Cloudflare engineers have enabled Durable Objects in Dynamic Workers, allowing AI-generated apps to have their own databases. This enables the creation of secure, sandboxed, and isolated applications with long-lived state and custom UIs. To achieve this, the Durable Object Facets feature loads and instantiates a Durable Object class dynamically, while providing it with a SQLite database for storage.

Cloudflare has made its Sandboxes and Cloudflare Containers generally available, providing a solution for AI agents to develop and run code safely. Sandboxes offer persistent, isolated environments with features like secure credential injection, PTY support, and persistent code interpreters, simplifying agent lifecycle management and development workflows. With these enhancements, organizations can deploy agent workloads at scale while ensuring security, reliability, and performance.

Cloudflare has added outbound Workers to its Sandboxes, enabling programmatic egress proxies that allow users to easily connect to services, add observability, and implement safe authentication. This feature provides a flexible and secure authentication mechanism that meets key requirements such as zero trust, simplicity, flexibility, identity awareness, observability, and performance. By using outbound Workers, Cloudflare customers can write custom code to handle requests and apply specific rules for each sandbox instance.

Cloudflare introduces Agents Week, marking a shift towards building infrastructure for the emerging age of AI. Agents are one-to-one instances that serve a single user and task, unlike traditional applications that follow a one-to-many model. This paradigm shift requires new infrastructure, specifically isolates, which are orders of magnitude more efficient than containers in terms of compute and memory. Cloudflare's infrastructure, particularly their Dynamic Workers open beta, is designed to support the large-scale adoption of agents. Isolates start in milliseconds and are securely sandboxed, enabling the running of millions of agent instances per second. This scalable infrastructure makes agents affordable for non-technical users, opening up possibilities for widespread adoption.

Cloudflare's global network recently crossed 500 Tbps of external capacity, with a peak utilization only a fraction of this number. This scale requires moving intelligence to every server in the network, enabling it to defend itself against attacks. As Cloudflare's network expanded, it adapted to meet customer needs for security, with systems like BGP-based secure tunnels and load balancers like Unimog protecting clients from a wide range of threats.

by Gabriela Alessio, Cameron Taylor, and Cameron R. WolfeIntroductionWhen members log into Netflix, one of the hardest choices is what to watch. The challenge...

Meta's Real-Time Communication Team solved the "forking trap" in WebRTC by migrating 50+ use cases to a modular architecture built on top of the latest upstream version. They achieved this through a dual-stack architecture, using a shim layer to dispatch calls between the application layer and WebRTC. This resulted in a significant reduction in binary size and improved performance, while enabling safe A/B testing of new upstream releases before rolling them out.

Here is a 2-3 sentence summary of the blog post: To build a scalable multi-tenant configuration system, AWS Architecture proposes using a tagged storage pattern that routes configuration requests to the most suitable AWS storage service, such as Amazon DynamoDB or AWS Systems Manager Parameter Store, based on key prefixes. The architecture uses four layers, including a storage layer with multi-backend strategy, a service layer with gRPC and strategy pattern, an authentication layer with Amazon Cognito, and an event-driven refresh layer for zero-downtime config updates. By leveraging these technologies, the system achieves strict tenant isolation, real-time config updates, and high performance without creating a performance bottleneck.

Meta engineers employ "Trust But Canary" strategy for configuration rollouts at scale, utilizing canary rollouts and progressive rollouts to ensure safe deployments and detect regressions early. Health checks and monitoring signals help Meta's Configurations team catch problems before they spread, while data and AI/machine learning tools significantly reduce alert noise and accelerate error diagnosis. Incident reviews prioritize system improvements over blame, fostering a culture of safety and reliability.

Author: Lin Wang (Android Performance Engineer)Default FeatureFor mobile apps, performance is considered as the “default feature”, which means apps are...

Cloudflare automated the generation of "magic packets" for Linux malware embedded in BPF socket programs using symbolic execution and Z3 theorem prover. This approach can work backward from malicious filters to automatically generate trigger packets, reducing manual analysis time from hours to seconds. By employing Z3 and scapy tools, researchers can now automate the creation of valid magic packets, streamlining security investigations and analysis workflows.

Cloudflare has accelerated its post-quantum (PQ) security roadmap, targeting full PQ security, including authentication, by 2029. This comes after breakthroughs in quantum computing advancements, including Google's improved algorithm to break elliptic curve cryptography and Oratomic's low qubit estimate for breaking RSA-2048 and P-256. The increased pace of progress on quantum hardware, error correction, and quantum software has pushed the predicted timeline for PQ migration forward from 2035+.

A production-tested approach for moving a large-scale metrics pipeline from StatsD to OpenTelemetry and Prometheus.By: Eugene Ma, Natasha AleksandrovaWhen...

Homefeed: Jiacong He, Dafang He, Jie Cheng (former), Andreanne Lemay, Mostafa Keikha, Rahul Goutam, Dhruvil Deven Badani, Dylan WangContent Quality: Jianing...

Here's a 3-sentence summary of the engineering blog post: Shoppers are increasingly making big-ticket purchases on mobile, prompting businesses to rethink checkout designs and adapt to regional and generational differences in digital wallet preferences. Supporting the right digital wallet can cut average mobile checkout time in half and substantially improve conversion rates: for example, offering BLIK in Poland increases checkout conversion by 46% and offering Pix in Brazil increases conversion by 31%. AI-assisted shopping and agents are further changing the path to checkout, requiring businesses to verify identity, intent, and authorization in real-time to improve payment performance and balance the trade-off between reducing fraud and lowering conversion rates.

By Ben SykesIn a previous post, we described how Netflix uses Apache Druid to ingest millions of events per second and query trillions of rows, providing the...

Amazon SageMaker has introduced the HyperPod Inference Operator, a Kubernetes controller that simplifies model deployment on HyperPod clusters through flexible deployment interfaces and advanced autoscaling. The Inference Operator is now a native EKS add-on, enabling one-click installation and managed upgrades directly from the SageMaker console. With this integration, customers can create and configure required IAM roles and dependencies with a single click, streamlining the inference workflow.

Cloudflare has launched Organizations, a feature designed to help enterprises manage multiple Cloudflare accounts at scale. Organizations provides a unified management layer, allowing administrators to control user access, configurations, and analytics across multiple accounts. This feature addresses the complexity of managing large-scale Cloudflare deployments, while maintaining the principle of least privilege. The Organizations feature is built on top of Cloudflare's existing Tenant system and includes features such as an account list, org super administrator roles, HTTP traffic analytics, and shared configurations. These features enable enterprise customers to centrally manage policies, view analytics, and ensure that administrators have appropriate permissions. Organizations is currently in public beta and will be expanding to all customers in the coming months, with a focus on delivering additional features such as audit logs, billing reports, and self-serve account creation.