Cloudflare Blog - Latest News and Information
Technology Pulse
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
Cloudflare announced that Workers AI now supports the frontier open‑source model Kimi K2.5, offering a 256k token context window, multi‑turn tool calling, vision inputs and structured outputs. The company demonstrated a 77% cost reduction compared with mid‑tier proprietary models by running a security‑review agent that processes over 7 billion tokens daily. New platform features—including prefix‑caching metrics, a session‑affinity header, and a revamped asynchronous API—optimize throughput and lower inference expenses. These upgrades let developers run the entire agent lifecycle on a single, serverless platform.
Cloudflare appealed a €14 million fine imposed by Italy’s regulator AGCOM for refusing to register with the controversial Piracy Shield scheme. Piracy Shield forces service providers to block sites within 30 minutes based on private right‑sholder requests, without judicial oversight, transparency,...
Cloudflare and CDW have teamed up to simplify Zero Trust migrations for large enterprises, offering a structured, risk‑aware pathway from fragmented VPNs to the Cloudflare One SASE platform. Their tiered methodology categorizes applications by complexity, moving simple SaaS first and...
Cloudflare now returns RFC 9457‑compliant structured Markdown and JSON error payloads to AI agents, replacing the traditional HTML error pages. Agents can request these formats via the Accept header and receive concise, machine‑readable instructions such as retry intervals or escalation guidance....
Cloudflare and Mastercard are integrating Mastercard’s RiskRecon attack‑surface intelligence into the Cloudflare dashboard, enabling continuous discovery and remediation of Internet‑facing blind spots. The partnership lets security teams automatically identify shadow IT, forgotten subdomains, and unprotected cloud assets using publicly available...
In December 2025 Cloudflare was alerted to three HTTP/1.x request smuggling flaws (CVE‑2026‑2833, ‑2835, ‑2836) in the open‑source Pingora framework when used as an ingress proxy. The issues allowed attackers to bypass proxy security, desynchronize request handling, and poison caches...
Cloudflare One’s client now incorporates Dynamic Path MTU Discovery (PMTUD), allowing it to actively probe and adjust packet sizes instead of waiting for ICMP feedback. By testing packet sizes up to 1281 bytes and beyond, the client automatically selects the optimal...
Cloudflare has rebuilt the proxy mode of its Cloudflare One client, swapping the WireGuard‑based L3 tunnel for direct L4 proxying over QUIC. By leveraging HTTP/3 CONNECT and MASQUE, traffic remains at the transport layer, eliminating the smoltcp conversion step. Internal...
Cloudflare unveiled the Gateway Authorization Proxy, a client‑less solution that shifts identity verification from the endpoint to the network. By integrating Cloudflare Access login and signed JWT cookies, the proxy can authenticate users on any device that reaches the Internet,...
Cloudflare announced a partnership with Nametag to embed workforce identity verification into its Cloudflare One SASE platform, targeting the emerging "remote IT worker" fraud that leverages AI‑generated deepfake IDs and laptop farms. The integration uses OpenID Connect to require a...
Cloudflare has launched a cloud‑first Threat Intelligence Platform (TIP) that eliminates traditional ETL pipelines using a sharded, SQLite‑backed architecture running on the edge. Threat events are distributed across thousands of Durable Objects, delivering sub‑second GraphQL queries and real‑time visualizations. The...
Cloudflare announced a series of technical deep‑dives this week to showcase its agile SASE platform, Cloudflare One, as a solution to the growing fragmentation of legacy VPNs and hardware firewalls. The blog takeover emphasizes a single‑pass architecture that runs security...
Cloudflare positions its One platform as a truly programmable SASE solution, leveraging a global network that reaches over 330 cities and sits within 50 ms of 95% of internet users. The company differentiates its offering by embedding edge‑run Workers directly into...
