Cloudflare's Organizations feature is now in public beta for enterprise customers. After unifying the authorization system with 133K lines added and 32K deleted, it enables centralized multi-account management and shared policy distribution.
Cloudflare added a two-stage GNN+LLM cascade to its client-side malicious script detection, reducing false positives per unique script from 1.39% to 0.007% and opening the formerly paid Advanced features to self-serve customers.
A reverse-engineering report decrypted the obfuscated bytecode running on ChatGPT's login page and uncovered the 55-field fingerprinting system and React Fiber inspection behind Cloudflare Turnstile.
VoidZero, the developer of Vite, has released "Void", a full-stack web application platform built on Cloudflare, in early access. Deployment is completed with a single void deploy command, and no Cloudflare account is required.
AI Security for Apps reached GA, letting Cloudflare block prompt injection and PII leaks at the WAF layer. On the same day, it also launched RFC 9457-compatible error responses that replace HTML with JSON or Markdown when AI agents hit Cloudflare errors.
Four infrastructure-security stories from early March 2026: AI attack tool CyberStrikeAI compromising 600 FortiGates, Cloudflare's split detection/blocking WAF architecture, standardization of TLS Encrypted Client Hello, and CISA's KEV addition for VMware Aria Operations.
