The Internet is in constant motion. Sites scale, traffic shifts, and attackers adapt. Security that worked yesterday may not be enough tomorrow. That’s why the technologies that protect the web — such as Transport Layer Security (TLS) and emerging post-quantum cryptography (PQC) — must also continue to evolve. We want to make sure that everyone […]
Tag Archives: security
Understanding Spamhaus and Its Role in Email Security
In an era when email remains one of the most important forms of communication for business, commerce, and personal use, ensuring that emails reach their intended recipients (and don’t end up in spam, or worse, aiding cybercrime) is more important than ever. One of the often “behind‐the‐scenes” organizations helping to defend email systems is Spamhaus. […]
You don’t need quantum hardware for post-quantum security
Organizations have finite resources available to combat threats, both by the adversaries of today and those in the not-so-distant future that are armed with quantum computers. In this post, we provide guidance on what to prioritize to best prepare for the future, when quantum computers become powerful enough to break the conventional cryptography that underpins […]
Addressing the unauthorized issuance of multiple TLS certificates for 1.1.1.1
Over the past few days Cloudflare has been notified through our vulnerability disclosure program and the certificate transparency mailing list that unauthorized certificates were issued by Fina CA for 1.1.1.1, one of the IP addresses used by our public DNS resolver service. From February 2024 to August 2025, Fina CA issued twelve certificates for 1.1.1.1 […]
Automating threat analysis and response with Cloudy
Security professionals everywhere face a paradox: while more data provides the visibility needed to catch threats, it also makes it harder for humans to process it all and find what’s important. When there’s a sudden spike in suspicious traffic, every second counts. But for many security teams — especially lean ones — it’s hard to […]
The age of agents: cryptographically recognizing agent traffic
On the surface, the goal of handling bot traffic is clear: keep malicious bots away, while letting through the helpful ones. Some bots are evidently malicious — such as mass price scrapers or those testing stolen credit cards. Others are helpful, like the bots that index your website. Cloudflare has segmented this second category of […]
Block unsafe prompts targeting your LLM endpoints with Firewall for AI
Security teams are racing to secure a new attack surface: AI-powered applications. From chatbots to search assistants, LLMs are already shaping customer experience, but they also open the door to new risks. A single malicious prompt can exfiltrate sensitive data, poison a model, or inject toxic content into customer-facing interactions, undermining user trust. Without guardrails, […]
Unmasking the Unseen: Your Guide to Taming Shadow AI with Cloudflare One
The digital landscape of corporate environments has always been a battleground between efficiency and security. For years, this played out in the form of “Shadow IT” — employees using unsanctioned laptops or cloud services to get their jobs done faster. Security teams became masters at hunting these rogue systems, setting up firewalls and policies to […]
Announcing the Cloudflare Browser Developer Program
Today, we are announcing Cloudflare’s Browser Developer Program, a collaborative initiative to strengthen partnership between Cloudflare and browser development teams. Browser developers can apply to join here. At Cloudflare, we aim to help build a better Internet. One way we achieve this is by providing website owners with the tools to detect and block unwanted […]
How to Make Your Website GDPR Compliant
There is a straightforward reason GDPR keeps legal teams awake at night: fines can reach £17,500,000 or 4% of global annual revenue, whichever is higher. Across the incident reports studied over the past few years, the businesses that took the largest reputational hits weren’t the ones that suffered an intrusion, but the ones that held […]
