Cloudflare

AI deepfakes. Laptop farms. MFA bypass.

Inside the 2026 Cloudflare Threat Report, we break down how cybercrime is becoming industrialized (and how attackers are using AI).

With Brian Carter and Chris Pacey.

🎧 Full episode + subscribe:
https://ThisWeekinNET.com

From the endpoint to the prompt: a unified data security vision in Cloudflare One In this post, we’ll walk through a set of updates that push that vision forward – from browser-based Remote Desktop Protocol (RDP) controls, to operation-level logging, to endpoint data loss prevention (DLP), to AI security scanning for Microsoft 365 Copilot.

Cloudflare One unifies data security from endpoint to prompt: RDP clipboard controls, operation-mapped logs, on-device DLP, and Microsoft 365 Copilot scanning via API CASB. https://cfl.re/4lcn3pF

Documentation is love. Documentation is life. What is an open source project that you think has absolutely world class documentation? #CloudflareChat

🏎️ Take Cloudflare for a spin 🏎️

Learn about our Test Drive workshops and build solutions around SASE, network protection, or app security use cases–all in a zero-setup lab environment. Work directly with our specialists and get behind the wheel.

👉 Get more info: cfl.re/testdriveinfo

Ending the "silent drop": how Dynamic Path MTU Discovery makes the Cloudflare One Client more resilient By implementing Path MTU Discovery (PMTUD), the Cloudflare One Client has shifted from a passive observer to an active participant in path discovery.

The Cloudflare One Client now features the ability to actively probe and adjust packet sizes. This update eliminates the problems caused by tunnel layering and MTU differences, providing more stability and resiliency. https://cfl.re/4u9WipS

How Automatic Return Routing solves IP overlap Today, we are introducing Automatic Return Routing (ARR) in Closed Beta.

Automatic Return Routing (ARR) solves the common enterprise challenge of overlapping private IP addresses by using stateful flow tracking instead of traditional routing tables. https://cfl.re/407hrDt

A QUICker SASE client: re-building Proxy Mode To get over this hurdle, we used smoltcp, a Rust-based user-space TCP implementation.

By transitioning the Cloudflare One Client to use QUIC streams for Proxy Mode, we eliminated the overhead of user-space TCP stacks, resulting in a 2x increase in throughput and significant latency reduction for end users. https://cfl.re/47mtXmg

Join Cloudflare Connect on Tour London to see how we’re simplifying the stack and securing the future.

What’s on the agenda:
- AI Innovation at scale.
- Protection against democratized threats.
- Maintaining regional sovereignty.

Secure your seat today: https://cfl.re/ConnectLondon2026

Cloudforce One has successfully disrupted the criminal enterprise known as Tycoon 2FA, one of the most popular Phishing-as-a-Service (PhaaS) kit providers, in coordination with industry partners.

Read here: https://www.cloudflare.com/en-gb/threat-intelligence/research/report/tycoon-2fa-takedown/

Always-on detections: eliminating the WAF “log versus block” trade-off Cloudflare is introducing Attack Signature Detection and Full-Transaction Detection to provide continuous, high-fidelity security insights without the manual tuning of traditional WAFs. By correlating...

Cloudflare is introducing Attack Signature Detection and Full-Transaction Detection to provide continuous, high-fidelity security insights without the manual tuning of traditional WAFs. https://cfl.re/4bnRTYU

Defeating the deepfake: stopping laptop farms and insider threats To close this gap, Cloudflare is partnering with Nametag, a pioneer in workforce identity verification, to bring identity-verified onboarding and continuous identity assurance to our SASE platform, Cloudflare One.

Cloudflare One is partnering with Nametag to combat laptop farms and AI-enhanced identity fraud by requiring identity verification during employee onboarding and via continuous authentication. https://cfl.re/3OEPcJT

Moving from license plates to badges: the Gateway Authorization Proxy The new Gateway Authorization Proxy adds a "badge reader" at the entrance. Instead of just looking at where the traffic is coming from, we now use a Cloudflare Access-style login to verify who the user is, before enforcing Gateway filtering.

Cloudflare’s Gateway Authorization Proxy adds support for identity-aware policies for clientless devices, securing virtual desktops, and guest networks without a device client. https://cfl.re/4rO2Clc

Stop reacting to breaches and start preventing them with User Risk Scoring This update allows teams to move beyond binary "allow/deny" rules by evaluating continuous behavior signals from both internal and third-party sources.

Cloudflare One now incorporates dynamic User Risk Scores into Access policies to enable automated, adaptive security responses. https://cfl.re/4snFwSs

Mind the gap: new tools for continuous enforcement from boot to login Cloudflare’s mandatory authentication and independent MFA protect organizations by ensuring continuous enforcement, from the moment a machine boots until sensitive resources are accessed.

Today, we are excited to announce two new tools in Cloudflare’s SASE toolbox: mandatory authentication and Cloudflare’s own multi-factor authentication (MFA). https://cfl.re/40t8WTr

AI will change how we build and maintain software.

In this #ThisWeekinNET clip, Steve Faulkner explains why developers should use AI to migrate projects, navigate the JS ecosystem, and even generate bug reports.

Full episode (+subscribe):
ThisWeekinNET.com

Introducing the 2026 Cloudflare Threat Report There has been a fundamental shift toward industrialized cyber threats, highlighted by a record 31.4 Tbps DDoS attack and sophisticated session token theft.

Today we are releasing the inaugural 2026 Cloudflare Threat Report. It provides the intelligence organizations need to navigate the rise of industrialized cyber threats. https://cfl.re/4r7xEDG

Evolving Cloudflare’s Threat Intelligence Platform: actionable, scalable, and ETL-less In this post, we’ll explore some of the features that make the Cloudforce One experience powerful and effective.

Stop managing ETL pipelines and start threat hunting. Introducing new visualization, automation, and enrichment tools in the Cloudflare Threat Intelligence Platform to turn massive telemetry into instant security posture. https://cfl.re/4cXAqYw

How Cloudy translates complex security into human action Cloudy is our LLM-powered explanation layer, built directly into Cloudflare One. It translates complex machine learning outputs into precise, human-readable guidance for security teams and end users alike.

Cloudy is our LLM-powered explanation layer built directly into Cloudflare One. Its explanations, now part of Phishnet and API CASB, can improve user decisions and SOC efficiency. https://cfl.re/4l7YUR1

From reactive to proactive: closing the phishing gap with LLMs Email security faces an identical hurdle: our detection gaps are unseen. By integrating LLMs, we advance email phishing protection and move from reactive to proactive detection improvement.

Email security is a constant arms race. Like WWII engineers reinforcing only the planes that returned, survivorship bias hides real gaps. But LLMs can help us find the invisible weaknesses. https://cfl.re/4cnteEY

See risk, fix risk: introducing Remediation in Cloudflare CASB Cloudflare CASB Remediation lets security teams go beyond visibility to fix risky file sharing in Microsoft 365 and Google Workspace directly from Cloudflare One, all in just a few clicks.

Starting today, Cloudflare CASB customers can do more than see risky file-sharing across their SaaS apps: they can fix it, directly from the Cloudflare One dashboard. https://cfl.re/4cnteEY

The truly programmable SASE platform In this post, we’ll go deeper into what programmability means, and how Cloudflare One, our SASE platform, helps customers architect their security and networking with our building blocks to meet their unique and custom needs.

As the only SASE platform with a native developer stack, we’re giving you the tools to build custom, real-time security logic and integrations directly at the edge. https://cfl.re/4bfJTcq

Beyond the blank slate: how Cloudflare accelerates your Zero Trust journey In this post, we’ll dig into the problem of getting the correct customization, and how we built Project Helix to make it simple.

Project Helix simplifies and accelerates the onboarding process for Cloudflare One. By using automation and Terraform templates, this tool allows customers to quickly deploy a comprehensive, best-practice configuration in minutes. https://cfl.re/4sjyMVt

Modernizing with agile SASE: a Cloudflare One blog takeover This week, we are announcing innovations to prove that modernizing your network is about “achieving escape velocity”: breaking the inertia of legacy systems to propel high-speed business growth.

In 2026, agile SASE is the engine for modernization. Discover how Cloudflare One secures humans, devices, and AI agents on a single, programmable connectivity cloud. https://cfl.re/46AQYld

If you're curious to check out some of the history of protecting ports at Cloudflare, here's an interesting blog post from 2012: blog.cloudflare.com/cloudflare-n... and you can read about network ports compatible with Cloudflare's proxy: developers.cloudflare.com/fundamentals...

One engineer rebuilt Next.js with AI in one week.
• 4x faster builds
• 57% smaller bundles
• ~ $1,100 in tokens
With Steve Faulkner, we discuss what this means for AI-assisted rebuilds — and for software development in 2026.

Full episode + subscribe → https://ThisWeekinNET.com

Toxic combinations: when small signals add up to a security incident Minor misconfigurations or request anomalies often seem harmless in isolation. But when these small signals converge, they can trigger a security incident known as a toxic combination. Here’s how to s...

Minor misconfigurations or request anomalies often seem harmless in isolation. But when these small signals converge, they can trigger a security incident known as a toxic combination. Here’s how to spot the signs. https://cfl.re/3OwgwKf

We deserve a better streams API for JavaScript This post explores some of the fundamental issues I see with Web streams and presents an alternative approach built around JavaScript language primitives that demonstrate something better is possible.

The Web streams API has become ubiquitous in JavaScript runtimes but was designed for a different era. Here's what a modern streaming API could (should?) look like. https://cfl.re/4rEMthX

ASPA: making Internet routing more secure This view allows users to observe ASPA adoption trends over time across the five Regional Internet Registries (RIRs), and view ASPA records and changes over time at the Autonomous System (AS) level.

ASPA is the cryptographic upgrade for BGP that helps prevent route leaks by verifying the path network traffic takes. New features in Cloudflare Radar make tracking its adoption easy. https://cfl.re/4kZ0c0p

The most-seen UI on the Internet? Redesigning Turnstile and Challenge Pages Today we’re sharing the story of how we redesigned Turnstile and Challenge Pages.

We serve 7.6 billion challenges daily. Here’s how we used research, AAA accessibility standards, and a unified architecture to redesign the Internet’s most-seen user interface. https://cfl.re/4qYrwgU

Bringing more transparency to post-quantum usage, encrypted messaging, and routing security We are launching several new security-related data sets and tools on Radar

Cloudflare Radar has added new tools for monitoring PQ adoption, KT logs for messaging, and ASPA routing records to track the Internet's migration toward more secure encryption and routing standards. https://cfl.re/4tY6GB0