Defend against frontier cyber models: Cloudflare’s architecture as customer zero

A few weeks ago, we wrote about Project Glasswing and what we observed when we pointed cyber frontier models at our own code. Since then, we’ve seen that the part of the post that has resonated most deeply is the argument that the architecture around the vulnerability matters more than the speed of the patch.

In the conversations we've had with CISOs and security teams since, the questions have been consistent: what does our architecture actually look like, what should we monitor for, where do we start, and how can Cloudflare help?

Before getting into the details: the architecture below is built almost entirely from Cloudflare's own products, because Cloudflare security is customer zero for the security products we build. The Cloudflare stack already exists in front of our code, employees, and customer-facing applications. If you're a Cloudflare customer, every layer below is available to you today. If you're not, the principles still apply to whatever stack you've built.

What a cyber frontier model actually changes

In the previous post, we showed how a cyber frontier model like Mythos changes the attacker’s timeline. It can find vulnerabilities, reason through exploit chains, and generate working proofs faster than earlier models. Continue reading

NB578: Cisco Goes All-In on AI Ops with Cloud Control; China Floats Underwater Data Center

Take a Network Break! Our Red Alert covers a critical Android vulnerability that could lead to local privilege escalation to root. On the news front, we dig into Cloud Control, Cisco’s ambitious AI ops platform that spans its networking, security, compute, observability, and collaboration portfolios. We also talk about Cisco Live Protect, which provides pre-patch... Read more »

Worth Reading 060826


In a paper published late in 2025, Østergaard and colleagues reported on their examination of almost 40 psychiatric referrals across Denmark that implicated AI chatbots in harmful interactions, including suicidal thoughts, eating disorders, and fostering delusions

 


Since its deployment in 2011, the adoption of RPKI by Internet Service Providers has shown continuous growth, a trend that persists to this day. As this growth continues it is important to measure its effect on BGP stability.

 


AI companies, AI influencers and famous professors have been making extraordinary claims for years about AI.

 


A robotic system that can produce a rubbery pancake is a true technical and logistic achievement, but why all this work to automate the production of mediocrity?

 


The greatest risk we face today isn’t that AI is becoming “too smart”; it’s that we are beginning to treat this technology as an infallible “oracle” rather than a capable, yet fundamentally fallible, “intern.”

Turning Cloudflare’s threat indicators into real-time WAF rules

Cloudflare’s Threat Events provides security analysts with a window into the global threat landscape. The platform offers a peek into the immense traffic that Cloudflare processes every day, so you can see in real time which IPs are attacking specific industries or which threat actors are trending globally. However, translating that visibility into active mitigation has often been a manual, reactive process.

Security teams have faced a recurring frustration: knowing that certain IP addresses were associated with specific threat actors (like Tycoon 2FA or RaccoonO365) or had been seen targeting their specific industry in other regions, but they couldn't easily automate the blocking of these high-risk IPs within their own WAF unless they manually configured the rules. 

We are excited to announce a new integration that brings Cloudflare’s vast threat intelligence directly into your WAF engine: you can now write proactive rules using live intelligence data. This means you can add more intelligence context to protect your application against known bad actors — before they even attempt to touch your infrastructure.

By populating specialized fields during the early stages of a request, the WAF can now screen traffic based on:

netlab 26.06: OSPFv3 on FortiOS, MPLS/VPN on SR Linux

netlab release 26.06 adds OSPFv3 support on FortiOS (by @a-v-popov) and MPLS/VPN support on SR Linux. We also ensured the installation scripts work on Ubuntu 26.04 (everything else was OK) and updated the installed Vagrant version to 2.4.9 (we’re not using new Vagrant features; you don’t have to upgrade it in an existing installation).

Other than that, we added a few improvements and squashed a number of bugs.

Upgrading or Starting from Scratch?

Evolusi Teknologi Energy Buffer untuk Efisiensi Kendaraan Masa Depan

Di tengah percepatan inovasi otomotif, teknologi kendaraan terus mengalami perkembangan signifikan untuk mendukung efisiensi energi dan keberlanjutan. Salah satu terobosan yang mulai populer adalah energy buffer berbasis teknologi pintar yang mampu mengelola energi secara optimal dalam kendaraan masa depan. Artikel ini akan membahas evolusi teknologi intelligent energy buffer dan peran vitalnya dalam transformasi kendaraan modern.

Apa Itu Energy Buffer?

Energy buffer adalah sistem penyimpanan energi sementara yang berfungsi untuk menstabilkan dan mengoptimalkan distribusi energi pada kendaraan. Sistem ini membantu dalam menyimpan energi saat kelebihan daya dan melepaskannya kembali saat kebutuhan energi meningkat, sehingga memastikan konsumsi yang lebih efisien dan mengurangi pemborosan energi.

Dalam konteks kendaraan, energy buffer biasanya diintegrasikan dengan baterai utama dan sistem regenerasi energi, seperti pengereman regeneratif pada kendaraan listrik dan hybrid. Fungsi utamanya adalah meningkatkan performa kendaraan sekaligus mengurangi emisi.

Peran Teknologi Kendaraan dalam Meningkatkan Efisiensi Energi

Seiring perkembangan teknologi kendaraan, kebutuhan untuk mengoptimalkan penggunaan energi semakin mendesak. Energi yang efisien tidak hanya mengurangi konsumsi bahan bakar tetapi juga memperpanjang umur kendaraan dan komponen pendukungnya.

Intelligent energy buffer hadir sebagai solusi cerdas dengan fitur-fitur seperti:

  • Manajemen Energi Otomatis: Mengatur aliran energi secara real-time sesuai kebutuhan pengemudi dan kondisi jalan.
  • Integrasi dengan Sistem Kendaraan Lain: Berfungsi bersama ECU Continue reading

Potensi Industri Produk Turunan Singkong untuk Meningkatkan Ekonomi Desa

Singkong merupakan salah satu tanaman pangan yang memiliki peranan penting dalam ketahanan pangan di Indonesia. Selain mudah dibudidayakan, singkong juga tahan terhadap berbagai kondisi lingkungan, sehingga sangat potensial untuk dikembangkan sebagai bahan baku industri pangan. Dalam beberapa tahun terakhir, industri produk olahan singkong mulai menunjukkan perkembangan yang signifikan, memberikan peluang besar untuk meningkatkan nilai tambah dan mendongkrak ekonomi desa.

Mengapa Singkong Menjadi Bahan Baku Unggulan?

Singkong memiliki banyak keunggulan dibandingkan dengan tanaman pangan lainnya:

  • Ketersediaan melimpah: Singkong dapat tumbuh hampir di seluruh wilayah Indonesia, termasuk daerah-daerah dengan kondisi tanah kurang subur.
  • Mudah diolah: Singkong dapat diolah menjadi berbagai produk olahan yang bernilai jual tinggi.
  • Nilai gizi yang baik: Sebagai sumber karbohidrat, singkong juga kaya akan serat dan beberapa jenis mineral.
  • Tahan lama: Produk olahan singkong biasanya memiliki masa simpan lebih lama dibandingkan singkong segar.

Karena alasan di atas, singkong sangat potensial untuk diangkat menjadi bahan baku utama dalam industri pangan yang dapat memberikan dampak positif bagi perekonomian lokal.

Ragam Produk Olahan Singkong dalam Industri Pangan

Industri produk turunan singkong telah berkembang cukup luas dengan berbagai inovasi produk olahan yang menarik, antara lain:

  • Tepung singkong: Digunakan sebagai bahan baku pengganti tepung terigu, terutama bagi yang alergi Continue reading

Best of the Hedge: Episode 15, Supporting Open Source

Many companies rely on open source, regardless of whether or not they realize it. In this best of the Hedge episode, Alistair Woodman joins Russ White and Tom Ammon to talk about not only why you should support the open source projects you use, but how you can.
 

@nbsp;
download
$nbsp;
Reposting a classic episode this week because I was out of town and didn’t get around to editing an episode.

Your AI bill is out of control. Cloudflare can fix it now. 

There isn't a CIO on the planet not worried about AI spend right now. CFOs are increasingly nervous, too.

For fear of falling behind, many companies have pushed their employees to use AI as aggressively as possible. The edict was clear: "Move fast, we'll figure out the bill later." And for the most part, it worked: AI has been genuinely transformational for the teams that leaned in.

But the costs are real: we’ve heard countless horror stories of huge bills and painful overages on token spend.

Today, we're announcing spend controls in Cloudflare AI Gateway, and a closed beta for identity-driven budgets and routing using Cloudflare Access and your existing identity provider.

As we’ve spoken with hundreds of companies about their AI strategy, we’ve seen a common story:  The company gives every engineer access to frontier models through a shared API key. Usage takes off. At the end of the month, finance pulls the invoice and nobody can explain where the money went. Was it the machine learning team training a new pipeline? Was it an intern running Claude Opus on email triage? Was it a runaway continuous integration job that burned through 50 million tokens in a weekend? Continue reading

Worth Reading 060526


A BBC journalist recently performed a silly experiment to prove a very serious point. In just 20 minutes, he manipulated ChatGPT and Google into telling the public he was a world-champion competitive hot dog eater.

 


Many (perhaps most) of the BGP route leaks reported on Cloudflare Radar (as with its predecessors) are what I term ‘ephemeral leaks‘, brief routing anomalies that exist only momentarily during convergence and have little to no operational impact.

 


In this episode of PING, APNIC Chief Scientist Geoff Huston and I discuss the Network Time Protocol (NTP). NTP is one of the oldest systems we rely on today.

 


The Gentlemen ransomware is a ransomware-as-a-service (RaaS) threat that is distinguished by its ability to pair its strong per-file encryption with an aggressive self-propagation capability designed to enable broad network compromise.

 


LLMs can help tame the complexity at the root of many of today’s software security challenges.

Lab: Implementing VRF-Lite with VXLAN

Did you know that you can implement a VRF-Lite design with VXLAN? All you need are devices that can run VRF routing protocols over VXLAN-backed VLAN segments.

Compared to the “traditional” VRF-Lite design, in which you need a set of VLANs on every link and every device running the routing protocol for every VRF, the VXLAN-based design needs just IP routing on the core switches, resulting in a design that’s pretty close to what we were building with DMVPN (without IPsec and NHRP complications).

Read more …

VoidZero is joining Cloudflare

VoidZero, the company behind Vite, Vitest, Rolldown, Oxc, and Vite+, is joining Cloudflare. As part of this change, all team members of VoidZero are joining Cloudflare, too.

Before saying anything else, we want to make the most important thing clear: Vite, Vitest, Rolldown, Oxc, and Vite+ will stay open source, vendor-agnostic, and community-driven. Nothing about that changes.

Cloudflare's mission is to help build a better Internet. And a better Internet is an open Internet. Developers need choice, frameworks need a neutral foundation, and applications need to be portable. It is not reasonable to expect the entire web ecosystem to build around a single vendor. The most important tools and frameworks are portable by design.

Vite is one of the few foundational tools that the whole JavaScript ecosystem agrees on. It earned that position by being fast, excellent, portable, and vendor-neutral. One of the best ways Cloudflare can help build a better Internet is by investing in that foundational open source toolchain. A toolchain that makes the Internet better for everyone, not just people who use Cloudflare or choose to host with us.

Over the last few years we've invested heavily in making Cloudflare the best Continue reading

Using netlab to Argue with Vendor TAC

A happy netlab user sent me an unexpected use case: they successfully used its multi-vendor capabilities to argue with a vendor TAC. Here’s the gist of the story (edited/anonymized for obvious reasons):

They deployed a configuration change that resulted in an unexpected outage. The outage partially disrupted the data center network, so they didn’t have the luxury of collecting data and reproducing the issue, as they had to roll back the change as expeditiously as possible.
Read more …
1 2 3 4 3,877