Home / Companies / Cloudflare / Blog / June 2026

June 2026 Summaries

19 posts from Cloudflare

Filter
Month: Year:
Post Summaries Back to Blog
Cloudflare Workflows introduces saga rollbacks to enhance the reliability of multi-step applications by allowing developers to define compensation logic directly within each step. This feature ensures that if a step fails, the workflow can revert completed steps to a consistent state, using a pattern known as the saga pattern. By incorporating rollback functions as part of step metadata rather than separate error handling, developers can maintain workflow durability and simplify error recovery. Rollbacks are executed in reverse step-start order, ensuring that operations are undone in a predictable manner. The API design avoids complex try-catch logic by integrating rollback handlers directly into the step.do() function, supporting idempotent operations to prevent duplication during retries. This approach provides a clear, concise way to manage state across workflows, with rollbacks treated as lifecycle events that are recorded and retried if necessary, enhancing the robustness of the workflow system.
Jun 25, 2026 2,719 words in the original blog post.
Cloudflare, a company known for supporting a significant portion of the web, recently enhanced its platform by launching self-managed OAuth for all customers, allowing easier creation and management of OAuth clients for its API. This development addresses the limitations of previous third-party OAuth access, which was restricted and required reliance on API tokens. The upgrade, necessitated by the growing demand for delegated access and the expansion of Cloudflare's Developer Platform, involved significant improvements to their OAuth engine, originally powered by the open-source Hydra. The transition included a blue-green deployment strategy to mitigate user impact and ensure data stability, which involved complex database migrations and operational adjustments to handle token management and revocation processes. The upgrade resulted in improved performance metrics, with faster API response times and reduced resource usage, thus providing a more robust foundation for future integrations and expanding Cloudflare's app ecosystem.
Jun 24, 2026 1,744 words in the original blog post.
On June 22, 2026, President Trump signed Executive Order 14409 to protect U.S. federal systems from potential threats posed by quantum computing to current cryptographic standards. This executive order mandates that federal agencies transition their High Value Assets and high impact systems to post-quantum encryption by December 31, 2030, and to post-quantum authentication by December 31, 2031. The order highlights the urgency due to the accelerated timeline for the advent of quantum computers capable of breaking public-key cryptography. Federal contractors are also required to comply with these standards to ensure that the products they provide support post-quantum cryptography. The EO aims to use federal procurement to drive the broader adoption of post-quantum cryptography across various industries, similar to past technological initiatives. While Cloudflare and other companies are already implementing post-quantum encryption, the transition to post-quantum authentication remains in its early stages, with broader ecosystem support expected by 2027. The EO also instructs the development of guidance for cryptographic bill of materials and emphasizes the importance of crypto agility and international alignment on cryptographic standards. The initiative is seen as critical for national security, urging organizations to begin their transition immediately to safeguard against harvest-now-decrypt-later attacks and future quantum threats.
Jun 23, 2026 3,716 words in the original blog post.
The Images service at Cloudflare, built in Rust and utilizing the hyper HTTP library, experienced an intermittent bug after a rearchitecture that provided a more direct connection between the Workers runtime and the Images service. This bug caused image transformation requests to intermittently fail for larger images, returning truncated data without errors. The issue stemmed from a race condition in hyper's connection lifecycle, where a timing-dependent flaw led to premature shutdowns before all data was flushed to the socket. After extensive investigation, including kernel-level tracing with strace, the problem was pinpointed to hyper's handling of flush operations in its dispatch loop. The fix required ensuring that flush operations completed before initiating shutdowns, which was implemented and subsequently merged into hyper's codebase. This resolution not only stabilized the Images binding but also paved the way for expanded functionalities, such as supporting operations for hosted images, enhancing Cloudflare's capability to build media-rich applications.
Jun 22, 2026 3,270 words in the original blog post.
Cloudflare has introduced Temporary Cloudflare Accounts for AI agents to facilitate seamless deployment of websites, APIs, and other projects without requiring traditional sign-up processes that are typically designed for humans. This new feature allows AI agents to deploy using the Wrangler command-line interface with a --temporary flag, enabling deployments that last for 60 minutes, during which they can be claimed permanently by a user. This approach addresses the friction AI agents face with browser-based authentication and enables a more efficient write-deploy-verify loop by providing cheap, disposable deployment targets. Cloudflare's initiative is part of a broader effort to eliminate barriers for AI-driven deployments, which includes partnerships with companies like Stripe and WorkOS to streamline account creation and authentication processes. The temporary accounts are designed to make the deployment process more intuitive and agent-friendly, encouraging developers to experiment and iterate more freely.
Jun 19, 2026 973 words in the original blog post.
Cloudflare's Project Galileo, launched 12 years ago, aims to protect civil society organizations from cyberattacks by providing free cybersecurity services to over 3,400 websites across 120 countries, including those of journalists and human rights defenders. Celebrating its anniversary, Cloudflare released its first comprehensive report on cyberattacks against civil society, highlighting that these groups are targeted more frequently and intensely than other internet users, particularly during critical moments like publishing investigative reports. The report reveals that DDoS attacks are the most common threat and that civil society organizations face higher rates of phishing and website vulnerability exploitation. Cloudflare also introduced new partners focused on supporting journalists and expanded its global reach to safeguard more organizations outside North America and Europe. The annual report and accompanying case studies are intended to serve as resources for understanding and responding to cyber threats, while Cloudflare continues to pursue initiatives to enhance protections for at-risk groups worldwide.
Jun 18, 2026 1,138 words in the original blog post.
Project Glasswing, a recent exploration by Cloudflare into the application of frontier AI models for enterprise security, highlights the limitations of relying on single-model approaches and underlines the necessity for a model-agnostic architecture. The study finds that effective security analysis requires moving beyond standalone models to a continuous, interchangeable pipeline that leverages multiple AI models for comprehensive vulnerability detection and cross-checking. This approach involves using different models for the discovery and validation stages, ensuring that findings are scrutinized by distinct logical frameworks to enhance reliability. A key component of this system is the Vulnerability Discovery Harness (VDH) and Vulnerability Validation System (VVS), which work together to identify, validate, and triage security issues across a diverse codebase. The VDH proactively scans and identifies potential threats, while the VVS filters and refines these findings, ensuring only actionable and verified vulnerabilities are addressed. The harness architecture is designed to manage the volatility of AI models, maintaining operational integrity across different providers and facilitating scalable, fleet-wide defense mechanisms. This model-agnostic framework emphasizes the importance of orchestration in security workflows, promoting a robust, adaptable, and efficient means of managing AI-driven security tools.
Jun 18, 2026 5,026 words in the original blog post.
Adopting a Zero Trust network architecture can be complex, requiring a thorough understanding of existing network configurations and policies. To streamline this process, Cloudflare has launched the Cloudflare One stack, which equips agents with the skills needed to configure, deploy, and manage Zero Trust environments. This toolkit automates the learning and integration of new security suites, providing structured guidance to agents so they can effectively manage security workflows. The stack, derived from extensive experience with numerous customers, offers tools for planning, managing, and implementing security infrastructure, and includes migration guidance from legacy vendors like Zscaler and Palo Alto Networks. The Cloudflare One stack is available in two skill files, cloudflare-one and cloudflare-one-migration, which cover a range of tasks from remote access and VPN replacement to network diagram interpretation and vendor concept translation. This resource is not only beneficial for current Cloudflare customers but also serves as a valuable asset for Cloudflare's partner network, facilitating quicker deployments and more effective management. As Cloudflare's product suite evolves, the Cloudflare One stack will continue to expand, with new skills and more advanced workflows already in development.
Jun 17, 2026 1,168 words in the original blog post.
In 2026, agent harnesses like Codex, Claude Code, OpenCode, Pi, and Project Think will be deployed as robust infrastructural components, transitioning from prototypes to production environments. This progression presents challenges related to distributed systems, such as maintaining context and security when agents are interrupted or run untrusted code. To address these, Cloudflare's Agents SDK provides a foundational layer offering durable execution and dynamic workflows, which is complemented by the Flue framework that enhances developer experience through integrations and project structures. Flue enables agents to function autonomously by defining their context rather than scripting their actions, allowing them to integrate seamlessly into existing environments like Slack and GitHub. The framework utilizes Cloudflare's infrastructure to provide secure, efficient code execution and a durable virtual filesystem, ensuring agents can perform tasks without the overhead of full container environments. This architecture, tested through Project Think, ensures agents can manage complex workflows and access Cloudflare's ecosystem capabilities, paving the way for scalable, reliable AI agent deployment.
Jun 17, 2026 2,223 words in the original blog post.
Cloudflare has enhanced its DMARC Management tool to help users achieve full email authentication enforcement more easily, emphasizing that proper configuration of DMARC, SPF, DKIM, and BIMI protocols is now essential for avoiding email deliverability issues and protecting against domain spoofing. The updated DMARC Management dashboard offers a unified view of email authentication posture, allowing users to monitor and manage their domain's email security without needing external consultants. The tool provides detailed reports on sending sources, highlighting the alignment and status of each email authentication protocol and offering actionable recommendations in plain language. It also features an SPF lookup audit to prevent silent failures due to exceeding DNS lookup limits. Cloudflare continues to invest in enhancing DMARC Management with deeper forensic reporting and tighter platform integration, making it accessible and free for all Cloudflare customers.
Jun 16, 2026 1,467 words in the original blog post.
Cloudflare has announced the integration of key members from Ensemble AI into their team to enhance AI infrastructure, focusing on making AI models more efficient and cost-effective for global deployment. Founded in 2023, Ensemble AI has been pioneering methods to compress models and optimize inference, addressing the challenges of running large AI models by innovating at the architectural level rather than merely relying on hardware solutions. Their work includes the development of NdLinear and NdLinear-LoRA technologies, which maintain meaningful data structures while reducing computational demands. This collaboration aims to leverage Cloudflare's global network and serverless architecture to support developers in running AI workloads with improved performance and reduced costs. As AI becomes integral to application development, the partnership seeks to provide the necessary infrastructure to deploy AI models reliably and affordably, while allowing experimentation with various model sizes and deployment strategies. This effort is part of Cloudflare's broader strategy to enhance their platform's capabilities in serving advanced AI architectures at scale, ultimately making AI more accessible and efficient for developers worldwide.
Jun 15, 2026 704 words in the original blog post.
Cloudflare's Security Insights faced challenges in effectively scanning for security risks due to infrequent scans and an opt-in system that left many accounts unchecked, amidst a landscape of increasing automated attacks. To address this, Cloudflare sought to boost its scanning throughput tenfold, from 10 to 100 scans per second, all while dealing with system load issues such as API timeouts and crashing processes. Key enhancements included optimizing Apache Kafka's message consumption through parallel processing, resolving head-of-line blocking with a 'fast lane' and 'slow lane' system, and refining database query strategies to reduce latency. The company also rethought its scheduling mechanism to ensure a balanced distribution of scans, which involved scheduling zones independently of accounts and implementing adaptive rate limiting. These measures not only achieved the targeted tenfold increase in scan throughput, reaching over 120 scans per second during peak times, but also allowed for more frequent and automated scans across all account types, thus enhancing system stability and enabling new features like granular on-demand scans. This success story underscores the importance of a deep understanding of existing systems and metrics in solving scalability issues without resorting to simply adding more resources.
Jun 12, 2026 2,123 words in the original blog post.
For most of the Internet's history, public and private infrastructures operated separately, with public applications protected by CDNs and WAFs, and private applications shielded by VPNs and firewalls. However, as the need for modern security and performance features grows for private applications—such as internal APIs and AI agent backends—Cloudflare has launched Application Services for Private Origins to bridge this gap. This new service, currently in closed beta for Enterprise customers, enables secure routing of traffic to private origins without exposing them to the public Internet, thereby allowing Cloudflare's suite of security and performance services, like WAF rules and bot management, to be applied to private network applications. The service integrates with existing Cloudflare connectivity solutions such as Cloudflare Tunnel and Cloudflare One, offering a unified model for managing both public and private traffic through a single interface. This development allows private applications to benefit from features and protections traditionally reserved for public-facing applications, reducing complexity and operational overhead for organizations.
Jun 10, 2026 920 words in the original blog post.
Cloudflare has developed an advanced security architecture centered around its own products to address vulnerabilities more effectively than traditional methods, emphasizing the importance of architecture over patch speed. With the advent of cyber frontier models like Mythos, which can discover vulnerabilities, exploit chains, and generate proofs faster than ever, Cloudflare's approach leverages multi-layered defenses such as WAFs, ML-based detection, and Zero Trust Network Access to mitigate potential threats. The architecture is designed to limit the scope of an attack by employing a combination of threat intelligence, managed rulesets, and machine learning models that assess and score traffic for potential threats. This system allows for rapid deployment of defensive measures, often within hours, and is continually tested by Cloudflare's red team to ensure its effectiveness. Cloudflare's comprehensive visibility into web traffic aids in adapting defenses quickly, closing the gap between vulnerability discovery and mitigation, and ensuring a robust security posture that can adapt to evolving threats.
Jun 09, 2026 2,278 words in the original blog post.
Cloudflare's Threat Events platform provides security analysts with real-time global threat intelligence, offering insights into potential attacks across various industries. Traditionally, translating this information into preventive measures involved manual processes, but a new integration now allows users to automate this via the Web Application Firewall (WAF) engine. By leveraging live threat intelligence data, users can proactively create security rules that identify and block malicious IPs before they interact with their systems. This capability is supported by an "always-on" detection framework, which separates detection from mitigation to ensure constant background threat analysis without sacrificing system performance. Incorporating new WAF fields, the integration offers enhanced granularity in threat detection—such as identifying specific threat actors or targeted industries—enabling more comprehensive security policies. Furthermore, the system's architecture ensures that massive datasets are processed with minimal latency, allowing for rapid response without slowing down network traffic. The introduction of features like Saved Views and one-click rule creation streamlines the process of converting insights into actionable security measures, while the global distribution of threat intelligence datasets ensures efficient and scalable protection. This feature is available to customers with a Cloudforce One subscription, offering varying levels of access to datasets and insights to suit different security needs.
Jun 08, 2026 1,207 words in the original blog post.
With the increasing concerns of CIOs and CFOs regarding AI spending, many companies have been aggressively adopting AI technologies, often resulting in uncontrolled expenses. Cloudflare addresses this issue by introducing spend controls in its AI Gateway, along with a closed beta for identity-driven budgets and routing using Cloudflare Access and existing identity providers. Companies face challenges in tracking AI-related expenditures due to the lack of visibility and control over who uses what, leading to significant costs. AI Gateway helps mitigate this by routing requests through a central point that offers unified billing, logging, and tools to manage AI usage effectively. Now, companies can set spend limits based on models, providers, or custom attributes, and track usage in real time, allowing for better cost management. The introduction of identity-driven budgets further allows for precise cost attribution and control across users and teams. Cloudflare is also developing intelligent task-based routing to optimize costs by selecting the most appropriate model for each task, enhancing both cost control and optimization.
Jun 05, 2026 1,483 words in the original blog post.
VoidZero, the team behind key JavaScript tools like Vite, Vitest, Rolldown, Oxc, and Vite+, is joining Cloudflare, while maintaining their open-source, vendor-agnostic, and community-driven nature. Cloudflare aims to enhance these tools by investing in their development, ensuring they remain foundational to the JavaScript ecosystem without altering their core principles. The collaboration emphasizes an open Internet where developers have choices, supporting Vite's role as a neutral and portable tool. With a $1 million commitment to support Vite's ecosystem and a shared vision of expanding Vite's capabilities beyond a mere build tool, Cloudflare plans to unify its platform with Vite's workflows, making development and deployment seamless. This partnership underscores an ongoing commitment to open-source development, fostering a collaborative environment that benefits the entire web community.
Jun 04, 2026 1,933 words in the original blog post.
Recent route hijacks reported by Spamhaus have highlighted vulnerabilities in Internet routing, specifically involving the misuse of unused autonomous system numbers and forged AS_PATHs to misdirect traffic. These hijacks involve manipulating the Border Gateway Protocol (BGP) to create fake paths, allowing attackers to intercept traffic and mask their identities. A critical defense against such attacks is the enforcement of the "First AS" rule, which ensures the first autonomous system in a BGP path matches the peer AS number. Testing of major networks revealed that while some Tier 1 networks enforce this rule, others do not, leaving them susceptible to hijacks. The study underscores the importance of adhering to BGP best practices and enforcing the First AS rule to enhance Internet security against routing anomalies and malicious activities.
Jun 03, 2026 2,635 words in the original blog post.
Cloudflare faced significant delays in its server reboot process following a firmware update, with core servers taking up to four hours to come back online due to a firmware quirk and inefficient network boot interface selection. The problem arose from the servers conducting a linear search through every available network boot interface, causing prolonged timeout periods before reaching the correct boot stage. To resolve this, Cloudflare restructured its boot automation workflow to declare the correct network boot interface order early in the process, drastically reducing boot and upgrade times from hours to mere minutes. This involved collaborating with OEM vendors to enable programmatic boot order control, overcoming challenges with legacy support and differing network card vendor strings, and optimizing the use of open-source tools like iPXE. The changes not only streamlined their processes but also eliminated the need for manual BIOS interactions, enabling dynamic, scalable, and automated server provisioning across Cloudflare's globally distributed fleet.
Jun 01, 2026 1,759 words in the original blog post.