Engineering posts about Security Auditing
Curated summaries and key learnings for engineers working with Security Auditing.
Announcing Claude Compliance API support with Cloudflare CASB
The article announces the integration of the Claude Compliance API with Cloudflare's Cloud Access Security Broker (CASB), enabling organizations to monitor AI application usage for compliance and...
Why AI Security Infrastructure is Now a CMO Priority
The article emphasizes the critical role of AI security infrastructure in modern enterprises, particularly highlighting the launch of Databricks Lakewatch, an innovative security information and...
Labyrinth 1.1: Making End-to-End Encrypted Backups Even More Reliable
Labyrinth 1.1 introduces a new sub-protocol aimed at improving the reliability of end-to-end encrypted backups for Messenger, allowing messages to be securely backed up even in cases of device loss...
How Meta Is Strengthening End-to-End Encrypted Backups
Meta's HSM-based Backup Key Vault is designed to enhance the security of end-to-end encrypted backups for WhatsApp and Messenger. The system utilizes hardware security modules (HSMs) to store...
Alert Fatigue Is a Business Risk
The article highlights the critical issue of alert fatigue in enterprise security operations, where the overwhelming volume of alerts leads to significant risks as analysts struggle to prioritize and...
Post-Quantum Cryptography Migration at Meta: Framework, Lessons, and Takeaways
The article outlines Meta's strategic approach to migrating to post-quantum cryptography (PQC) in response to the impending threats posed by quantum computing to current encryption standards. It...
Managed OAuth for Access: make internal apps agent-ready in one click
The article outlines Cloudflare's implementation of Managed OAuth to enhance access for internal applications, allowing agents to authenticate seamlessly. It describes the challenges faced when...
Securing non-human identities: automated revocation, OAuth, and scoped permissions
The article addresses the critical need for securing non-human identities in software development, particularly in the context of agentic AI systems. It outlines the risks associated with credential...
Privacy-first connections: Empowering social experiences at Airbnb
The article outlines Airbnb's approach to enhancing user privacy through the implementation of context-aware profile IDs that decouple user identities from their public profiles. By separating...
Databricks Announces Lakewatch: New Open, Agentic SIEM
Databricks has introduced Lakewatch, an innovative open security information and event management (SIEM) solution designed to address the limitations of traditional SIEMs, particularly in the context...
Agentic AI Security: New Risks and Controls in the Databricks AI Security Framework (DASF v3.0)
The Databricks AI Security Framework (DASF) has been updated to include Agentic AI as its 13th component, introducing 35 new technical security risks and 6 mitigation controls tailored for the...
Building a security overview dashboard for actionable insights
The article presents a comprehensive overview of a newly developed security dashboard designed to enhance the efficiency of security teams by providing actionable insights rather than mere...
Investigating multi-vector attacks in Log Explorer
The article discusses the complexities of modern multi-vector attacks in cybersecurity, emphasizing the necessity for comprehensive visibility through tools like Cloudflare Log Explorer. It outlines...
Active defense: introducing a stateful vulnerability scanner for APIs
The article introduces Cloudflare's new stateful vulnerability scanner designed specifically for APIs, addressing the limitations of traditional defensive security measures. It highlights the...
Fixing request smuggling vulnerabilities in Pingora OSS deployments
The article addresses critical HTTP/1.x request smuggling vulnerabilities identified in the Pingora open source framework, particularly when deployed as an ingress proxy. It outlines the nature of...
How Advanced Browsing Protection Works in Messenger
The article discusses the implementation of Advanced Browsing Protection (ABP) in Messenger, focusing on the technical challenges and infrastructure necessary to protect user privacy while analyzing...
Mind the gap: new tools for continuous enforcement from boot to login
The article introduces new tools from Cloudflare aimed at enhancing security through continuous enforcement from boot to login. It highlights the challenges of maintaining security without hindering...
Toxic combinations: when small signals add up to a security incident
The article explores the concept of 'toxic combinations' in cybersecurity, where seemingly harmless signals can converge to create significant security incidents. It highlights how minor...
2025 Q4 DDoS threat report: A record-setting 31.4 Tbps attack caps a year of massive DDoS assaults
The 2025 Q4 DDoS threat report by Cloudflare reveals a significant escalation in DDoS attacks, with a record-setting attack of 31.4 Tbps marking a year of unprecedented assaults. The report...
Understanding AI Security
The article discusses the critical importance of AI security in protecting data, models, and infrastructure from various threats, including unauthorized access and data poisoning. It emphasizes the...