Field notes from the edge.
What our engineers learned this week. Hands-on technical deep-dives, postmortems, and strategy frameworks.
AIIntroducing the Cloudflare One stack: agent-powered deployment
Cloudflare has launched the Cloudflare One stack, an agent-powered toolkit designed to automate the configuration, deployment, and management of Zero Trust network architectures. The stack provides AI agents with structured knowledge and tools to handle complex migration tasks from legacy SASE vendors like Zscaler and Palo Alto Networks, reducing implementation timelines from months to hours. Buil
AIRoute public traffic to private applications with Cloudflare
Cloudflare is launching Application Services for Private Origins in closed beta, enabling enterprise customers to route public internet traffic to private applications without exposing them publicly. This capability extends Cloudflare's security, performance, and programmability services (WAF, bot management, rate limiting, caching, Workers) to private origins using existing private network connec
AIThe Hidden Security Risk in Modern Networks: The Work Between Tools
Despite increased network visibility through expanded tech stacks and AI-driven automation, organizations continue to face prolonged outages lasting hours with significant financial and reputational consequences. The persistent challenge lies in the gaps between security tools, where manual processes and coordination failures create vulnerabilities that automation alone cannot address.
AIThe Intersection of Encryption and AI
Bruce Schneier reflects on his 2010 Dark Reading essay about cryptography's limitations in securing modern networks, emphasizing that while cryptography has strong mathematical properties favoring defenders, it cannot address most contemporary cybersecurity challenges like DDoS attacks, malware, and network penetration. He traces this argument from his 2000 book 'Secrets and Lies' through today, n
AIPAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
Palo Alto Networks has issued a warning about active exploitation of CVE-2026-0257, a medium-severity authentication bypass vulnerability in PAN-OS and Prisma Access. The flaw, with a CVSS score of 7.8, allows threat actors to bypass authentication mechanisms and establish unauthorized VPN connections through GlobalProtect.
AIAnti-DDoS Firm Heaped Attacks on Brazilian ISPs
Huge Networks, a Brazilian DDoS protection firm, was found to be harboring infrastructure used to launch massive DDoS attacks against Brazilian ISPs through a botnet exploiting vulnerable TP-Link routers. The company's CEO claims the malicious activity resulted from a January 2024 security breach that compromised development servers and his personal SSH keys, suggesting a competitor may be attempt
AIWhen DNSSEC goes wrong: how we responded to the .de TLD outage
On May 5, 2026, DENIC's incorrect DNSSEC signatures for the .de TLD caused widespread DNS resolution failures, potentially affecting millions of German domains. Cloudflare's 1.1.1.1 resolver mitigated the impact through 'serve stale' functionality (RFC 8767) and Negative Trust Anchors (RFC 7646), continuing to serve cached records and temporarily disabling DNSSEC validation for .de domains until D