Engineering articles from Cloudflare
AI summaries and key learnings from Cloudflare engineering teams.
Complexity is a choice. SASE migrations shouldn’t take years.
The article emphasizes the shift in the cybersecurity landscape regarding SASE migrations, arguing that complexity is a choice rather than an inevitability. It showcases how Cloudflare's SASE...
Active defense: introducing a stateful vulnerability scanner for APIs
The article introduces Cloudflare's new stateful vulnerability scanner designed specifically for APIs, addressing the limitations of traditional defensive security measures. It highlights the...
Fixing request smuggling vulnerabilities in Pingora OSS deployments
The article addresses critical HTTP/1.x request smuggling vulnerabilities identified in the Pingora open source framework, particularly when deployed as an ingress proxy. It outlines the nature of...
From the endpoint to the prompt: a unified data security vision in Cloudflare One
The article outlines Cloudflare One's evolution in data security, emphasizing a unified approach that encompasses protection in transit, visibility and control at rest, and enforcement in use. It...
A QUICker SASE client: re-building Proxy Mode
The article outlines the challenges faced by security teams when implementing proxy modes in SASE environments, particularly the performance issues associated with traditional TCP implementations. It...
How Automatic Return Routing solves IP overlap
The article discusses how Automatic Return Routing (ARR) addresses the challenges of IP address overlap in enterprise networks, particularly in scenarios involving mergers, extranet connections, and...
Ending the "silent drop": how Dynamic Path MTU Discovery makes the Cloudflare One Client more resilient
The article details how Dynamic Path MTU Discovery (PMTUD) enhances the resilience of the Cloudflare One Client by actively probing network paths to determine optimal packet sizes, thereby preventing...
Stop reacting to breaches and start preventing them with User Risk Scoring
The article presents a proactive approach to cybersecurity by integrating User Risk Scoring into zero trust network access (ZTNA) policies. It outlines how Cloudflare One's platform allows security...
Moving from license plates to badges: the Gateway Authorization Proxy
The Gateway Authorization Proxy is a solution designed to enhance security by shifting user identity verification from devices to the network level. It utilizes Cloudflare's global infrastructure to...
Defeating the deepfake: stopping laptop farms and insider threats
The article highlights the increasing threat of insider fraud facilitated by advanced AI technologies, particularly deepfakes, which challenge traditional security measures. It emphasizes the...
Mind the gap: new tools for continuous enforcement from boot to login
The article introduces new tools from Cloudflare aimed at enhancing security through continuous enforcement from boot to login. It highlights the challenges of maintaining security without hindering...
Always-on detections: eliminating the WAF “log versus block” trade-off
The article presents a novel approach to web application security through the introduction of always-on detections that eliminate the traditional trade-off between logging and blocking malicious...
See risk, fix risk: introducing Remediation in Cloudflare CASB
The article introduces a significant enhancement to Cloudflare's Cloud Access Security Broker (CASB) by launching a Remediation feature that allows users to directly fix risky file-sharing...
From reactive to proactive: closing the phishing gap with LLMs
The article explores the transition from reactive to proactive email security measures through the integration of Large Language Models (LLMs). It highlights the limitations of traditional email...
How Cloudy translates complex security into human action
The article outlines how Cloudy, an LLM-powered explanation layer integrated into Cloudflare's security products, translates complex machine learning outputs into understandable guidance for security...
Evolving Cloudflare’s Threat Intelligence Platform: actionable, scalable, and ETL-less
The article outlines the evolution of Cloudflare's Threat Intelligence Platform (TIP), designed to address the cybersecurity industry's challenges with data gravity and actionable insights. It...
Introducing the 2026 Cloudflare Threat Report
The 2026 Cloudflare Threat Report outlines significant shifts in the cybersecurity landscape, emphasizing the transition from brute force attacks to high-trust exploitation strategies employed by...
The truly programmable SASE platform
The article explores the concept of programmability within Cloudflare's SASE platform, emphasizing its ability to provide customizable security solutions through real-time decision-making and...
Beyond the blank slate: how Cloudflare accelerates your Zero Trust journey
The article outlines how Cloudflare is enhancing its Zero Trust security offerings through Project Helix, which automates the configuration of its SASE platform, Cloudflare One. It highlights the...
Modernizing with agile SASE: a Cloudflare One blog takeover
The article emphasizes the shift towards agile Secure Access Service Edge (SASE) architectures as organizations adapt to a new normal where remote work and AI integration redefine corporate networks....