Field notes from the edge.
What our engineers learned this week. Hands-on technical deep-dives, postmortems, and strategy frameworks.
AIScaling Security Insights: how we achieved a 10x increase in global scanning capacity
Cloudflare's Security Insights team successfully scaled their global scanning capacity by 10x—from 10 to 100 scans per second—enabling more frequent security scans and automatic coverage for millions of previously unmonitored free-tier accounts. The engineering effort addressed critical bottlenecks including Kafka consumer limitations, database query inefficiencies, and API latency issues caused b
AIAnthropic Claude Fable 5 on AWS: Mythos-class capabilities with built-in safeguards now available
Anthropic has launched Claude Fable 5 on Amazon Bedrock and AWS, offering Mythos-level AI capabilities with built-in safeguards for broader enterprise use. The model features long-running task execution, advanced vision capabilities for document processing, and proactive self-verification, while automatically routing high-risk prompts to the less capable Opus 4.8 model. Enterprise customers can ac
AITurning Cloudflare’s threat indicators into real-time WAF rules
Cloudflare has introduced a new integration that allows security teams to automatically translate threat intelligence from its Threat Events platform into proactive WAF rules, eliminating the manual process of configuring blocks for known malicious IPs. The solution leverages an 'always-on' detection framework that enriches HTTP requests with real-time threat metadata, enabling organizations to fi
AIPCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network
The threat actor PCPJack has compromised approximately 230 cloud servers across AWS, Google Cloud, and Microsoft Azure to establish a covert SMTP email relay network. The hijacked business servers spanning the U.S., Europe, and Asia were converted into SMTP proxies that were verified for mail relay capability and synchronized to downstream consumers every five minutes.
AIFBI-Flagged Phishing Kit Kali365 Expands Its Reach
The FBI-flagged Kali365 phishing-as-a-service platform has expanded beyond its original Microsoft 365 targets to now include AWS, Okta, and Russian platforms. The threat actor toolkit leverages device code phishing techniques to compromise enterprise authentication systems across multiple cloud service providers.
AIAttackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit
A threat actor exploited CVE-2026-39987 in publicly-accessible Marimo notebooks to gain initial access, then deployed an LLM agent to conduct post-exploitation activities. The attacker successfully extracted cloud credentials from the compromised system, demonstrating a novel attack technique combining traditional vulnerability exploitation with AI-powered automation.
AIWith Complex Cloud Integrations, Small Errors Lead to Major Compromises
Security researchers uncovered a critical exploit chain in a widely-used automation service that leveraged over-permissioned roles, exposed secrets, and compromised non-human identities. The discovery highlights how seemingly minor misconfigurations in complex cloud integrations can cascade into major security vulnerabilities. This case underscores the growing risk surface created by interconnecte
AIPCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems
A new credential theft framework called PCPJack has been identified targeting exposed cloud infrastructure by exploiting five CVEs to spread in a worm-like manner. The malware harvests credentials from cloud services, containers, developer tools, productivity platforms, and financial services before exfiltrating data through attacker-controlled infrastructure, while also removing competing TeamPCP
AIEnforcing trust and transparency: Open-sourcing the Azure Integrated HSM
Microsoft is open-sourcing its Azure Integrated HSM, a FIPS 140-3 Level 3 certified hardware security module built into every new Azure server, to enhance transparency and trust in cloud cryptographic operations. The firmware, driver, and software stack will be released through the Open Compute Project, enabling independent validation by customers, partners, and regulators. This server-local appro
AIAzure IaaS: Defense in depth built on secure-by-design principles
Microsoft Azure IaaS implements a comprehensive security architecture combining defense-in-depth layering with Secure Future Initiative (SFI) principles across compute, networking, and storage infrastructure. Security is engineered from hardware roots of trust through virtualization boundaries, with protections enabled by default including network isolation, encryption, and DDoS mitigation. The pl