Home / Companies / Cloudflare / Blog / February 2026

February 2026 Summaries

13 posts from Cloudflare

Filter
Month: Year:
Post Summaries Back to Blog
The Border Gateway Protocol (BGP), essential for directing Internet traffic, is vulnerable to route leaks caused by configuration errors or malicious actions. To address this, the industry is adopting a new cryptographic standard called Autonomous System Provider Authorization (ASPA), which validates the entire path of network traffic to ensure it travels only through authorized networks, complementing the existing Resource Public Key Infrastructure (RPKI) that secures traffic destinations. ASPA allows networks to publish authorized upstream providers, facilitating the verification of AS paths and preventing unauthorized route propagation. Cloudflare Radar has introduced an ASPA deployment monitoring feature to track its adoption across the five Regional Internet Registries, noting that while ASPA enhances routing security, it does not fully protect against all forms of forged-origin hijacks. Creating ASPA objects is now a straightforward process, and Cloudflare encourages networks to adopt this cryptographic upgrade to improve Internet path validation and security.
Feb 27, 2026 1,964 words in the original blog post.
Streaming data is crucial for modern applications, but the current Web streams standard, developed by WHATWG, faces criticism for outdated design choices that hinder usability and performance. Initially created without leveraging modern JavaScript features like async iteration, the standard's API introduces complexities such as locking models, BYOB (bring your own buffer) reads, and backpressure management that can lead to inefficiencies and resource management issues. Despite significant adoption across platforms like browsers, Node.js, and Deno, the standard's reliance on promises and complex machinery often results in performance bottlenecks, especially in high-frequency or resource-intensive scenarios. An alternative approach, utilizing JavaScript language primitives and async iterables, demonstrates the potential for significant performance gains by simplifying the API, eliminating unnecessary complexity, and providing explicit control over backpressure and buffering policies. This proposal aims to spark a conversation about reimagining the streaming API to better align with contemporary JavaScript practices, emphasizing simplicity, efficiency, and modern functionality.
Feb 27, 2026 7,973 words in the original blog post.
Cloudflare has undertaken a comprehensive redesign of its Turnstile widget and Challenge Pages, which are encountered billions of times daily by internet users verifying their humanity online. This redesign aims to address user frustration and improve accessibility without compromising security. The initiative involved a detailed audit to identify inconsistencies and frustrations in the user experience, followed by the development of a unified information architecture that simplifies and clarifies user interactions. Key changes include reducing verbosity in error messages, improving visual and textual consistency, enhancing accessibility to meet WCAG 2.2 AAA standards, and introducing a Troubleshooting Modal to empower users to resolve issues themselves. The redesign process involved extensive user testing across diverse demographics and languages to ensure global applicability. Cloudflare's efforts focus on improving the Challenge Completion Rate, reducing the Time to Complete, decreasing Abandonment Rates, lowering support ticket volumes, and shifting social sentiment towards a more favorable perception of their verification challenges. The company views this redesign as a foundational step for continuous improvement in response to evolving security threats and user feedback.
Feb 27, 2026 3,725 words in the original blog post.
Cloudflare's analysis highlights the concept of "toxic combinations," where seemingly minor security issues, such as misconfigurations or overlooked anomalies, can combine to form significant vulnerabilities. This approach shifts from focusing on individual request risks to examining the broader context and intent behind potential threats. Cloudflare identifies these toxic combinations by examining intersections of bot activity, application paths, request anomalies, and vulnerabilities, revealing vulnerabilities like publicly accessible admin panels, unauthenticated API endpoints, and exposed monitoring dashboards. Despite their rarity, these combinations can lead to severe security incidents, such as data breaches or system compromises. The company illustrates how to detect and mitigate these vulnerabilities using their data and tools, offering strategies like enforcing authentication, disabling debugging in production, and implementing rate limiting. Cloudflare is integrating these detections into their Security Insights dashboard and developing AI-driven remediation paths to proactively address such risks.
Feb 27, 2026 4,030 words in the original blog post.
Cloudflare Radar has introduced new security-related data sets and tools, expanding its already extensive insights into various security threats such as application and network layer attacks, malicious emails, and Internet routing. The updates include enhanced post-quantum (PQ) monitoring for origin-facing connections and a tool for checking website PQ encryption compatibility. A Key Transparency section now provides real-time verification of end-to-end encrypted messaging services' key logs, while routing security insights have been expanded with global, country, and network-level information on ASPA deployment to prevent BGP route leaks. The platform tracks the growth of post-quantum encryption support, with significant adoption increases since early 2025, and now offers visibility into the post-quantum readiness of origin servers. Furthermore, Cloudflare has launched a tool to test hostname support for post-quantum encryption and introduced a Go container for compatibility checks. The Routing section now includes comprehensive RPKI ASPA support to track the adoption of this emerging routing standard, providing detailed insights into ASPA records and adoption trends. These enhancements aim to improve routing security, transparency, and post-quantum insights, with data accessible through the Radar API for further analysis and integration.
Feb 27, 2026 2,116 words in the original blog post.
Vinext, a new front-end framework built on Vite as an alternative to Next.js, promises significant improvements in build speed and client bundle size, positioning itself as a solution to Next.js's deployment challenges in serverless environments. Developed collaboratively by an engineer and an AI model, vinext offers a seamless transition for existing Next.js applications, retaining compatibility with current project structures while enhancing deployment efficiency to platforms like Cloudflare Workers. The framework, still experimental and early in its development, has demonstrated potential with promising benchmarks and support for features like Incremental Static Regeneration (ISR) and experimental Traffic-aware Pre-Rendering (TPR). The development leveraged AI's capabilities to navigate the complexities typically faced by human engineers, suggesting a potential shift in software architecture towards fewer abstraction layers. Although vinext is not yet fully battle-tested, it represents a promising innovation in the landscape of front-end development, driven by modern AI advancements and collaboration across the ecosystem.
Feb 24, 2026 2,968 words in the original blog post.
Cloudflare has unveiled its Cloudflare One platform as a pioneering Secure Access Service Edge (SASE) solution that incorporates post-quantum encryption to secure network traffic for enterprise clients. This development includes the industry's first cloud-native post-quantum Secure Web Gateway and Zero Trust solution, marking a significant advancement in protecting data against future quantum computing threats. Cloudflare One supports Module-Lattice-based Key-Encapsulation Mechanism (ML-KEM) for post-quantum encryption across various network on-ramps and off-ramps, including IPsec and TLS protocols, ensuring robust protection against "harvest-now, decrypt-later" attacks. The platform's approach to post-quantum cryptography (PQC) emphasizes interoperability and simplicity, aligning with standards set by the IETF and NIST, and aims to offer secure network solutions without the need for specialized hardware or costly upgrades. As quantum computing capabilities loom, Cloudflare's initiative addresses the urgency for organizations to adopt PQC to remain compliant and secure, with the first steps focusing on key establishment while digital signatures follow. The Cloudflare One Appliance has also been upgraded to incorporate PQ encryption, reflecting a comprehensive strategy to enhance cryptographic agility and safeguard data in a rapidly evolving technological landscape.
Feb 23, 2026 2,932 words in the original blog post.
On February 20, 2026, Cloudflare experienced a significant service outage that affected customers using its Bring Your Own IP (BYOIP) service due to an unintended withdrawal of internet routes caused by a configuration change. The issue, unrelated to any cyberattack, arose from modifications in Cloudflare's network management system that inadvertently removed customer prefixes, leading to widespread connectivity issues and 403 errors on Cloudflare's DNS resolver website. The incident, lasting over six hours, required extensive efforts to restore configurations and re-advertise prefixes. Cloudflare engineers quickly reverted the changes and provided guidance to customers for self-remediation, though some required manual intervention due to a software bug that removed service configurations. This outage highlighted deficiencies in Cloudflare's staging environment and testing processes, leading to a commitment to improve their Addressing API and deploy more controlled and automated configuration changes under their Code Orange: Fail Small initiative. This initiative aims to enhance network resilience by requiring controlled rollouts, removing manual interventions, and establishing better failure mode testing, ensuring such incidents are minimized in the future.
Feb 21, 2026 2,773 words in the original blog post.
Model Context Protocol (MCP) has emerged as a standard for AI agents to utilize external tools, but it faces a challenge where adding more tools limits the space available for tasks in the model's context window. Addressing this issue, Code Mode allows models to write and execute code using a typed SDK, thereby creating a compact plan for tool operations and reducing context window usage. This technique, also explored by Anthropic, has been applied to a new MCP server for the Cloudflare API, which consolidates the API's extensive operations into just two tools: search() and execute(). By using Code Mode, this server significantly reduces token usage by 99.9%, maintaining a fixed footprint regardless of the number of API endpoints. This efficiency is achieved by minimizing the input tokens to around 1,000, compared to over a million tokens without Code Mode. The approach is being open-sourced in the Cloudflare Agents SDK, enabling broader application in other MCP servers and AI agents.
Feb 20, 2026 374 words in the original blog post.
Ecdysis is a Rust library developed by Cloudflare that facilitates zero-downtime upgrades for network services by enabling graceful process restarts without dropping live connections or refusing new ones. After five years of successful implementation across Cloudflare's extensive global network, ecdysis has been open-sourced, allowing broader access to its capabilities. The library employs a fork-and-exec model, similar to that pioneered by NGINX, where a parent process forks a child process that inherits socket file descriptors, allowing continuous connection handling during upgrades. This method ensures that updates, security patches, and new features can be deployed without interrupting service, crucial for Cloudflare's critical operations like traffic routing and TLS management. Ecdysis supports asynchronous programming with Tokio and integrates with systemd for process lifecycle management, enhancing its utility for network services requiring high uptime. It has been instrumental in maintaining service reliability at Cloudflare by preventing millions of failed requests during upgrades.
Feb 13, 2026 1,877 words in the original blog post.
The evolving landscape of online content discovery is shifting from traditional search engines to AI crawlers and agents, necessitating structured data from the predominantly unstructured Web. To accommodate this shift, businesses must treat agents as essential visitors by optimizing content for AI consumption. Markdown has emerged as a preferred format for AI systems due to its efficiency in minimizing token use compared to HTML. Cloudflare's "Markdown for Agents" feature facilitates this transition by enabling real-time conversion of HTML to markdown, allowing AI systems to request and receive markdown content directly from enabled websites. This process reduces computational costs and complexity associated with traditional HTML parsing. The feature includes content signals that indicate permissible uses of converted content, such as AI training and search inputs. As AI systems increasingly browse the Web, Cloudflare Radar now tracks markdown usage to monitor these trends. This feature, available in Beta for Cloudflare's Pro, Business, and Enterprise plans, aims to streamline content delivery for AI agents and invites feedback for further enhancement.
Feb 12, 2026 1,276 words in the original blog post.
Cloudflare's 24th Quarterly DDoS Threat Report provides an extensive analysis of the evolving landscape of Distributed Denial of Service (DDoS) attacks for 2025, highlighting a significant 121% increase in such attacks compared to previous years. The report focuses on the fourth quarter of 2025, when the Aisuru-Kimwolf botnet launched "The Night Before Christmas" campaign, characterized by hyper-volumetric HTTP DDoS attacks exceeding 200 million requests per second. Throughout the year, Cloudflare mitigated an average of 5,376 attacks per hour, with network-layer DDoS attacks tripling in volume. The telecommunications sector emerged as the most targeted industry, while the United Kingdom experienced a dramatic rise in attack frequency, becoming the sixth most-attacked location. Cloudflare's autonomous defense systems successfully detected and mitigated these threats, emphasizing the importance of robust, cloud-based DDoS protection for organizations worldwide. The report underscores the need for continuous adaptation to the growing sophistication and scale of DDoS attacks, as attackers increasingly leverage global cloud infrastructure and telecommunications networks.
Feb 05, 2026 1,618 words in the original blog post.
Local Uploads for R2 has been launched in open beta, enhancing the speed and global accessibility of object data uploads by initially writing data to a nearby storage location before asynchronously replicating it to the bucket's designated region. This feature is particularly beneficial for applications with globally distributed users or devices needing fast upload performance, as it significantly reduces upload latency, with tests showing up to a 75% decrease in Time to Last Byte (TTLB) for cross-region uploads. Built on Cloudflare's network, R2 ensures strong data consistency and zero egress fees, with uploads and reads remaining fast worldwide. The process involves a pull model using Cloudflare Queues to manage asynchronous replication tasks, ensuring efficient data movement across regions without additional costs. Local Uploads can be easily enabled via the Cloudflare Dashboard or through a single command, allowing uninterrupted and optimized upload operations.
Feb 03, 2026 1,572 words in the original blog post.