Thank you for following along with another Security Week at Cloudflare. We’re extremely proud of the work our team does to make the Internet safer and to help meet the challenge of emerging threats. As our CISO Grant Bourzikas outlined in his kickoff post this week, security teams are facing a landscape of rapidly increasing complexity introduced by vendor sprawl, an “AI Boom”, and an ever-growing surface area to protect.
As we continuously work to meet new challenges, Innovation Weeks like Security Week give us an invaluable opportunity to share our point of view and engage with the wider Internet community. Cloudflare’s mission is to help build a better Internet. We want to help safeguard the Internet from the arrival of quantum supercomputers, help protect the livelihood of content creators from unauthorized AI scraping, help raise awareness of the latest Internet threats, and help find new ways to help reduce the reuse of compromised passwords. Solving these challenges will take a village. We’re grateful to everyone who has engaged with us on these issues via social media, contributed to our open source repositories, and reached out through our technology partner program to work with us on the issues most important to them. For us, that’s the best part.
Here’s a recap of this week’s announcements:
Helping make the Internet safer
Title | Excerpt |
We’re thrilled to announce that organizations can now protect their sensitive corporate network traffic against quantum threats by tunneling it through Cloudflare’s Zero Trust platform. | |
How Cloudflare is using automation to tackle phishing head on | How Cloudflare is using threat intelligence and our Developer Platform products to automate phishing abuse reports. |
Advancing account security as part of Cloudflare’s commitment to CISA’s Secure by Design pledge | Cloudflare has made significant progress in boosting multi-factor authentication (MFA) adoption. With the addition of Apple and Google social logins, we’ve made secure access easier for our users. |
We’re excited to announce that Cloudflare for Campaigns now includes Email Security, adding an extra layer of protection to email systems that power political campaigns. | |
Enhanced security, simplified control! This Security Week, Cloudflare unveils automated botnet protection, flexible cipher suites, and an upgraded URL Scanner. | |
Password reuse is rampant: nearly half of user logins are compromised | Nearly half of login attempts across websites protected by Cloudflare involved leaked credentials. The pervasive issue of password reuse is enabling automated bot attacks on a massive scale. |
Threat research from the network that sees the most threats
Title | Excerpt |
Unleashing improved context for threat actor activity with our Cloudforce One threat events platform | Gain real-time insights with our new threat events platform. This tool empowers your cybersecurity defense with actionable intelligence to stay ahead of attacks and protect your critical assets. |
One platform to manage your company’s predictive security posture with Cloudflare | Cloudflare introduces a single platform for unified security posture management, helping protect SaaS and web applications deployed across various environments. |
Cloudflare enables native monitoring and forensics with Log Explorer and custom dashboards | We are excited to announce support for Zero Trust datasets, and custom dashboards where customers can monitor critical metrics for suspicious or unusual activity |
Introducing new Turnstile Analytics: gain insight into your visitor traffic, bot behavior patterns, traffic anomalies, and attack attributes. | |
Extending Cloudflare Radar’s security insights with new DDoS, leaked credentials, and bots datasets | For Security Week 2025, we are adding several new DDoS-focused graphs, new insights into leaked credential trends, and a new Bots page to Cloudflare Radar. |
Securing models and guarding against AI threats
Title | Excerpt |
Cloudflare for AI: supporting AI adoption at scale with a security-first approach | With Cloudflare for AI, developers, security teams, and content creators can leverage Cloudflare’s network and portfolio of tools to secure, observe, and make AI applications resilient and safe to use. |
How we train AI to uncover malicious JavaScript intent and make web surfing safer | Learn more about how Cloudflare developed an AI model to uncover malicious JavaScript intent using a Graph Neural Network, from pre-processing data to inferencing at scale. |
An early look at cryptographic watermarks for AI-generated content | It's hard to tell the difference between web content produced by humans and web content produced by AI. We're taking a new approach to making AI content distinguishable without impacting performance. |
How Cloudflare uses generative AI to slow down, confuse, and waste the resources of AI Crawlers and other bots that don’t respect “no crawl” directives. | |
Take control of public AI application security with Cloudflare's Firewall for AI | Firewall for AI discovers and protects your public LLM-powered applications, and is seamlessly integrated with Cloudflare WAF. Join the beta now and take control of your generative AI security |
Improved Bot Management flexibility and visibility with new high-precision heuristics | By building and integrating a new heuristics framework into the Cloudflare Ruleset Engine, we now have a more flexible system to write rules and deploy new releases rapidly |
Simplifying security
Title | Excerpt |
Introducing Cloudy, Cloudflare’s AI agent for simplifying complex configurations | Cloudflare’s first AI agent, Cloudy, helps make complicated configurations easy to understand for Cloudflare administrators. |
Making Application Security simple with a new unified dashboard experience | We’re introducing a new Application Security experience in the Cloudflare dashboard, with a reworked UI organized by use cases, making it easier for customers to navigate and secure their accounts |
Improved support for private applications and reusable access policies with Cloudflare Access | We are excited to introduce support for private hostname and IP address-defined applications as well as reusable access policies. |
Simplify allowlist management and lock down origin access with Cloudflare Aegis | Cloudflare Aegis provides dedicated egress IPs for Zero Trust origin access strategies, now supporting BYOIP and customer-facing configurability, with observability of Aegis IP address utilization coming soon. |
HTTPS-only for Cloudflare APIs: shutting the door on cleartext traffic | We are closing the cleartext HTTP ports entirely for Cloudflare API traffic. This prevents the risk of clients unintentionally leaking their secret API keys in cleartext during the initial request, before we can reject the connection at the server side. |
Cloudflare named a leader in Web Application Firewall Solutions in 2025 Forrester report | Forrester Research has recognized Cloudflare as a Leader in its The Forrester Wave™: Web Application Firewall Solutions, Q1 2025 report. |
Data security everywhere, all the time
Title | Excerpt |
Detecting sensitive data and misconfigurations in AWS and GCP with Cloudflare One | Using Cloudflare’s CASB, integrate, scan, and detect sensitive data and misconfigurations in your cloud storage accounts. |
RDP without the risk: Cloudflare's browser-based solution for secure third-party access | Cloudflare now provides clientless, browser-based support for the Remote Desktop Protocol (RDP). It natively enables secure, remote Windows server access without VPNs or RDP clients, to support third-party access and BYOD security. |
Improving Data Loss Prevention accuracy with AI-powered context analysis | Cloudflare’s Data Loss Prevention is reducing false positives by using a self-improving AI-powered algorithm, built on Cloudflare’s Developer Platform, to improve detection accuracy through AI context analysis. |
Enhance data protection in Microsoft Outlook with Cloudflare One’s new DLP Assist | Customers can now easily safeguard sensitive data in Microsoft Outlook with our new DLP Assist feature. |
Prepping for post-quantum: a beginner’s guide to lattice cryptography | This post is a beginner's guide to lattices, the math at the heart of the transition to post-quantum (PQ) cryptography. It explains how to do lattice-based encryption and authentication from scratch. |
Cloudflare is now assessed at the IRAP PROTECTED level, bringing our products and services to the Australian Public Sector. |
Tune in to the latest on Cloudflare TV
For a deeper dive on many of the great announcements from Security Week, check out our CFTV segments where our team shares even more details on our latest updates.
See you for our next Innovation Week
We appreciate everyone who’s taken the time to read Cloudflare’s Security Week blog posts or engage with us on these topics via social media. Our next innovation week, Developer Week, is right around the corner in April. We look forward to seeing you then!