VoidZero is joining Cloudflare
2026-06-04
VoidZero, the team behind Vite, Vitest, Rolldown, Oxc, and Vite+, is joining Cloudflare. Vite stays open source, vendor-agnostic, and built for everyone. ...
Continue reading »
Enforcing the First AS in BGP AS_PATHs
2026-06-03
BGP is vulnerable to routing hijacks and path leaks that negatively impact traffic on the Internet. RPKI helps solve some of these problems, but for some forged paths, we need to rely on a simpler mechanism: First AS enforcement in BGP....
How we reduced core unit boot time from hours to minutes
2026-06-01
We investigated why firmware updates were causing our core servers to take four hours to reboot. By diving into UEFI data structures and iPXE automation, we eliminated unnecessary timeouts and cut boot times back down to minutes....
How we built Cloudflare's data platform and an AI agent on top of it
2026-05-28
Here’s how we built Town Lake, Cloudflare's unified analytics platform, alongside Skipper, an internal AI agent running on top of it....
Iran's Internet is partially restored, Cloudflare Radar data shows
2026-05-27
Cloudflare Radar data confirms early indications of a partial Internet restoration in Iran, nearly three months after the shutdown began. Traffic spikes and DNS queries have risen, but network activity is currently just 40% of pre-shutdown levels....
Announcing Claude Compliance API support with Cloudflare CASB
2026-05-21
Cloudflare now integrates with the Claude Compliance API, so that security teams can monitor Claude Enterprise activity directly in the Cloudflare Dashboard. ...
Announcing Claude Managed Agents on Cloudflare
2026-05-19
Cloudflare has integrated with Anthropic's Claude Managed Agents to provide a fast, isolated execution environment for autonomous code delivery. This means builders can scale agent workflows globally while strictly controlling access to private backends and easily customizing their agent’s tools and runtimes....
Project Glasswing: what Mythos showed us
2026-05-18
In recent weeks, we pointed Mythos and other security-focused LLMs at live code across critical parts of our infrastructure. We share what we observed, the models’ strengths and weaknesses, and what the work around them needs to look like before any of it can scale....
Our billing pipeline was suddenly slow. The culprit was a hidden bottleneck in ClickHouse
2026-05-14
When a partitioning change to our petabyte-scale ClickHouse cluster caused critical billing jobs to stall, standard metrics showed no obvious errors. This post explores how we identified severe lock contention in ClickHouse's query planner and built upstream patches to fix it....
Browser Run: now running on Cloudflare Containers, it’s faster and more scalable
2026-05-13
DevelopersDeveloper PlatformBrowser RunContainersCloudflare WorkersChromeAgentsBrowser RenderingBrowser Run
We’ve enabled higher usage limits, faster performance, better reliability, and increased shipping velocity for our Browser Run product by rebuilding on top of Cloudflare’s Containers. Here’s how....
When "idle" isn't idle: how a Linux kernel optimization became a QUIC bug
2026-05-12
We investigated a bug where CUBIC's congestion window became pinned at its minimum floor, causing a performance to plummet. The fix involved correctly measuring idle periods to distinguish RTT wait times from actual application idleness....
Building for the future
2026-05-07
This afternoon, we sent the following email to our global team. One of our core values at Cloudflare is transparency, and we believe it's important that you hear this directly from us because it’s a major moment at Cloudflare. ...
How Cloudflare responded to the “Copy Fail” Linux vulnerability
2026-05-07
When a critical Linux kernel privilege escalation was publicly disclosed, Cloudflare's security and engineering teams detected, investigated, and mitigated the threat across our global fleet, confirming zero customer impact and no malicious exploitation....
When DNSSEC goes wrong: how we responded to the .de TLD outage
2026-05-06
On May 5, 2026, DENIC published broken DNSSEC signatures for the .de TLD, making millions of domains unreachable. Here's what 1.1.1.1 saw, how serve stale cushioned the impact, and how we restored resolution....
Code Orange: Fail Small is complete. The result is a stronger Cloudflare network
2026-05-01
We have completed a massive engineering effort to make our infrastructure more resilient. Through new tools like Snapstone and the Engineering Codex, we've implemented safer configuration changes and automated best practices to prevent future incidents....
Introducing Dynamic Workflows: durable execution that follows the tenant
2026-05-01
Dynamic Workflows is a library that lets you route durable execution to tenant-provided code on the fly. Built on Dynamic Workers, it enables platforms to serve millions of unique workflows at near-zero idle cost....
Post-quantum encryption for Cloudflare IPsec is generally available
2026-04-30
Cloudflare IPsec now has generally available support for post-quantum encryption via hybrid ML-KEM. We’ve confirmed interoperability with Cisco and Fortinet....
Agents can now create Cloudflare accounts, buy domains, and deploy
2026-04-30
Starting today, agents can now be Cloudflare customers. They can create a Cloudflare account, start a paid subscription, register a domain, and get back an API token to deploy code right away. Humans can be in the loop to grant permission, but there’s no need to go to the dashboard, copy and paste API tokens, or enter credit card details. ...
Shutdowns, power outages, and conflict: a review of Q1 2026 Internet disruptions
2026-04-28
The first quarter of 2026 saw a surge in Internet disruptions, from nationwide shutdowns in Uganda and Iran to unprecedented drone strikes on cloud infrastructure. We explore the data behind these events using Cloudflare Radar....
Making Rust Workers reliable: panic and abort recovery in wasm‑bindgen
2026-04-22
Cloudflare WorkersRustRust WorkersWebAssemblyWASMReliabilityEngineeringOpen SourceDeveloper PlatformDevelopers
Panics in Rust Workers were historically fatal, poisoning the entire instance. By collaborating upstream on the wasm‑bindgen project, Rust Workers now support resilient critical error recovery, including panic unwinding using WebAssembly Exception Handling....
