August 2025 Summaries
37 posts from Cloudflare
Filter
Month:
Year:
Post Summaries
Back to Blog
Cloudflare has introduced new capabilities to facilitate the development of real-time, voice-enabled AI applications on its global network, emphasizing the transformation of human interaction with AI through natural communication patterns like voice. These advancements include Cloudflare Realtime Agents, a runtime for orchestrating voice AI pipelines at the edge, and support for WebRTC audio as PCM in Workers, enabling direct connection of WebRTC audio to AI models. The platform also introduces WebSocket support for real-time AI inference with models such as PipeCat's smart-turn-v2 and integrates Deepgram's speech-to-text and text-to-speech models on Workers AI, enhancing global scalability and latency reduction. These features aim to simplify the deployment of voice AI applications by providing flexible building blocks and low-latency connections, positioning Cloudflare as a key player in the transition of conversational AI from experimental stages to production-ready systems.
Aug 29, 2025
1,928 words in the original blog post.
Cloudflare has introduced Cloudy, an AI agent integrated with their security analytics functionality, aimed at simplifying and accelerating the process of threat detection and analysis for security professionals. This integration allows users to interact with a new conversational interface that facilitates root cause analysis and mitigation, making it easier to interpret complex security data and identify threats. Since its launch, Cloudy has gained significant traction, with thousands of users deploying its capabilities, and its integration with the Cloudforce One Threat Events platform provides real-time, context-rich threat intelligence. This enables users to prioritize and act on indicators of compromise by leveraging Cloudflare's global network data. The development of Cloudy involved the use of Cloudflare's Agents SDK and Workers AI, ensuring precise and contextual insights without relying on customer data. Cloudflare plans to expand Cloudy's capabilities further, enhancing its integration with alerts and visualizing complex attack data, while maintaining its role as an essential tool in the security landscape.
Aug 29, 2025
1,124 words in the original blog post.
Monitoring and troubleshooting corporate network performance has become increasingly complex due to shifts towards cloud environments and remote work models. Cloudflare has developed Cloudflare One, a Secure Access Service Edge (SASE) platform, to address these challenges by protecting enterprise applications, users, devices, and networks. This platform includes two key capabilities: Cloudflare's Zero Trust client, known as WARP, which encrypts and forwards traffic, and Digital Experience Monitoring (DEX) for monitoring performance. Cloudflare has introduced AI-powered tools to simplify troubleshooting, including the WARP diagnostic analyzer and the Model Context Protocol (MCP) server for DEX. The WARP diagnostic analyzer uses AI to interpret diagnostic logs for connectivity issues, enabling quicker resolution by demystifying events impacting performance. The MCP server allows Cloudflare One customers to engage in custom analytics without integrating log data into a SIEM, providing answers to specific queries about device performance. These tools are designed to enhance network security and performance analysis, offering Cloudflare One customers, regardless of their plan, access to advanced diagnostic and analytical capabilities with minimal setup time.
Aug 29, 2025
1,982 words in the original blog post.
Organizations constantly face threats from phishing, business email compromise (BEC), and advanced email attacks, with Cloudflare using its extensive Internet visibility to process billions of email threat signals daily through AI and machine learning models. While Cloudflare's rapid detection and rule deployment successfully block malicious emails, they create a challenge for security teams who may not understand the rationale behind blocked emails due to a lack of context. To address this, Cloudflare introduced "Cloudy," an AI-powered agent designed to translate complex detection logic into clear explanations, minimizing the risk of security liabilities. Initial challenges with Cloudy included "hallucinations," where the model generated inaccurate information, but these were mitigated through safeguards like Retrieval-Augmented Generation (RAG) and enhanced model context. Testing now shows Cloudy provides stable and clear explanations for email detections, and Cloudflare is running a beta program to ensure accuracy before wider implementation. Additionally, Cloudflare offers a Retro Scan tool for free, allowing organizations to scan existing emails for threats and implement further security measures, even if they are not Cloudflare customers.
Aug 29, 2025
885 words in the original blog post.
In 2025, the landscape of internet usage and content consumption is being significantly reshaped by generative AI, particularly through the increased activity of AI training crawlers that consume large volumes of web data while contributing less referral traffic back to content creators. This shift is evidenced by declining referral traffic from traditional search engines like Google, which now features AI-generated summaries at the top of search results, contributing to reduced visits to news websites and impacting advertising revenues and subscription conversions. Data from Cloudflare and other studies indicate that AI-related crawling activity surged by 32% year-over-year in April 2025, though growth slowed to 4% by July. Training-related crawling has become dominant, accounting for nearly 80% of AI bot activity, as AI models like OpenAI's GPTBot and Anthropic's ClaudeBot increase their presence, while others like ByteDance's Bytespider see declines. The imbalance between crawling and referral traffic highlights the challenge publishers face in this new ecosystem, as they provide data for AI training but receive minimal traffic in return, posing a potential threat to content creation sustainability unless new models of compensation or collaboration are developed.
Aug 29, 2025
2,269 words in the original blog post.
Monitoring and troubleshooting corporate network performance has become increasingly complex with the rise of cloud environments, SaaS applications, and remote work models. Cloudflare addresses these challenges with its Secure Access Service Edge (SASE) platform, Cloudflare One, which includes tools like the WARP diagnostic analyzer and Digital Experience Monitoring (DEX) to simplify these tasks. The WARP diagnostic analyzer uses AI to interpret diagnostic logs, helping users quickly understand and resolve connectivity issues. Meanwhile, the Model Context Protocol (MCP) server for DEX allows for custom analytics, enabling network security practitioners to perform detailed performance analyses without extensive engineering resources. These tools provide Cloudflare One customers with enhanced capabilities for diagnosing and optimizing network performance, making complex troubleshooting more accessible and efficient.
Aug 29, 2025
2,073 words in the original blog post.
Publishers and content creators are transitioning from traditional keyword-based search to AI-driven conversational search to meet changing user expectations, as exemplified by AI systems like Copilot and ChatGPT. This shift is supported by Microsoft's open project NLWeb and Cloudflare's AutoRAG infrastructure, which together enable websites to offer natural-language query capabilities, transforming them into AI-ready platforms. NLWeb defines a standard protocol for conversational access, while AutoRAG manages retrieval and continuous indexing of website content, allowing both human users and AI agents to interact with site data seamlessly. This new model not only enhances user engagement but also opens up potential monetization opportunities for publishers by fostering more direct interactions within their own branded environments. Cloudflare's integration simplifies the process for website owners, offering a "one-click" solution to make their sites conversational, thereby positioning websites as first-class data sources and paving the way for future advancements in web interaction.
Aug 28, 2025
1,560 words in the original blog post.
Cloudflare is empowering content creators by introducing AI Crawl Control, a tool that allows them to manage how AI systems access their content, moving beyond blocking to facilitating communication and licensing opportunities. The tool, which evolved from the AI Audit tool, is now generally available and enables content creators to use customizable HTTP 402 status codes to negotiate terms with AI crawlers. This approach provides content creators with control over their content's usage while opening new monetization avenues and creating direct channels for licensing negotiations. The introduction of AI Crawl Control reflects a market shift toward collaboration between content creators and AI companies, emphasizing the importance of structured communication for content licensing and monetization in the age of AI.
Aug 28, 2025
738 words in the original blog post.
The traditional model of search platforms driving traffic to websites, which in turn generated ad revenue for publishers, has been disrupted by the rise of AI platforms that provide direct answers without requiring users to click through to source sites. This shift has prompted Cloudflare Radar to introduce new analytics on AI bot and crawler traffic, including crawl/refer ratios and insights into AI bot activities categorized by purpose, such as training, search, and user actions. Notably, the majority of crawling traffic is aimed at gathering data to train AI models, often ignoring standard web directives like robots.txt files. Cloudflare's tools now allow users to explore bot traffic trends by industry, vertical, and purpose, revealing variations in crawling patterns and crawl-to-refer ratios across different sectors. As AI crawlers become more prevalent and their purposes diversify, Cloudflare is working on providing more granular data to help content owners manage this traffic, while also developing standards for how automated systems should interact with web content.
Aug 28, 2025
1,453 words in the original blog post.
The text discusses the development and testing of a new background removal feature for images, utilizing dichotomous image segmentation models on Workers AI, which builds on previous work in face cropping. Initially, deploying AI workloads was complex and required costly hardware, but advancements like Workers AI have simplified this process. The feature isolates subjects in images from their backgrounds using models such as U^2-Net, IS-Net, BiRefNet, and SAM, each with unique strengths in segmentation accuracy and efficiency. The testing involved evaluating models on datasets with varying complexity and measuring accuracy using metrics like Intersection over Union, Dice coefficient, and pixel accuracy. U^2-Net and IS-Net showed faster inference times on smaller GPUs, while BiRefNet excelled in accuracy and complexity handling, proving suitable for the Images API. The background removal capability is now available in open beta through the Images API, supporting automatic isolation of subjects for enhanced image optimization and creative applications.
Aug 28, 2025
3,039 words in the original blog post.
Cloudflare has introduced a new classification system for bot traffic, distinguishing between verified bots and a new category known as signed agents. While verified bots are recognized for their transparency and adherence to specific guidelines, signed agents are directed by end users rather than a single company, utilizing cryptographic signatures through Web Bot Auth for identity verification. This new classification aims to provide more precise control and visibility over automated traffic, allowing customers to set granular security preferences while maintaining a clear distinction between benign and malicious activities. The initiative includes partnerships with entities like ChatGPT agent, Goose from Block, Browserbase, and Anchor Browser, enabling these agents to operate on behalf of end users with reliable and responsible web access. Cloudflare's updated Radar directory now features these classifications, offering enhanced transparency into bot and agent traffic patterns, ultimately facilitating a more controlled and secure interaction between websites and automated agents.
Aug 28, 2025
1,567 words in the original blog post.
Cloudflare has introduced several new features to its AI Gateway platform, aiming to simplify and enhance the development and management of AI applications. The platform now offers unified billing, secure key storage, dynamic routing, and enhanced security controls with Data Loss Prevention (DLP), allowing users to manage costs, API keys, and AI traffic across different providers from a single interface. Cloudflare has partnered with major AI providers such as Anthropic, Google, Groq, OpenAI, and xAI, giving users access to over 350 models. The AI Gateway supports Cloudflare's Secrets Store for secure key management, ensuring sensitive information is stored and accessed safely, while dynamic routes allow users to customize actions based on request attributes. Additionally, the platform includes a unified request/response translation layer, streamlining interactions with different AI providers and models. These features are designed to provide developers with better observability, security, and control, aligning with Cloudflare's established capabilities in managing global Internet traffic.
Aug 27, 2025
1,576 words in the original blog post.
Workers AI has expanded its model catalog by partnering with Leonardo.Ai and Deepgram to offer cutting-edge AI models for specific use cases such as low-latency image generation and real-time audio voice agents. This expansion aims to leverage Cloudflare's global infrastructure, which includes specialized GPUs designed for rapid AI inference, to deliver high-speed and efficient AI applications. Leonardo.Ai contributes two image generation models, Phoenix and Lucid Origin, known for their prompt coherence and photorealistic outputs, while Deepgram offers audio models like Nova-3 for fast speech-to-text transcription and Aura-1 for expressive text-to-speech conversion. These models are integrated into Cloudflare's comprehensive Developer Platform, which supports building complex applications with features like WebRTC, WebSockets, and various storage and media transformation tools, enabling developers to create sophisticated AI-driven solutions.
Aug 27, 2025
1,074 words in the original blog post.
As AI product demand increases, Cloudflare has developed Omni, a platform designed to efficiently manage AI models on its edge nodes by maximizing GPU usage. Omni allows multiple AI models to run on a single machine and GPU using lightweight isolation techniques, effectively improving model availability, minimizing latency, and reducing idle GPU power consumption. It achieves this by employing a single control plane to manage model instances, implementing process and Python isolation, and over-committing GPU memory to accommodate more models per GPU. This approach mitigates the challenges of managing infrastructure at scale, allowing for elastic scaling and fine-grained control over model lifecycles. Omni integrates into Cloudflare's internal routing and scheduling systems, offering a unified layer for diverse inference engines and supporting features like batching and function calling. By isolating models with distinct dependencies and optimizing memory management, Omni enhances the efficiency and performance of Cloudflare's Workers AI service, facilitating rapid deployment of new models and features.
Aug 27, 2025
1,947 words in the original blog post.
Cloudflare has developed Infire, a new inference engine written in Rust, to efficiently handle AI tasks across its globally distributed network, addressing challenges associated with the use of centralized AI deployment models and the inefficiencies of running inference tasks on general-purpose engines like vLLM. Infire tackles these issues by maximizing GPU utilization and minimizing CPU overhead through advanced techniques such as continuous batching, paged KV caching, and optimized low-level operations for Nvidia hardware. This approach allows Cloudflare to run inference tasks faster and more resource-efficiently than before, reducing operational costs and freeing up CPU resources for other services. The development of Infire is part of Cloudflare's strategy to enhance its infrastructure for AI applications, with future plans to incorporate features like multi-GPU support and multi-tenancy. This advancement underscores Cloudflare's commitment to providing a robust platform for AI developers, improving the efficiency of requests served via its Workers AI platform.
Aug 27, 2025
2,479 words in the original blog post.
Security teams are rapidly adapting to secure AI-powered applications, such as chatbots and search assistants, which, while enhancing customer experiences, also introduce new risks like data exfiltration and model poisoning. Cloudflare has responded to these challenges by enhancing its AI security offerings with a new unsafe content moderation feature integrated directly into its Firewall for AI, utilizing Llama Guard for real-time protection of Large Language Models (LLMs) at the network level. This feature enables security teams to block harmful prompts or topics without altering application code or infrastructure, addressing top risks like prompt injection and PII disclosure. The Firewall for AI is model-agnostic, providing consistent protection across any model, whether third-party, in-house, or custom-built, by applying unified security policies. The system uses advanced topic detection and classification techniques to moderate AI interactions, preventing issues such as misinformation and offensive content, while maintaining the model's utility and performance. Cloudflare's scalable architecture ensures minimal latency and reliable performance, even as new detection models are added. The company plans to expand its offerings with additional controls and capabilities in the future, and the Firewall for AI is currently available in beta for interested users.
Aug 26, 2025
1,621 words in the original blog post.
As businesses rapidly adopt Generative AI tools to maintain competitiveness, IT and security leaders face the challenge of developing robust AI Security Strategies amidst evolving security concerns. The Cloudflare Secure Access Service Edge (SASE) platform offers a comprehensive solution by integrating networking and security functions to ensure safe and efficient access to corporate resources. The platform extends its capabilities to govern AI usage, providing tools for visibility, risk management, and data protection. Key features include AI Security Posture Management (AI-SPM), which offers shadow AI reporting, AI prompt protection, and out-of-band API CASB integrations, among others. These features enable organizations to align their security strategies with business goals, ensuring that AI adoption is both secure and innovative. Cloudflare's platform supports the deployment of AI infrastructure and security strategies, offering a unified dashboard for monitoring and managing AI interactions, while also integrating Zero Trust principles and controls for Model Context Protocol (MCP) deployments. This approach allows organizations to implement AI security strategies effectively without the complexity of managing disparate solutions.
Aug 26, 2025
3,634 words in the original blog post.
Cloudflare has introduced API-based Cloud Access Security Broker (CASB) integrations for its Cloudflare One platform to help organizations securely manage their use of generative AI tools such as OpenAI's ChatGPT, Claude by Anthropic, and Google's Gemini. These integrations allow IT and security teams to detect misconfigurations, data loss, compliance risks, and more without requiring cumbersome software installations. The API CASB provides out-of-band visibility into data at rest and security posture within these AI tools, while Cloudflare Gateway offers in-line prompt controls and Shadow AI identification. The integration supports agentless connections, posture management, and data loss prevention (DLP) detection, providing insights into how enterprises use these AI tools and identifying potential risks. Each AI tool has specific integration capabilities, such as detecting sensitive content or managing API keys and license hygiene, and Cloudflare aims to extend its management coverage as generative AI environments evolve.
Aug 26, 2025
1,055 words in the original blog post.
The text discusses the transformative impact of SaaS and Gen AI applications on business operations, highlighting the risks associated with "Shadow IT" and "Shadow AI" where unapproved applications may compromise sensitive data. It introduces Cloudflare's new initiative to help organizations manage these risks through automated assessment of SaaS and Gen AI applications using Cloudflare Application Confidence Scores. These scores are part of a suite of AI Security Posture Management features aimed at evaluating the safety, security, and data protection practices of third-party applications. The scoring system is designed to be transparent and objective, using a detailed rubric that incorporates publicly available information and human oversight. Cloudflare aims to provide these scores for free to all customer tiers, encouraging the adoption of best practices in AI safety and security. The initiative also includes plans for future integration of these scores into Cloudflare's platform to help businesses control access and apply data protection measures based on the scores.
Aug 26, 2025
2,746 words in the original blog post.
Cloudflare has launched MCP Server Portals in Open Beta as part of its Cloudflare One platform to enhance the security and functionality of Large Language Models (LLMs) through the Model Context Protocol (MCP). MCP acts as a universal translator, enabling secure connections between LLMs and various applications, transforming them into capable teammates rather than isolated tools. This innovation, however, introduces new security risks, such as potential data breaches and cyber-attacks due to the expanded attack surface. By centralizing and securing every MCP connection, Cloudflare's Server Portals offer a solution by providing a single gateway for all MCP servers, ensuring comprehensive visibility, policy enforcement, and simplified user configuration in line with Zero Trust security principles. Looking ahead, Cloudflare plans to further secure AI ecosystems through additional enforcement mechanisms, integration with firewalls, and machine learning to detect anomalies, while continuing to collaborate with the open-source community to enhance MCP standards.
Aug 26, 2025
1,661 words in the original blog post.
Artificial Intelligence is rapidly transforming industries by enhancing efficiency, such as enabling customer support agents to handle more inquiries and allowing salespeople to focus on relationship-building. However, the swift advancement of AI technology often surpasses existing governance and security measures, leading to potential risks like uncontrolled data exposure and misuse of content. Cloudflare is addressing these challenges during its AI Week by introducing solutions to secure AI environments, protect intellectual property from unauthorized AI usage, and enhance developers' abilities to create secure AI-driven applications. The company is also integrating AI into its own platform to improve threat detection, network performance, and overall efficiency, ensuring it remains at the forefront of innovation while safeguarding user data and content.
Aug 25, 2025
1,308 words in the original blog post.
AI Avenue is a dynamic and engaging series designed to demystify artificial intelligence by showcasing its development and application in a hands-on, accessible manner. Hosted by Craig and his robot co-host Yorick, the series unfolds over six episodes, each highlighting a different aspect of AI, such as voice synthesis, computer vision, and generative AI, while addressing common fears and misconceptions about the technology. Through playful interactions, interviews, and real-world demonstrations, AI Avenue aims to strip away jargon and present AI as a tool that can augment human capabilities rather than replace them. The series collaborates with prominent AI companies like Anthropic, Engineered Arts, and ElevenLabs to provide insights and tutorials, encouraging viewers of all skill levels to experiment with AI tools themselves. Each episode promises to be a blend of humor, education, and exploration, inviting audiences to not only learn about AI but also to interact with it in meaningful ways.
Aug 25, 2025
765 words in the original blog post.
Corporate environments are facing a new security challenge known as "Shadow AI," where employees use AI tools like public chatbots and code-generation assistants without organizational oversight, risking data leaks and intellectual property exposure. Traditional security measures struggle to address this issue due to the invisibility of data interactions with AI applications. Cloudflare's Shadow IT Report provides a solution by offering visibility and analytics into AI usage within organizations, allowing security teams to monitor and manage the use of AI tools effectively. This tool categorizes AI applications and tracks their use, enabling organizations to approve, review, or block applications based on their security policies. It integrates with Cloudflare Gateway to inspect traffic and enforce security policies, offering features such as data loss prevention and session isolation. Additionally, Cloudflare Log Explorer provides deeper forensic capabilities for investigating AI-related security incidents. The report is part of Cloudflare's broader shadow IT discovery capabilities, aimed at helping organizations regain control and governance over AI application usage.
Aug 25, 2025
1,970 words in the original blog post.
Generative artificial intelligence (GenAI) is being increasingly utilized within organizations for tasks such as drafting emails and debugging code, enhancing productivity but also posing significant data security risks as employees often input confidential information into public AI tools. Cloudflare has developed AI prompt protection as part of its Data Loss Prevention (DLP) product to address these risks by providing tools for organizations to govern AI usage while safeguarding sensitive data. This capability, integrated into Cloudflare One, aims to move beyond simple application bans by offering granular controls that allow organizations to specify permissible actions when using GenAI. It includes four key components: prompt detection, topic classification, guardrails, and logging, which work together to provide visibility and control over AI interactions. The system employs a multi-model approach for topic classification to ensure accurate policy enforcement without compromising user privacy, supporting AI applications like Google Gemini, ChatGPT, Claude, and Perplexity. Cloudflare is expanding this feature to include more applications and improve workflow, aiming to empower organizations to innovate securely with AI.
Aug 25, 2025
2,670 words in the original blog post.
The evolving digital landscape has introduced "Shadow AI" as a new security concern in corporate environments, where employees use powerful AI tools without official approval, posing significant risks in data leakage and security oversight. Unlike traditional "Shadow IT" where unauthorized hardware or cloud services were used, Shadow AI involves employees inadvertently exposing sensitive information by interacting with AI services like chatbots and code generators. Cloudflare's Shadow IT Report aims to address this by providing visibility and insights into AI usage within organizations, leveraging Cloudflare Gateway to track and categorize application interactions. This tool allows security teams to monitor AI application usage, approve or restrict access based on internal policies, and enforce data loss prevention measures, ensuring that innovation is balanced with security. Through detailed analytics and reporting, including the use of Log Explorer for forensic investigations, Cloudflare helps organizations regain control over AI application access and data governance.
Aug 25, 2025
1,998 words in the original blog post.
For over two decades, the internet's real-time communication ecosystem has relied on a combination of specialized protocols such as RTMP for ingest, HLS and DASH for scale, and WebRTC for interactivity, each addressing specific challenges but collectively leading to complexities and trade-offs in latency, scale, and operational efficiency. In response, Cloudflare has launched the Media over QUIC (MoQ) relay network as a solution to unify these disparate technologies into a single, flexible protocol, built on the modern transport layer of QUIC, which eliminates issues such as TCP head-of-line blocking and enables sub-second latency at broadcast scale. Developed through a collaborative effort at the IETF alongside industry giants like Meta and Google, MoQ offers a simplified architecture for real-time applications, supporting both high and low bandwidth data with features like prioritization and congestion control, while maintaining interoperability with existing systems. As Cloudflare rolls out MoQ in over 330 cities, the protocol is available for free testing during its tech preview phase, with plans for transparent pricing once fully launched, inviting developers to explore its potential for future real-time applications.
Aug 22, 2025
3,466 words in the original blog post.
On August 21, 2025, a significant surge in traffic from a single customer led to severe congestion on the network links between Cloudflare and Amazon Web Services (AWS) us-east-1, affecting users with latency and packet loss issues. The incident, which was not an attack, caused disruptions primarily due to insufficient capacity in Cloudflare's edge routers and a pre-existing failure in one of the direct peering links. AWS's attempts to alleviate congestion by withdrawing some BGP advertisements inadvertently worsened the situation by rerouting traffic to already strained links. The problem was mitigated by rate limiting the customer's traffic and through coordinated efforts between Cloudflare and AWS to restore normal operations. In response, Cloudflare is implementing a multi-phased strategy to prevent such events in the future, including enhancing network capacity and developing a traffic management system to ensure that no single customer's usage can impact the entire network.
Aug 21, 2025
1,351 words in the original blog post.
Fogos.pt, a volunteer-run project led by João Pina, has become a vital source of real-time wildfire information for millions in Portugal, evolving from a late-night side project parsing PDF fire reports into a full-featured app and website with visual maps and historical data. As wildfires are a global challenge, reliable information is crucial, as demonstrated by fogos.pt's role during Portugal's intense wildfire seasons, where it is used by firefighters, journalists, citizens, and government agencies. The site is part of Project Galileo, Cloudflare's initiative to protect important public interest sites, which proved essential when fogos.pt suffered two Distributed Denial of Service (DDoS) attacks in July and August 2025. Cloudflare's autonomous systems mitigated these attacks, ensuring no downtime. With traffic surging to nearly 60,000 concurrent users and handling over 550 million requests in two weeks during peak wildfire alerts, fogos.pt exemplifies how public service and technology can collaborate effectively. Despite lacking formal funding, this project highlights the power of community-driven initiatives, supported by allies like Cloudflare, to maintain crucial public services.
Aug 21, 2025
1,049 words in the original blog post.
During Developer Week 2024, Cloudflare unveiled its AI face cropping feature, now available in general release, which is part of a broader suite of AI image manipulation tools. Initially developed with social media and e-commerce platforms in mind, the feature automatically detects and crops around faces in images, enhancing the preparation of images for production use. The technology transitioned from a CPU-based prototype to a more efficient GPU-based implementation using the Workers AI framework, addressing memory usage issues and improving scalability. Utilizing the RetinaFace model, AI face cropping identifies faces within images and optimizes the cropping process using advanced neural network methodologies. This approach ensures privacy by focusing solely on face detection without identification. The implementation also includes a gravity parameter to adjust cropping focal points, particularly useful for images with multiple or off-centered subjects. Cloudflare's transition to a GPU-based system has significantly reduced memory usage, allowing for more efficient processing and maintaining service availability. The company plans to expand its AI image editing capabilities, including background removal and generative upscaling, as it continues to enhance its media pipeline services.
Aug 20, 2025
2,672 words in the original blog post.
Cloudflare has launched the Browser Developer Program, aiming to foster collaboration between Cloudflare and browser development teams to enhance both web security and accessibility. This initiative provides a platform for browser developers to share feedback, report issues, and ensure that Cloudflare's security tools, such as Challenges and Turnstile, work seamlessly across all browsers. The program offers a two-way communication channel, best practices for testing, early visibility into updates, and a private community forum. It addresses the challenges posed by the diverse web ecosystem, which includes a wide variety of browsers, each with unique constraints and capabilities. By engaging directly with browser developers, especially those working on niche or emerging platforms, Cloudflare seeks to balance the diverse needs of users and maintain robust security standards without excluding legitimate users from less conventional platforms. The program is open to all browser developers and aims to improve the user experience by creating solutions that cater to both security and the varied ways people access the Internet.
Aug 18, 2025
954 words in the original blog post.
On August 13, 2025, researchers from Tel Aviv University revealed a new HTTP/2 denial-of-service vulnerability named MadeYouReset (CVE-2025-8671), affecting certain unpatched HTTP/2 server implementations that fail to properly track server-sent stream resets, potentially leading to resource exhaustion. This vulnerability, akin to the Rapid Reset attack (CVE-2023-44487), exploits the stream reset mechanism within the HTTP/2 specification, where repeated resets can overwhelm server resources. Cloudflare, informed of the vulnerability in May, confirmed it was not susceptible due to prior defensive measures implemented since similar vulnerabilities in 2019 and 2023, such as the Netflix and Rapid Reset vulnerabilities. Cloudflare's Pingora framework, utilizing the Rust-language h2 library, was potentially affected when using versions prior to 0.4.11, but Cloudflare's infrastructure remained secure since it doesn't terminate inbound HTTP connections. The vulnerability only impacts a limited number of HTTP/2 implementations, with most major systems already fortified against such attacks following guidelines from RFC 9113. The researchers, Gal Bar Nahum, Anat Bremler-Barr, and Yaniv Harel, were credited for their discovery and cooperation in the coordinated disclosure process.
Aug 14, 2025
655 words in the original blog post.
Cloudflare has introduced two new product bundles, Externa and Interna, to simplify and enhance internet connectivity and security for businesses, aligning with their mission of building a better Internet. These bundles address the complexity and inefficiency of traditional point-product solutions by offering an integrated approach to protecting both public-facing infrastructure and internal systems. Externa focuses on connecting and securing the external elements of a business, such as websites and APIs, with predictable pricing and no charges for attack traffic, while Interna addresses internal systems and hybrid work environments by eliminating redundant bandwidth charges and expanding corporate networks through pooled user licenses. Cloudflare's unified platform leverages its extensive network and AI capabilities to provide effective security solutions, offering businesses a scalable, value-driven path that eliminates the need for complex, patchwork solutions. The new bundles come in Essentials, Advantage, and Premier tiers, allowing businesses to grow and adapt their security and connectivity needs seamlessly.
Aug 12, 2025
1,150 words in the original blog post.
Cloudflare experienced a major service outage on June 12, 2025, due to a failure in the storage infrastructure of its Workers KV service, which was exacerbated by the outage of a third-party cloud provider. Workers KV, a global key-value store supporting high read volumes, initially relied on a dual-provider architecture to maximize availability. However, as usage increased, the system faced operational challenges, leading to a temporary reliance on a single provider. The outage highlighted the need for a more resilient architecture, prompting Cloudflare to transition to its own infrastructure using a hybrid storage approach that combines distributed databases and Cloudflare R2. This new setup races writes to both backends, ensuring durability and minimizing latency, while a sophisticated synchronization process maintains data consistency across providers. The implementation of KV Storage Proxy (KVSP) facilitates communication between Cloudflare Workers and database clusters, optimizing for the storage of small objects typical of Workers KV traffic. The refined architecture not only restores dual-provider capabilities but also significantly improves performance and availability, laying the groundwork for Cloudflare's complete infrastructure independence and enhancing the reliability of Workers KV for its users.
Aug 08, 2025
3,386 words in the original blog post.
OpenAI has released its latest open-weight models, a 120 billion parameter model and a 20 billion parameter model, as part of a collaboration with Cloudflare, which is making these models available through its Workers AI platform. These Mixture-of-Experts models, which run natively at FP4 quantization, offer improved efficiency and speed compared to traditional dense models and are designed for text-only applications with features like reasoning capabilities, tool calling, and Code Interpreter. Cloudflare is utilizing its infrastructure, including its Sandbox product, to support these models' capabilities, allowing for stateful code execution and rapid deployment. The models are integrated with the new Responses API format recommended by OpenAI, and Cloudflare is providing support for developers to build applications using these models on its platform, emphasizing transparency, customizability, and data security.
Aug 05, 2025
784 words in the original blog post.
Cloudflare identified a significant opportunity to improve the speed of its privacy proxy product, which allows users to browse the web without revealing personal information. The improvement focused on reducing the latency of "double-spend" checks related to Privacy Pass tokens, which initially took around 40 ms to complete. Using a combination of tracing and metrics, Cloudflare discovered that the latency was primarily caused by the interaction between Nagle's algorithm and delayed acknowledgments (ACKs) in their network communication. The team found that their implementation sent multiple small messages for a single command, leading to delays. By employing BufWriter to consolidate these messages into a single user-space memory buffer, the latency was reduced to less than 1 ms. The investigative process involved a systematic, data-driven approach, emphasizing observability tools, testable hypotheses, and the identification of subtle interactions in the code, ultimately contributing to a faster and more efficient Internet experience for users.
Aug 05, 2025
1,807 words in the original blog post.
Perplexity, an AI-powered answer engine, has been observed engaging in stealth crawling behavior that circumvents website preferences, despite being initially blocked through their declared user agents. This behavior includes modifying user agents, changing source ASNs, and ignoring robots.txt directives, prompting Cloudflare to de-list them as a verified bot and implement heuristics to block such activity. Tests confirmed that Perplexity accesses content on restricted domains by using undeclared crawlers with rotating IPs and ASNs, contrary to web crawling norms. In contrast, OpenAI is highlighted as a positive example, adhering to best practices by respecting robots.txt and not evading blocks. Cloudflare has developed measures to block Perplexity's stealth crawling and continues to collaborate with experts to establish clear standards for bot behavior, allowing customers to protect their content against unauthorized AI access.
Aug 04, 2025
1,257 words in the original blog post.
Earlier this year, external researchers identified a vulnerability in Cloudflare’s deprecated SSL for SaaS v1 product, prompting the company to accelerate the transition to the more secure SSL for SaaS v2. SSL for SaaS v1, introduced in 2017, allowed SaaS providers to use Cloudflare's security and performance features but carried risks due to its reliance on IP-based routing, which could be exploited by malicious actors through DNS manipulation or cross-site scripting. In response, Cloudflare launched SSL for SaaS v2, which moves away from IP-based routing to a verified custom hostname model, enhancing security by ensuring only authorized hostnames are routed to their respective origins. Despite officially deprecating v1 in 2021, some customers remained on the platform due to extenuating circumstances, but Cloudflare has since worked to migrate most to v2, implementing additional controls for those still using v1. The company has emphasized its commitment to security and transparency, thanking researchers for their disclosure and reassuring customers of continued efforts to prioritize the security of its platform.
Aug 01, 2025
1,185 words in the original blog post.