors that led to degraded availability. The root cause was identified as human error due to inadequate visibility into which credentials were being used by the R2 Gateway Worker. After a thorough investigation and deployment of the correct credentials, service availability was restored. To prevent similar failures in the future, Cloudflare has taken steps to improve its key rotation process, including adding logging tags, requiring explicit confirmation before deleting previous tokens, and updating its hotfix release tooling to enforce environment configurations and safety checks.
Mar 25, 2025 2,177 words in the original blog post.
It feels like almost everyone building AI applications and agents is talking about the Model Context Protocol (MCP), as well as building MCP servers that you install and run locally on your own computer. However, with Cloudflare's support for remote MCP servers, developers can now build and deploy these servers to Cloudflare, providing a more accessible way for people to use AI applications and agents. This enables the wider audience of Internet users who aren't going to install and run MCP servers locally for use with desktop apps, allowing them to continue tasks across devices and log in and have things just work. Remote MCP servers are accessible on the Internet, and people simply sign in and grant permissions to MCP clients using familiar authorization flows. This opens up new ways of working with LLMs and agents to a much wider audience, including more everyday consumer use cases. The Model Context Protocol is quickly becoming the common protocol that enables LLMs to go beyond inference and RAG, and take actions that require access beyond the AI application itself, such as sending an email or deploying a code change.
Mar 25, 2025 2,720 words in the original blog post.
OPKSSH (OpenPubkey SSH) is an open-source project that simplifies SSH management by allowing users to authenticate with single sign-on technologies like OpenID Connect, eliminating the need to manually manage and configure SSH keys. OPKSSH was previously closed-source and owned by BastionZero (now Cloudflare), but has been gifted to the OpenPubkey project, making it open-source. This technology extends the functionality of OpenID Connect, enabling ID Tokens to be used as certificates in the SSH protocol, adding SSO authentication to SSH without requiring changes to the SSH protocol. OPKSSH overcomes issues with long-lived SSH keys by using ephemeral public keys that expire when needed, reducing security risks and increasing usability for users. It also provides improved visibility into who has access to servers, making it easier for administrators to track user permissions. The project is open-sourced under the Apache 2.0 license, and its code can be found on GitHub.
Mar 25, 2025 1,792 words in the original blog post.
Cloudflare has announced several security updates and innovations during Security Week, including a Zero Trust platform to protect against quantum threats, automated phishing abuse reports, enhanced account security features, and improved Bot Management flexibility. The company also introduced new tools such as Cloudy, an AI agent for simplifying complex configurations, and Cloudflare Access, which provides private applications and reusable access policies. Additionally, Cloudflare has expanded its data security offerings with new features such as DLP Assist in Microsoft Outlook, lattice cryptography support, and improved detection accuracy with AI-powered context analysis. The company also emphasized its commitment to helping build a safer Internet through its various initiatives and partnerships.
Mar 24, 2025 1,565 words in the original blog post.
The URLPattern API is a standard published by the WHATWG that provides a pattern-matching system for URLs, allowing developers to easily handle route matching with built-in support for named parameters, wildcards, and complex pattern matching. Cloudflare has contributed an implementation of the URLPattern API to Node.js, making it available starting with version 23.8.0, and unifying it with Ada URL, which powers URL handling in both Node.js and Cloudflare Workers. This contribution marks an important step toward bringing this API to the broader JavaScript ecosystem and ensures consistent features across JavaScript runtimes. The implementation is optimized for performance and provides a simple API that allows developers to easily match URLs against patterns. With its support for server-side and non-browser environments, URLPattern simplifies the ecosystem by reducing fragmentation while improving developer experience and creating a better Internet.
Mar 24, 2025 1,244 words in the original blog post.
The text is about lattice cryptography, a paradigm at the heart of post-quantum (PQ) transition in cryptography. It discusses how the Internet's cryptography is evolving to address the looming threat of quantum computers breaking public-key cryptography. The text introduces lattice-based cryptography as an alternative to elliptic curves and explains its benefits and challenges. It also covers the details of a specific lattice-based encryption scheme called ML-KEM (Multivariate Lattice Encryption Scheme) and discusses its security and efficiency. Additionally, it touches on authentication using a related signature scheme called ML-DSA (Multivariate Lattice Digital Signature Algorithm). The text concludes by highlighting the potential applications of lattice cryptography in full homomorphic encryption (FHE) and other areas.
Mar 21, 2025 9,301 words in the original blog post.
Cloudflare Email Security customers using Microsoft Outlook can now utilize the new DLP Assist capability, which scans emails in real-time to identify potential data loss prevention violations. This application is lightweight, easy to deploy, and helps organizations maintain compliance without disrupting workflow. It integrates with the Desktop (Mac and Windows) and Web Outlook clients, passively scanning emails as they are composed. The DLP engine leverages OCR technology to analyze attachments, extract text from images, and detect DLP violations across both email content and embedded data. Administrators can instantly alert users of violations and take action downstream, whether by blocking or encrypting messages, to prevent sensitive information from leaking. The application is designed for quick deployment and allows customers to immediately begin scanning emails for sensitive data and taking action to prevent unauthorized sharing, ensuring compliance and security from day one.
Mar 21, 2025 1,311 words in the original blog post.
We are excited to announce our public sector suite of services for Australia, Cloudflare for Government - Australia, has been assessed under the Infosec Registered Assessor Program (IRAP) at the PROTECTED level in Australia. IRAP provides a rigorous, standardized approach to security assessment for cloud products and services, reinforcing our commitment to providing secure solutions for government agencies. Our global network offers governments and highly regulated customers a unique capability to be within 50ms of 95% of Internet users globally, while also offering robust security for data processing, key management, and metadata storage. Cloudflare's single platform strategy enables almost every product and service across our solution areas to be included in scope with Cloudflare for Government - Australia, including application security products and Zero Trust Products. Our network spans more than 330 cities in over 120 countries, providing resiliency, security, and performance.
Mar 21, 2025 596 words in the original blog post.
Cloudflare has released a browser-based Remote Desktop Protocol (RDP) solution that enables secure, remote access to Windows servers without the need for VPNs or RDP clients. The solution leverages Cloudflare's modern proxy architecture and Zero Trust Network Access service to provide a secure and performant solution with low latency and enhanced security features. It exclusively supports modern RDP authentication mechanisms, enforcing best practices for secure access. The browser-based RDP solution is in closed beta and available free to teams of under 50 users or at no extra cost to existing customers through an Access or Zero Trust subscription.
Mar 21, 2025 2,620 words in the original blog post.
We've developed a self-improving AI-powered algorithm that adapts to an organization's unique traffic patterns to reduce false positives in Cloudflare's Data Loss Prevention (DLP) solution. This algorithm, built into the DLP Engine, uses a pretrained language model to convert text into high-dimensional vectors, capturing the meaning of the text and ensuring that similar sentences with different wording map to close vectors. The system then performs a nearest neighbor search to find previously logged false or true positives with similar meanings, allowing it to identify context similarities even if the exact wording differs. This approach has proven robust in handling new pattern matches and reducing false positives over time. The solution is seamlessly integrated with Cloudflare's developer platform, including Workers AI and Vectorize, simplifying its design and focusing on the algorithm itself without the overhead of provisioning underlying resources.
Mar 21, 2025 1,323 words in the original blog post.
Cloudflare has announced the expansion of its Cloud Access Security Broker (CASB) product, now known as Cloud DLP, which enables users to scan objects in Amazon S3 buckets and Google Cloud Storage for sensitive data matches. This new functionality provides posture management features, allowing users to identify misconfigurations and other cloud security issues that could leave their data vulnerable. The solution is simple to use by default but highly configurable, giving users flexibility to fine-tune the scanning profiles to suit their specific needs. It also includes a serverless architecture approach for streamlined processing, ensuring sensitive data discovery is both efficient and scalable.
Mar 21, 2025 1,057 words in the original blog post.
Cloudflare's Aegis is a product that provides origin protection for customers, allowing them to restrict access to their server using IP addresses. It was launched in March 2023 and allows customers to bring their own IPs (BYOIP) to be used with Aegis. This feature enables customers to have more control over their traffic and reduce the risk of security breaches. Aegis uses a technology called soft-unicasting, which allows it to share a single subnet across many servers, thereby enabling fast, local, and reliable egress from Cloudflare's network. The product also supports connection reuse and coalescence, which can improve performance by reducing the number of connections needed to reach an origin server. Aegis is designed to work with Cloudflare's Zero Trust security model, which aims to verify everything and trust nothing. With the introduction of Aegis analytics, customers will be able to monitor their IP address usage in aggregate, allowing them to optimize their deployment and configure custom alerts based on certain port usage thresholds. Overall, Aegis provides a powerful tool for customers to protect their origins and improve security hygiene.
Mar 20, 2025 3,165 words in the original blog post.
Cloudflare is revisiting its Application Security features, breaking away from artificial product boundaries and introducing a unified platform with one cohesive UI. This unification aims to simplify security configurations, detect threats faster, and maintain consistent protection across all aspects of an application. The new experience focuses on signals and detections, providing intelligence about the traffic, and security rules that let users combine these signals to block, challenge, or perform actions on web traffic. The unified approach ensures attackers have a harder time finding a way in, making it easier for security practitioners to adopt features and implement effective security postures. The new dashboard includes an overview page that aggregates and prioritizes security suggestions across all web assets, simplified analytics, a new web assets page, a single Security Rules page, and a settings page with advanced control based on security needs. The unified platform enables rapid build of new use-case driven threat detections and precise control over how Cloudflare responds to potential threats. Users can experience the new navigation by logging in to the Cloudflare dashboard and clicking on "Check it out".
Mar 20, 2025 1,748 words in the original blog post.
Cloudflare has redesigned its Cloudflare Access service to simplify secure access for every application, regardless of whether it's public or private. The new feature allows administrators to define applications using private IP addresses and hostnames, enabling easier management of private network access controls. This update introduces an application-aware firewall, per-application session management, and reusable policies, which simplify policy management across multiple applications. The redesign also includes a refreshed user interface with more information at a glance and consistent workflows for defining and managing applications. Private hostname support is currently limited to port 443 with TLS inspection enabled, but plans are underway to extend support to arbitrary private hostnames on any port and protocol in the future.
Mar 20, 2025 2,562 words in the original blog post.
Cloudflare has introduced a new feature called Cloudy, an AI agent designed to help users quickly understand and improve their Cloudflare configurations. The first version of Cloudy is embedded into two Cloudflare products: the Web Application Firewall (WAF) and Gateway. Cloudy aims to automate away the time-consuming task of manually reviewing and contextualizing Custom Rules in WAF and Gateway policies, providing a summary of what's configured across them and identifying potential issues such as redundant rules, optimization opportunities, and disabled security rules. The AI agent uses Workers AI, which leverages large language models to process vast amounts of information and provide actionable recommendations. Cloudy is now available to all users, with plans for additional AI-powered functionality across other areas of the product suite in 2025.
Mar 20, 2025 1,343 words in the original blog post.
Connections over cleartext HTTP ports risk exposing sensitive information as they are transmitted unencrypted and can be intercepted by network intermediaries. To address this, Cloudflare is closing all HTTP ports on its API endpoint (`api.cloudflare.com`) to prevent initial plaintext requests from being exposed before a secure HTTPS connection is established. This change will make it clear to developers that accessing the API over HTTP instead of HTTPS with their secret API keys can have serious implications. The transition has been made gradually across data centers, and customers will be able to opt-in to this feature in the last quarter of 2025. The goal is to eliminate exposure entirely and prevent sensitive information from being transmitted in plaintext. By closing the underlying cleartext connection, Cloudflare is enforcing HTTPS-only connections for its API traffic, enhancing the security and reliability of its API endpoints.
Mar 20, 2025 2,213 words in the original blog post.
Forrester Research has recognized Cloudflare as a Leader in its The Forrester Wave: Web Application Firewall Solutions, Q1 2025 report. This market analysis highlights Cloudflare's unified web application protection platform that innovates and is easy to use. Cloudflare has transformed its WAF into an enterprise-grade Application Security platform with features such as bot mitigation, API security, client-side protection, and DDoS mitigation. The report praises Cloudflare for its integrated solution, advanced threat detection, and seamless user experience. Cloudflare received the highest possible scores in 15 out of 22 criteria, including product security, layer 7 DDoS protection, and management UI. The company's AI-powered WAF offers comprehensive detection mechanisms to identify attacks and vulnerabilities across web and API traffic. Forrester also highlighted Cloudflare's extensive security capabilities, particularly in its API security offerings.
Mar 20, 2025 930 words in the original blog post.
Cloudflare has introduced Cloudflare for AI, a suite of tools designed to help businesses, developers, and content creators adopt, deploy, and secure AI technologies at scale safely. The platform offers various features, including Workers AI and AI Agents SDK for deploying and securing AI applications, an AI Gateway for gaining visibility into application performance, Firewall for AI for protecting against exploits and ensuring PII flow and access, and an AI Audit dashboard for monitoring who is accessing content. Cloudflare aims to make AI security simple by providing a comprehensive solution that complements its existing mission to build a better Internet.
Mar 19, 2025 940 words in the original blog post.
Firewall for AI is an inline security solution that protects user-facing LLM-powered applications from abuse and data leaks. It integrates directly with Cloudflare’s Web Application Firewall (WAF) to provide instant protection with zero operational overhead, automatically discovering and enforcing AI guardrails throughout the entire request lifecycle. The beta release includes capabilities such as discovery, detection of sensitive information disclosure, mitigation of security controls, and more features will follow in future releases. By leveraging Cloudflare Workers AI, Presidio's Named Entity Recognition model, and other technologies, Firewall for AI aims to strengthen LLM security, prevent sensitive data exposure, and reduce the risk of social engineering attacks.
Mar 19, 2025 1,670 words in the original blog post.
Cloudflare has introduced AI Labyrinth, a new approach that uses AI-generated content to slow down and confuse bot traffic. When detected, Cloudflare deploys an automatically generated set of linked pages without requiring customers to create custom rules. This approach serves as a next-generation honeypot, wasting the resources of AI crawlers and making it difficult for them to gather useful information. The AI-generated content is created using Workers AI with an open-source model and is seamlessly integrated into existing pages without disrupting the user experience. By opting-in, customers can help improve Cloudflare's bot detection capabilities and stay ahead of AI scrapers.
Mar 19, 2025 1,167 words in the original blog post.
The Cloudflare Application Security team has moved its Bot Management heuristics engine to the Cloudflare Ruleset Engine, which provides a more expressive and flexible platform for writing rules. This move allows for more nuanced detection of bot traffic, increased accuracy, and better visibility into bot activity for customers. The new engine supports complex rules with arbitrary sub-conditions, making it easier to detect sophisticated bots. Additionally, customers can now see the specific heuristic that caught each request, providing greater granular explainability and control over their bot traffic. This change also enables more advanced features such as account takeover detection IDs, which help security teams identify suspicious login activity. The new heuristics engine is available for Bot Management customers to use in analytics, logs, firewall events, custom rules, rate limiting rules, transform rules, and workers.
Mar 19, 2025 1,539 words in the original blog post.
The field of generative AI is rapidly evolving, and one of its unintended consequences is the emergence of AI-generated content that can be difficult to distinguish from human-created content. This has significant implications for security, authenticity, and trust in digital artifacts. To address this challenge, researchers are exploring various techniques for watermarking AI-generated content, which involves embedding a unique identifier or signature into the content to verify its origin. One promising approach is the use of pseudorandom codes, which are designed to provide robustness against tampering or manipulation while maintaining detectability. Pseudorandom codes can be used to create watermarks that are resistant to attacks and can be verified publicly. The development of pseudorandom codes has the potential to make strong watermarks for generative AI more practical and deployable, especially in applications where security and authenticity are critical. However, further research is needed to determine the parameter ranges for which these schemes provide good security and to explore new approaches to building pseudorandom codes. Additionally, there is a need for publicly verifiable watermarks that can be used to authenticate digital artifacts beyond just AI-generated content.
Mar 19, 2025 4,882 words in the original blog post.
Modern websites rely heavily on JavaScript, and leveraging third-party scripts accelerates web app development without requiring a full rebuild. However, supply chain attacks targeting third-party JavaScript have become a reality, making manual review of each script impractical due to the vast number of scripts and rapid updates. Cloudflare has developed an AI model that detects the exact malicious intent behind each script, providing deeper visibility into client-side threats and empowering organizations to better protect their users from evolving security risks. The new feature is integrated into Page Shield, a cloud-based security solution that scans JavaScript dependencies on web pages and flags suspicious content. The AI model uses syntax trees to classify malicious code, balances precision and recall with speed, and has been trained using a combination of labeled data and unsupervised learning techniques. To address the challenge of unbalanced data, Cloudflare employs strategies such as generating code embeddings and caching inference results to reduce false positives and improve efficiency. The solution is now available to all Page Shield customers with the add-on, providing an additional layer of security against evolving security threats.
Mar 19, 2025 2,841 words in the original blog post.
Cloudflare is introducing new capabilities to support both business continuity and security needs in a fast-paced digital landscape. To achieve this, they are enhancing their Cloudflare Security Center with real-time discovery and inventory of all assets and documents, continuous asset-aware threat detection and risk assessment, prioritized remediation suggestions, and role-based access control (RBAC). These new capabilities address the need for predictive security posture and provide a healthy posture across SaaS and web applications. The platform also offers posture overviews that are closer to the corresponding security configurations of SaaS and web applications, securing SaaS applications by providing visibility across the SaaS application fleet in one dashboard. Additionally, Cloudflare is expanding its support to additional SaaS vendors, enhancing its data collection pipeline to be dynamic and real-time, and delivering new risk scans through API Posture Management to identify security issues and fix them early. The platform aims to simplify maintaining a good security posture by bringing together the ability to continuously assess threats and risks across both public and private IT environments through a single platform.
Mar 18, 2025 2,367 words in the original blog post.
Cloudflare has announced the expansion of its Log Explorer feature to include logs from its Zero Trust product suite, allowing customers to store and query their HTTP and security event logs natively within the Cloudflare network. This update provides a single starting point for investigations into threats detected by Cloudflare, enabling SOC analysts to maximize productivity and minimize costs. Additionally, customers can create custom dashboards to monitor suspicious or unusual activity, using a natural language interface that translates user queries into chart configurations. The feature is seamlessly integrated into the Cloudflare platform, allowing users to discover, investigate, and mitigate threats in one place, reducing time to resolution and overall cost of ownership. Future updates include custom alerts, scheduled query detections, and further integration across the full Cloudflare platform.
Mar 18, 2025 1,323 words in the original blog post.
Cloudflare Radar has evolved over time to provide more insights into security and attacks. The platform now features separate Application Layer and Network Layer pages, as well as a dedicated Email Security page. For DDoS-focused graphs, new insights into leaked credential trends, and a new Bots page are added in 2025. Leaked credentials detection scans incoming HTTP requests to detect known-leaked usernames and passwords, providing visibility into aggregate trends around the detection of leaked credentials. Radar also provides a worldwide view into the share of authentication requests originating from bots, with over 94% of requests coming from automated sources. A new dedicated Bots page is launched to support efforts in monitoring bot activity, including a graph showing bot traffic trends and a choropleth map illustrating locations originating the largest shares of all bot traffic. The platform's Data Explorer and AI Assistant enable interactive exploration of data across locations, networks, and time periods.
Mar 18, 2025 1,790 words in the original blog post.
Cloudflare is launching a threat events platform for Cloudforce One customers, which provides contextual data and actionable insights from a global perspective. The platform leverages Cloudflare's traffic insights to offer a comprehensive, real-time view of threat activity occurring on the Internet, enabling customers to better protect their assets and respond to emerging threats. The platform exposes events related to denial of service (DOS) attacks and advanced threat operations, mapped to the MITRE ATT&CK framework and cyber kill chain stages. It also provides customizable filters, allowing users to investigate and address specific questions about threats targeting their organization. The platform is built using Cloudflare Workers and Durable Objects, which enables it to scale across the network and store unique datasets. Cloudforce One customers can access threat events through the Cloudflare Dashboard in Security Center or via the Cloudforce One threat events API.
Mar 18, 2025 1,466 words in the original blog post.
Attackers are increasingly using sophisticated methods to simulate real user behavior and cause business harm through targeted attacks such as account takeovers, credential stuffing, fake account creation, content scraping, and fraudulent transactions. Traditional CAPTCHA solutions often provide simplistic trends on challenges without insights into traffic patterns or behavior. Cloudflare's Turnstile aims to equip users with more than just basic trends, providing meaningful analytics to make informed decisions and stay ahead of attackers. The new Turnstile Analytics upgrade enables users to identify harder-to-detect bots faster, fine-tune their bot security posture with less manual log analysis, and gain deeper insights into visitor traffic, challenge effectiveness, and potential security threats. Key features include enhanced visibility of TopN statistics, granular views of traffic attributes, challenge outcomes, solve rates, token validations, and the ability to interpret login page analytics to detect anomalies and identify suspicious IP addresses. The new analytics also surfaces actionable insights to strengthen protection layers and provide a bird's eye view of Turnstile efficacy, allowing users to take immediate action against suspicious activity.
Mar 18, 2025 2,119 words in the original blog post.
The Cloudflare company has added a new feature to its European headquarters in Lisbon, Portugal, a "wall of entropy" made of 50 wave machines generating constant motion and contributing to the company's security system, LavaRand. This installation honors Portugal's passion for the sea and exploration, echoing the country's maritime history and cultural significance. The wall is part of a larger project that includes the design ethos of the office space, which mimics the dynamic flow of the Internet itself. Cloudflare's LavaRand API makes this randomness accessible internally, strengthening cryptographic security across its global infrastructure.
Mar 17, 2025 1,619 words in the original blog post.
Cloudflare is taking a proactive approach to addressing the emerging threat of quantum computers by developing and implementing post-quantum cryptography. The company has made significant progress in migrating its TLS protocol to support post-quantum key exchange, with over 35% of non-bot HTTPS traffic protected against harvest-now-decrypt-later attacks. Cloudflare's Zero Trust platform now offers end-to-end quantum safety for accessing corporate HTTPS applications, without requiring customers to upgrade the security of their web applications. The company is also exploring new approaches to achieve post-quantum authentication without sacrificing performance. With a focus on continuous innovation and crypto-agility, Cloudflare aims to future-proof its customers' businesses against tomorrow's threats.
Mar 17, 2025 2,608 words in the original blog post.
Cloudflare has made significant improvements in multi-factor authentication (MFA) adoption since signing the Cybersecurity and Infrastructure Security Agency (CISA) Secure By Design pledge in May 2024. The company has introduced support for social logins with Apple and Google, which provides a seamless and robust layer of security, and automatically detects and notifies users who are using known, leaked passwords. Cloudflare also encourages every user to enable at least one additional authentication factor to better protect their account. The most effective defense against evolving threats is MFA, which can block 99.9% of automated attacks, reducing the risk of unauthorized access even if credentials are compromised. Users on Cloudflare are protected by the built-in challenge system, and the company supports multiple MFA methods, including phishing-resistant security keys, hardware keys, and Time-Based One-Time passwords using mobile authenticator apps.
Mar 17, 2025 947 words in the original blog post.
At Cloudflare, they are constantly innovating and launching new features across their product portfolio, including security tools. The company has released several new features to improve the security level of their customers' websites, providing better protection without requiring manual configuration. These updates include the ability to select specific cipher suites for encryption settings, improved URL scanning capabilities, such as bulk scanning, similarity search, and location picker, and a new API version that will integrate future advancements in URL scanning technology. The company aims to provide comprehensive, accessible, and proactive security solutions, empowering users to build a safer online presence.
Mar 17, 2025 3,408 words in the original blog post.
Cloudflare has implemented advanced automation tooling to detect and take action against phishing attacks, which have grown in volume and sophistication. The company has built a phishing detection engine using the Cloudflare Developer Platform, leveraging insights from its network, internal data, external feeds, and years of abuse report processing data to automatically assess risk and recommend action. This has resulted in significant improvements, including resolving 78% of phishing reports with a median time to take action on hosted phishing reports under an hour. The company is also partnering with customers and experts to identify emerging patterns of phishing activity and crafting targeted rules to prevent abuse of Cloudflare products.
Mar 17, 2025 1,273 words in the original blog post.
Cloudflare's analysis reveals that nearly half of all successful logins on popular Content Management Systems, particularly WordPress, involve leaked credentials. This widespread issue stems from users reusing passwords across multiple services, making them vulnerable to attacks. Bot-driven traffic accounts for 52% of detected authentication requests containing leaked passwords, with 95% of these attempts coming from bots engaged in credential-stuffing attacks. The analysis highlights the need for individuals and organizations to prioritize password hygiene, multi-factor authentication, and robust security measures to mitigate this risk. By adopting these strategies, users can strengthen their defenses against attackers exploiting stolen credentials.
Mar 17, 2025 1,251 words in the original blog post.
At Cloudflare, they aim to protect political campaigns from cyber threats, which can interfere with the democratic process and weaken public confidence. They launched Cloudflare for Campaigns in 2020, offering a free package of cybersecurity tools to support smaller campaigns. Since then, they have helped over 250 campaigns across the US. To further enhance their protection, they are now introducing Email Security, which will prevent phishing, spoofing, and other email threats. This is crucial, as phishing attacks have been a major threat in recent years, with examples including the targeting of Democratic National Committee staff and Russian intelligence agents attempting to infiltrate Senator Claire McCaskill's re-election campaign. Cloudflare has already safeguarded the email inboxes of over 100 campaigns during the 2022 US midterm elections, blocking around 150,000 phishing attempts. The new Email Security feature is now available for free, providing AI-powered threat detection, email authentication, real-time monitoring, seamless integration, and insightful reporting to help campaigns operate securely.
Mar 17, 2025 932 words in the original blog post.
The cybersecurity landscape is becoming increasingly complex, with the rapid advancement of AI and emerging technologies leading to more sophisticated threats. Organizations face a higher volume of attacks and an influx of more complex threats that carry real-world consequences. The traditional approach of layering point solutions is not sustainable, and security leaders need integrated platforms that reduce complexity while providing comprehensive protection and visibility. Cloudflare's Security Week 2025 aims to showcase innovation that will help security practitioners solve the challenges faced every day, including securing the post-quantum world, contextualizing threats on the network, and stopping threats at the edge with AI. The week-long event will highlight new tools and features, as well as Cloudflare's commitment to its mission of helping build a better Internet.
Mar 16, 2025 1,364 words in the original blog post.
AI (Artificial Intelligence) has seen significant growth in popularity, with Generative AI models being a key driver of this trend. The most popular Generative AI service is ChatGPT, which remains the top spot and is hovering around the top 50 Internet domains overall. Other notable services include DeepSeek, Grok/xAI, Character.AI, Perplexity, QuillBot, Codeium, GitHub Copilot, Hugging Face, and Suno AI. These services have experienced rapid traffic growth of over 250% in the past year, with Asia dominating certain platforms like poe.com. However, general AI chatbots are still the primary targets for DDoS attacks, accounting for over 80% of all blocked requests. The U.S., India, and Brazil lead in visitor traffic to Generative AI websites, while Europe plays a significant role in Hugging Face and GitHub Copilot. Cloudflare has observed an increase in attacks targeting Generative AI services, with 39 billion requests identified as DDoS attacks over the past year. As Generative AI continues to grow and transform Internet usage, it is essential to track these trends and insights to understand the evolution of this technology.
Mar 10, 2025 3,322 words in the original blog post.
Cloudflare is introducing Media Transformations, a new service that enables customers to optimize short-form video files without having to migrate them. This service builds upon Cloudflare Stream's managed video pipeline and offers a simpler solution for delivering small, optimized MP4 files while retaining the customer's current storage strategy. With Media Transformations, customers can fetch their short videos from existing storage like R2 or S3, optimize them quickly, and deliver them efficiently as small MP4 files. The service is available to all Cloudflare Stream customers, who can enable it by navigating to "Transformations" under Stream. Customers can then construct URLs that transform their videos using the `media` endpoint, which supports various flags such as `mode`, `time`, `duration`, and `fit`. Media Transformations will be free for beta and eventually use the same subscriptions and billing mechanics as Image Transformations, with a free allocation for all websites/zones. The service aims to simplify the developer experience, unify features, and streamline enablement in the future.
Mar 07, 2025 1,445 words in the original blog post.
Cloudflare has launched two new solutions to improve the user experience of its Waiting Room feature: Turnstile and Session Revocation. The Turnstile challenge is an invisible widget that detects bot traffic, while the Infinite Queue feature sends bots to a virtual queue where they are unable to progress without completing a challenge. These features work together to block bots from joining the queue, reducing wait times for humans and preventing inventory hoarding by sophisticated bots. Additionally, Session Revocation allows origins to terminate user sessions early via an HTTP header, improving throughput and minimizing wait times.
Mar 03, 2025 3,230 words in the original blog post.