Home / Companies / Cloudflare / Blog / May 2026

May 2026 Summaries

13 posts from Cloudflare

Filter
Month: Year:
Post Summaries Back to Blog
Cloudflare has developed two in-house tools, Town Lake and Skipper, to address the challenges of accessing and analyzing vast amounts of data generated across its global network. Town Lake serves as a unified data analytics platform that integrates various data sources into a single SQL interface, allowing for streamlined data access and analysis. Skipper, an AI data agent, provides a natural language interface for querying data, enabling users to obtain accurate and auditable answers quickly without requiring SQL knowledge. This system addresses the complexity of data sprawl, disparate systems, and the need for accurate, unsampled data while ensuring robust governance and security measures. By leveraging its own platform components, Cloudflare aims to empower employees with the ability to derive insights from data, fostering innovation and enhancing decision-making across the organization.
May 28, 2026 3,297 words in the original blog post.
Iran experienced two significant internet shutdowns in 2026, the first in early January and the second at the end of February, following military tensions involving the U.S. and Israel. These shutdowns severely curtailed internet traffic within the country, with connectivity dropping to near zero levels. After nearly three months, a partial restoration of internet access began on May 26, with significant increases in both general traffic and DNS queries, particularly from Tehran, as observed by Cloudflare Radar. Despite these improvements, traffic levels have only reached 40% of their former peak, and the volume of IPv6 traffic remains almost nonexistent, suggesting that the shutdowns were achieved through technical measures like application filtering. The restoration marks a potential turning point, but the situation remains fluid as recovery could be temporary.
May 27, 2026 871 words in the original blog post.
Cloudflare has expanded its cloud access security broker (CASB) to support the Claude Compliance API, allowing security and compliance teams to monitor Claude usage directly from the Cloudflare dashboard without needing endpoint agents. This move addresses the challenge of managing AI applications, which differ from traditional SaaS applications due to their conversational nature and integration into workflows, creating compliance risks not detectable by conventional security tools. The integration provides organizations with visibility and control over AI application interactions by offering out-of-band monitoring and scanning capabilities for sensitive data and misconfigurations. This helps organizations manage security risks associated with AI tools, such as unauthorized data sharing and compliance violations, by using Cloudflare's existing infrastructure, including the AI Gateway and Data Loss Prevention features. The integration with the Claude Compliance API ensures security findings are surfaced in the Cloudflare dashboard, allowing enterprises to manage Claude-specific risks alongside other SaaS applications, and to enforce security policies quickly and effectively. As AI adoption accelerates, Cloudflare is working to expand CASB's support for AI tools, enabling organizations to safely integrate and govern these applications within a unified platform.
May 21, 2026 1,102 words in the original blog post.
Cloudflare and Anthropic have partnered to integrate Claude Managed Agents with Cloudflare Sandboxes, offering developers enhanced control, security, and observability for their agent sandboxes. This collaboration aims to simplify the deployment and management of agents at scale, providing features such as customizable proxies for secure connections, detailed sandbox metrics and logs, and lightweight sandbox options that minimize infrastructure costs. By leveraging Cloudflare’s Developer Platform, developers can execute code, run applications, and connect to private services without exposing them to the Internet, ensuring both scalability and security. The integration supports various tools, including browser control for web interactions and email capabilities, allowing agents to perform complex tasks autonomously. This partnership enables developers to set up Claude Managed Agents quickly while maintaining flexibility to tailor the integration to specific needs, ultimately facilitating the management of large-scale agent deployments with Cloudflare's robust infrastructure.
May 19, 2026 1,776 words in the original blog post.
Cloudflare has been testing security-focused large language models (LLMs) on its infrastructure, highlighting the capabilities and challenges of Anthropic's Mythos Preview model in identifying and constructing exploit chains and generating proof of concept (PoC) for vulnerabilities. Unlike earlier models, Mythos Preview can chain low-severity bugs into more severe exploits and shows reasoning akin to a senior researcher. Despite its advancements, the model occasionally exhibits inconsistent refusals to perform certain tasks, indicating a need for additional safeguards for broader use. A key challenge with AI vulnerability scanners is the high noise level, particularly in memory-unsafe languages like C and C++, which Mythos Preview mitigates by providing clearer outputs with PoCs. The research emphasizes that existing AI models are not well-suited for broad vulnerability coverage due to their narrow context capabilities, suggesting the need for a harness that manages execution across multiple agents. Cloudflare's experience with Mythos Preview demonstrates the importance of architectural strategies that make exploitations harder, even when vulnerabilities exist, to maintain security until patches can be deployed.
May 18, 2026 2,725 words in the original blog post.
Cloudflare experienced significant performance issues with its ClickHouse database when migrating to a new partitioning scheme designed to allow per-namespace data retention, which initially slowed down daily aggregation jobs crucial for billing. This was caused by an unexpected bottleneck in query planning due to increased lock contention and inefficient part filtering, exacerbated by the sheer volume of data parts. To resolve this, a series of optimizations were implemented: switching to a shared lock to reduce contention, deferring unnecessary vector copying to improve performance, and employing a binary search to expedite part filtering. These changes significantly improved query durations and resolved the immediate crisis, although the experience highlighted the complexities and potential pitfalls of large-scale data architecture decisions, leaving open the question of whether further architectural changes might be necessary in the future.
May 14, 2026 2,167 words in the original blog post.
Browser Run has significantly improved its performance and scalability by transitioning to Cloudflare's Containers, allowing for a fourfold increase in browser concurrency and halving Quick Action response times. This transition involved moving away from shared infrastructure with Browser Isolation, which previously caused performance bottlenecks due to its larger container images and less optimal global distribution. The migration to Containers enabled Browser Run to efficiently handle increased demand, particularly from AI agent developers, by implementing regional pools of pre-warmed browser containers to reduce latency. The shift from KV to D1 databases further enhanced scalability by allowing transactional, atomic assignment of browser sessions, eliminating race conditions and enabling batch processing to manage thousands of containers effectively. This infrastructure upgrade also facilitated faster feature development and integration of new capabilities such as WebGL and WebMCP, enhancing browser flexibility and enabling new interaction patterns for agentic development. These advancements position Browser Run as a robust platform for automated browser usage at scale, catering to developers' needs for end-to-end testing, secure investigations, and AI-driven web interactions.
May 13, 2026 1,596 words in the original blog post.
CUBIC, the default congestion controller in Linux, is crucial for managing TCP and QUIC connections, including those served by Cloudflare's quiche implementation. A bug was discovered where CUBIC's congestion window became stuck at its minimum after a congestion collapse event, due to a Linux kernel change intended to align CUBIC with app-limited exclusions in RFC 9438. This issue led to unexpected test failures, revealing that the recovery mechanism in quiche's implementation misinterprets the state of the connection, particularly during periods of high packet loss. The bug was traced to a miscalculation of the idle period, causing rapid oscillation between recovery and congestion avoidance states due to an inaccurate adjustment of the congestion recovery start time. The fix involved refining the measurement of idle duration from the last ACK rather than the last packet sent, effectively stabilizing the recovery process and restoring normal CUBIC behavior. This small yet crucial code adjustment resolved the issue and was incorporated into Cloudflare's quiche, highlighting the complexity of congestion control algorithms and the importance of precise timing in network protocols.
May 12, 2026 2,750 words in the original blog post.
On April 29, 2026, a Linux kernel vulnerability known as "Copy Fail" (CVE-2026-31431) was disclosed, prompting Cloudflare's Security and Engineering teams to quickly assess and mitigate potential risks to their infrastructure. Despite the vulnerability's potential to allow unauthorized privilege escalation, Cloudflare confirmed that their existing behavioral detection systems could recognize the exploit without prior signature updates, ensuring no customer data was at risk, and no services were disrupted. The vulnerability stemmed from an out-of-bounds write issue within the kernel's crypto API, particularly affecting the algif_aead module, which was initially optimized for in-place operations. To address this, Cloudflare implemented a runtime mitigation using bpf-lsm, which allowed legitimate users to access the API while blocking unauthorized attempts. This approach, coupled with their regular Linux kernel updates, ensured that Cloudflare's infrastructure remained secure, with the incident handled without impacting service availability. The response highlighted the efficacy of Cloudflare's security protocols and the importance of collaborative efforts across their teams and the broader Linux community in mitigating such vulnerabilities.
May 07, 2026 2,450 words in the original blog post.
Cloudflare announced a significant workforce reduction of over 1,100 employees, emphasizing the move as a strategic realignment for the AI-driven era rather than a cost-cutting measure or reflection on individual performance. The company has seen a 600% increase in AI usage over the past three months, prompting a need to reimagine internal processes and roles to enhance value delivery and uphold its mission of improving the Internet. Cloudflare assured transparent communication, with emails sent directly from leaders Matthew Prince and Michelle Zatlyn to all employees about the changes. Departing employees will receive comprehensive severance packages, including extended salary payments, healthcare support, and equity vesting, as a gesture of respect and empathy. The company believes these decisive actions will provide clarity and stability, allowing Cloudflare to remain agile and innovative amid its commitment to transparency and continued leadership in the digital space.
May 07, 2026 890 words in the original blog post.
On May 5, 2026, DENIC, the registry operator for Germany's .de TLD, mistakenly published incorrect DNSSEC signatures, causing widespread DNS resolution failures as resolvers, including Cloudflare's public DNS resolver 1.1.1.1, rejected these signatures according to DNSSEC specifications. This incident, which led to millions of domains becoming unreachable, highlighted the critical role DNSSEC plays in ensuring data integrity by verifying that DNS records haven't been tampered with, despite not providing privacy. To mitigate user impact, Cloudflare implemented temporary measures, including employing "serve stale" to continue serving cached records past their TTL and deploying a workaround akin to a Negative Trust Anchor (NTA) to treat the .de zone as insecure, thereby bypassing DNSSEC validation. This incident underscores the importance of the DNS hierarchy and the challenges it presents when disruptions occur at the TLD level, emphasizing the need for collaboration and communication within the DNS community to quickly address and mitigate such issues.
May 06, 2026 2,092 words in the original blog post.
Cloudflare has evolved its Workers platform from a direct-to-developers tool into a sophisticated, multi-tenant ecosystem that allows platforms and their customers to dynamically deploy and execute custom code. Recently, Cloudflare introduced Dynamic Workflows and Dynamic Workers, enabling custom workflow execution for each tenant without the need for pre-provisioning, thus significantly reducing idle costs. This advancement allows platforms to handle millions of distinct workflows concurrently, accommodating diverse use cases such as CI/CD pipelines and agent-driven applications. The system leverages durable execution, ensuring workflows are resilient to failures and interruptions, and integrates seamlessly with existing Cloudflare infrastructure like Durable Object Facets and Artifacts for storage and source control. By offering a way to dynamically bind workflows to tenant-specific code, Cloudflare empowers platforms to provide individualized services efficiently, paving the way for unprecedented scalability and flexibility in cloud-based application deployment.
May 01, 2026 2,947 words in the original blog post.
Cloudflare has concluded a significant engineering initiative, "Code Orange: Fail Small," aimed at enhancing the resiliency, security, and reliability of its infrastructure following global outages in November and December 2025. The project focused on safer configuration changes, reducing failure impacts, revising incident management procedures, and improving communication. The introduction of Snapstone allows for health-mediated deployment of configuration changes, ensuring issues are caught early and do not affect large portions of traffic. Failure impact reduction strategies now include using last known good configurations and segmenting systems to minimize outage effects. Revised incident management procedures provide broader access to essential tools and pathways during outages, supported by drills to ensure readiness. A new internal Codex has been established to enforce best practices across Cloudflare's development lifecycle, integrating AI reviews to prevent regressions. The company has also enhanced its communication strategy to keep customers informed during incidents, aiming for transparency and timely updates throughout the resolution process. These comprehensive efforts have led to a strengthened infrastructure and a commitment to continual improvement in resilience.
May 01, 2026 2,038 words in the original blog post.