WAF Articles

Cloudflare now returns RFC 9457-compliant structured Markdown and JSON error responses to AI agents, replacing HTML error pages and reducing token usage by over 98%.

AI

Developer Platform

Developers

AI Security for Apps is now generally available

Cloudflare announces the general availability of AI Security for Apps, a reverse-proxy solution for detecting and mitigating threats to AI-powered applications.

Always-on detections: eliminating the WAF “log versus block” trade-off

This article introduces Cloudflare's always-on Attack Signature Detection framework that eliminates the traditional WAF trade-off between log visibility and block protection.

The most-seen UI on the Internet? Redesigning Turnstile and Challenge Pages

This article details Cloudflare's comprehensive redesign of their Turnstile widget and Challenge Pages, UI components served 7.67 billion times daily.

How we mitigated a vulnerability in Cloudflare’s ACME validation logic

Cloudflare disclosed and patched a WAF bypass vulnerability in their ACME HTTP-01 challenge validation logic, reported by FearsOff researchers in October 2025.