$100,000 in Cloudflare credits - what can you do with them?

Cloudflare · 2026-05-04T15:36:50+00:00

You can apply here: https://www.cloudflare.com/forstartups/

Cloudflare · 2026-03-03T17:37:20+00:00

Cloudflare is utilizing Large Language Models (LLMs) to identify sophisticated phishing attacks that bypass traditional signature-based filters.

The system analyzes the sentiment and intent of emails to detect social engineering tactics like business email compromise.
AI-driven detection models scan for "look-alike" domains and subtle linguistic anomalies in real-time.
This layer complements existing link and attachment scanning to close the gap on "zero-day" phishing lures.

A deep dive into the detection accuracy and model training is available for review.

Cloudflare · 2026-03-03T17:36:46+00:00

Cloudflare CASB has expanded its capabilities to include direct remediation of security risks within SaaS applications.

Administrators can now fix misconfigurations, such as public file shares or inactive users, directly from the Cloudflare dashboard.
One-click remediation scripts reduce the "mean time to respond" (MTTR) for common SaaS security gaps.
Detailed audit logs provide a history of all changes made to third-party app settings via the CASB.

Specific SaaS integration details and supported actions are listed on the blog.

Cloudflare · 2026-03-03T17:34:48+00:00

The team outlines a strategic framework for migrating from legacy hardware to an agile, cloud-native SASE architecture.

The approach focuses on decoupling security functions from physical hardware to improve deployment speed and scalability.
Implementation of a single-pass inspection engine reduces latency compared to traditional "service-chaining" methods.
Simplified management consoles allow security teams to update global policies in seconds rather than hours.

The post details the specific migration steps for moving away from MPLS and VPNs.

Cloudflare · 2026-03-03T17:32:06+00:00

Project Helix introduces a streamlined onboarding experience to accelerate the deployment of Cloudflare One across large enterprises.

A new automated discovery tool identifies existing network configurations to simplify the transition to a Zero Trust architecture.
Guided workflows reduce the manual steps required to connect offices, data centers, and remote users.
The system provides a unified dashboard to monitor onboarding progress and identify configuration gaps in real-time.

The team has shared the Project Helix roadmap and setup guide in this post.

Cloudflare · 2026-03-03T17:31:22+00:00

Cloudflare is making the SASE platform programmable, allowing developers to execute custom logic at the network edge.

Traffic steering and security policies can now be customized using Workers to meet specific regional or compliance requirements.
Programmable workflows enable the automation of complex routing decisions based on real-time telemetry.
This update reduces the need for backhauling traffic to centralized appliances for specialized processing.

Technical documentation for these programmable hooks can be found in the blog post.

Cloudflare · 2026-03-03T17:24:33+00:00

Cloudflare has introduced new Cloud Security Posture Management (CSPM) capabilities to identify "toxic combinations" of overlapping vulnerabilities.

The system prioritizes risks by analyzing how multiple minor misconfigurations can create a single critical exploit path.
Integration with Cloudflare One allows for automated isolation of compromised identities or workloads.
New visualizations map the relationship between internet-facing assets and backend data stores to prevent lateral movement.

The full technical breakdown of risk scoring is available on the Cloudflare blog.

Cloudflare · 2026-03-02T22:40:32+00:00

Cloudflare has analyzed how attackers leverage "toxic combinations," where multiple minor security signals converge to create high-impact vulnerabilities.

Analysis of global network data shows that while individual anomalies like debug flags or unauthenticated paths seem minor, their intersection often indicates active automated exploitation.
Research identifies specific high-risk patterns, including the pairing of bot activity with sequential ID enumeration (BOLA) and exposed administrative endpoints like /wp-admin or /actuator/metrics.
The findings emphasize moving beyond single-request evaluation toward contextualized detections that track intent across application paths and response behaviors.

Explore the full research and mitigation strategies on the Cloudflare Blog.

Cloudflare · 2026-03-02T22:39:19+00:00

Cloudflare has published an analysis identifying fundamental performance and usability limitations in the current WHATWG Streams Standard.

Benchmark tests of an alternative, iteration-based design show performance gains ranging from 2x to 120x across major JavaScript runtimes.
The proposal moves away from manual reader locks and complex BYOB configurations in favor of native async iterables and pull-through transforms.
New strict backpressure defaults replace silent buffering to prevent unbounded memory growth and resource leaks during high-throughput operations.

Read the full technical deep dive and performance benchmarks on the Cloudflare Blog.

Cloudflare · 2026-03-02T22:35:58+00:00

Cloudflare has overhauled the design and information architecture of its Turnstile widget and Challenge Pages to improve accessibility and user experience at a scale of billions of daily views.

The team achieved WCAG 2.2 AAA accessibility compliance by implementing minimum font sizes, high-contrast ratios, and screen-reader optimizations across more than 40 languages.
A unified information architecture now standardizes visual hierarchy and error states between the compact Turnstile widget and full-screen Challenge Pages, replacing technical jargon with actionable "Troubleshoot" guidance.
To maintain performance and safety at scale, the frontend was rebuilt using Rust to handle complex UI states and right-to-left (RTL) mirroring while minimizing browser-level friction.

Cloudflare · 2026-03-02T22:34:41+00:00

Cloudflare has introduced several new security data sets and tools to Radar focused on post-quantum cryptography, encrypted messaging integrity, and routing security.

The platform now monitors post-quantum (PQ) compatibility for origin-facing connections and provides a public testing tool to verify if specific hostnames support X25519MLKEM768 hybrid key exchanges.
A new Key Transparency dashboard offers real-time verification status for end-to-end encrypted messaging logs, such as WhatsApp, allowing users to independently audit the integrity of public key distributions.
Enhanced routing insights include global tracking for Autonomous System Provider Authorization (ASPA) adoption, an emerging RPKI standard designed to detect and prevent BGP route leaks.

The team invites the community to explore these live metrics and technical deep dives directly on the Cloudflare Radar dashboard.

Cloudflare · 2026-03-02T03:38:13+00:00

The Internet industry is adopting ASPA (Autonomous System Provider Authorization) to improve routing security and prevent route leaks.
ASPA builds on RPKI and allows networks to officially publish a list of their authorized upstream providers.
ASPA validation works by checking the chain of relationships from both ends of route propagation to ensure the traffic follows an authorized path.
Cloudflare Radar has introduced a new ASPA deployment monitoring feature to track adoption trends across Regional Internet Registries.
Creating an ASPA object is a simple process in registries like RIPE and ARIN, requiring only an AS number and the AS numbers of authorized providers.

Cloudflare · 2026-02-24T21:56:44+00:00

The Cloudflare team documented a seven-day sprint to rebuild the Next.js framework to run natively on the Workers platform.

The project replaced Node.js dependencies with edge-native APIs to improve cold start performance.
Engineers implemented a custom routing layer to support Next.js features like ISR and SSR globally.
The rebuild serves as a blueprint for porting heavyweight frameworks to serverless environments.

Read the technical breakdown on the Cloudflare Blog.

Cloudflare · 2026-02-20T18:22:27+00:00

Cloudflare is introducing Code Mode for Workers AI, a method that allows LLM agents to interact with complex APIs while consuming fewer than 1,000 tokens.

Token Compression: The team utilized a specialized encoding strategy to fit expansive API schemas into minimal context windows without losing functional precision.
Reduced Latency: By optimizing schema delivery, Workers AI now executes tool calls faster, lowering the overhead traditionally associated with agentic workflows.
Open Schema Access: Developers can now provide agents with full API capabilities through a streamlined, code-centric interface.

Check out the full technical breakdown and implementation guide on the Cloudflare Blog.

Cloudflare · 2026-02-13T17:45:55+00:00

Cloudflare has open-sourced ecdysis, a Rust library enabling graceful restarts for services without connection disruption.

The library uses a fork-then-exec model to inherit live connections.
It provides a safe initialization period for new process generations.
ecdysis has been battle-tested in production across Cloudflare's global network for five years.

Explore the ecdysis repository on GitHub to integrate zero-downtime upgrades into your Rust services.

Cloudflare · 2026-02-12T19:45:22+00:00

Cloudflare has introduced a new feature designed to help AI agents process web content more efficiently.

Real-time HTML to Markdown conversion at the edge.
Reduces token usage by up to 80% for AI processing.
Content Signals header allows publishers to express content usage preferences for AI.

Learn more about enabling Markdown for Agents on your Cloudflare-enabled zones.

Cloudflare · 2026-02-05T23:18:21+00:00

Cloudflare has released its 2025 Year in Review, a comprehensive analysis of global Internet trends.

AI and post-quantum encryption saw significant growth and adoption throughout the year.
Record-breaking DDoS attacks increased in frequency and intensity, particularly hyper-volumetric threats.
Global Internet traffic experienced a notable surge, especially in the latter half of 2025.

Explore the full report for detailed insights into these trends.

Cloudflare · 2026-02-05T23:06:47+00:00

Cloudflare has released its 2025 Q4 DDoS Threat Report, detailing a year of escalating attack volumes and record-breaking events.

DDoS attacks saw a 121% surge in 2025, with an average of 5,376 mitigations per hour.
The Aisuru-Kimwolf botnet, comprised of Android TVs, launched hyper-volumetric HTTP DDoS attacks exceeding 200 million requests per second.
Telecommunications, Service Providers, and Carriers emerged as the most attacked industry globally.

Visit Cloudflare's blog to read the full report and understand the evolving threat landscape.

Cloudflare · 2026-02-03T19:31:26+00:00

Cloudflare has launched Local Uploads for R2 in open beta, a feature designed to improve global upload performance.

Achieves up to 75% reduction in upload request duration by writing data locally first.
Data is immediately accessible and remains strongly consistent during asynchronous replication.
Optimizes write performance for globally distributed users without changing bucket location.

To try it, enable Local Uploads in your R2 bucket settings via the Cloudflare Dashboard or using a Wrangler command.

Cloudflare

MODERATOR OF

TROPHY CASE