Fall 2026
Posted on 7/3/2026
CDN, cybersecurity, and serverless computing platform
No salary listed
Company Historically Provides H1B Sponsorship
Austin, TX, USA
Hybrid
Three days on-site per week required.
Preparing a concise company summary based on the provided Cloudflare description.
Company Size
5,001-10,000
Company Stage
IPO
Headquarters
San Francisco, California
Founded
2009
People at Cloudflare who can refer or advise you
Help us improve and share your feedback! Did you find this helpful?
Competitive salaries
Take-what-you-need paid vacation policy
Comprehensive health plans and benefits
Paid maternity and paternity leave
Commuter and ride share options
Returnships
AI's brutal toll on the job market is on the way: Cloudflare CEO. Posted on June 26, 2026 By News Team Batten down the hatches, workers, the next 12 months could really suck as AI permeates offices. "When I talk to peers, everyone says, 'Yeah, I'm gonna do that [mass layoffs].' But they're like, 'I'm going to do it when everyone else does it.' And honestly, I think that's poor leadership, because in six to 12 months, when we're going to see more of these layoffs, it's going to be much harder for those people laid off at that time to get a job," Cloudflare (NET) co-founder and CEO Matthew Prince told Yahoo Finance at the Cannes Lions Festival of Creativity on Wednesday. Prince is speaking from recent experience. Cloudflare announced a workforce reduction of roughly 20% in May, eliminating more than 1,100 jobs globally in the largest layoff in the company's history. At the time, the company framed the aggressive cuts as a structural pivot into the "agentic AI era." It came after Cloudflare witnessed a 600% surge in internal AI tool usage, per the company. Cloudflare is part of a growing number of tech giants laying off workers because of AI productivity gains. Others include Amazon (AMZN), Oracle (ORCL), Coinbase (COIN), Robinhood (HOOD), Salesforce (CRM), Meta (META), and Microsoft (MSFT). "I think once we realized it was something we had to do, we made the decision it was the kindest thing that we could do for the team to do as early as possible," Prince said. The company's most recent quarterly results showed the cuts were not a sign of financial distress. Cloudflare saw a 34% year-over-year revenue surge to $639.8 million as businesses invested in security infrastructure in the age of AI. The company notched a 73% jump in deals worth over $1 million, alongside a 25% increase in large enterprise customers paying more than $100,000 annually. Earnings per share easily beat analyst forecasts. Cloudflare stock is up 13% year to date.
Cloudflare and beehiiv give publishers new AI crawler controls. Published: June 23, 2026 at 1:04 pm Read Time: 3 minutes A new dashboard shows which AI bots hit newsletters, what got blocked and whether any of that crawling sends readers back. Cloudflare and beehiiv added AI crawl controls to beehiiv's platform. This gives newsletter publishers a way to see, allow, or block AI bots from their dashboard as AI search becomes a new discovery path for web content. The integration, announced Tuesday, embeds Cloudflare's Crawl Control technology into beehiiv. It lets publishers manage how AI search engines and agents access their content, either by allowing crawlers for broader discovery or blocking scraping to protect archives for future licensing and monetization. AI bot data comes to the dashboard. beehiiv publishers will get an on-platform dashboard showing which AI crawlers tried to access their content, which were blocked, and how much referral traffic those crawlers sent back. The dashboard gives publishers a side-by-side view of crawler activity, blocking decisions and referral traffic from AI services. Publishers get simpler controls. The companies said publishers will be able to allow or block specific AI models with one-click permissions. Cloudflare will also update the system as new AI crawlers appear, reducing the need for publishers to manage robots.txt files, firewalls, or code changes themselves. What they're saying. Cloudflare CEO Matthew Prince said the partnership gives newsletter operators "transparency and control" as the internet changes; beehiiv CEO Tyler Denk said publishers need "real leverage" as AI changes how people find and consume content. From Cloudflare's announcement: * "As AI models evolve to offer new forms of search and discovery, independent creators are looking for flexible ways to understand and manage how their content is accessed. This integration simplifies the process by letting beehiiv users manage their digital footprint through two clear choices: publishers can either opt-in to maximum discovery to allow AI search engines and agents to crawl their work freely for broader distribution, or choose content protection, blocking AI scraping to preserve their archives for future monetization and licensing opportunities." Why Search Engine Land care. The key question is whether publishers will actually use these controls once they are available. AI crawling has outpaced many creators' ability to manage it, and adoption will show whether simple dashboard controls are enough to change publisher behavior. Rollout starts now. The new controls are rolling out through beehiiv's standard dashboard settings. All beehiiv users will get beta access to AI Crawl Control for visibility into AI crawler activity and traffic. beehiiv Max customers will also be able to block AI crawlers. Topics on this page. Search Engine Land is owned by Semrush. Search Engine Land remain committed to providing high-quality coverage of marketing topics. Unless otherwise noted, this page's content was written by either an employee or a paid contractor of Semrush Inc. Danny Goodwin is Editorial Director of Search Engine Land & Search Marketing Expo - SMX. He joined Search Engine Land in 2022 as Senior Editor. In addition to reporting on the latest search marketing news, he manages Search Engine Land's SME (Subject Matter Expert) program. He also helps... [Read more]
Cloudflare, Google, Mozilla, and Microsoft are developing a mechanism to filter out web bots. Cloudflare, Google, Mozilla, Microsoft, and Shopify have unveiled a joint project to develop and standardize the Private Access Control Tokens (PACT) protocol, which will separate real users and legitimate bots from spam traffic and uncontrolled AI bot activity while preserving user privacy. The new protocol is claimed to enable filtering bot traffic on websites using anonymous tokens, eliminating CAPTCHA requests, mandatory authentication, and cookie tracking. The idea is that services that have reason to believe a user is a real person, for example, after successful authentication or anti-bot verification, will issue anonymous tokens to the user. The user's browser can then present these tokens to other websites as proof that the request is not automated. This approach will allow verification checks already passed on one site to be used to connect to other sites without additional verification. The protocol is designed so that websites cannot use tokens to identify the user or restore browsing history. The initiative was prompted by the growing share of automated traffic from AI agents, crawlers, and scrapers that pretend to be requests from regular users, ignore robots.txt rules, and create a huge parasitic load on servers. Previously, Cloudflare proposed using Web Bot Auth for bot authentication. This mechanism relies on attaching a cryptographic signature to bot HTTP requests to make access decisions based on verifiable data rather than IP addresses or easily forged User-Agent field contents. One potential risk associated with the implementation of the PACT protocol is that the mechanism created for voluntary user confirmation could turn into a mandatory filter for accessing websites and become a barrier whereby programs, browsers, and users would have to prove that they deserve access. The Electronic Frontier Foundation (EFF) previously highlighted a similar issue in its criticism of the Web Environment Integrity API and remote attestation. Such mechanisms allow website owners to block unwanted browsers, operating systems, and automation tools, framing this as a means of combating fraud and malicious activity. The EFF acknowledges that bot problems are real, but considers it unacceptable to address them by introducing new restrictions and infringing on users' rights to manage their own computers. Source: opennet.ru A ProHoster specialist with over seven years of experience in hosting, network infrastructure, and internet security. I participate in the development and maintenance of server solutions, VPN services, and client platforms. I specialize in stability, data protection, and service optimization for clients. I regularly monitor updates in industry standards and best practices.
Cybersecurity weekly update: 8-15 June 2026. * 4 days ago 1. Microsoft's record-breaking patch tuesday drops 206 fixes. In what has officially become the largest security update release in the history of the program, Microsoft patched 206 security flaws this past week. The massive release includes 32 critical vulnerabilities and three publicly disclosed zero-days. While none of the three zero-days are currently reported to be actively exploited in the wild, their public disclosure means threat actors are actively developing proof-of-concept exploits. * CVE-2026-50507 (CVSS 6.8): A protection mechanism failure in Windows BitLocker that could allow an attacker with physical access to bypass drive encryption and steal sensitive data. * CVE-2026-45586 (CVSS 7.8): An elevation of privilege (EoP) flaw in the Windows Collaborative Translation Framework (CTFMON) that can grant an attacker full SYSTEM privileges. Why it matters: Organizations storing highly regulated data on endpoint devices - such as medical records or financial transactions - are at increased risk if laptops are lost or stolen, due to the BitLocker bypass vulnerability. Laptops traveling across European and South African borders are highly exposed. Action: Deploy the June 2026 Windows cumulative updates across all endpoints immediately. For high-risk personnel in finance or healthcare who travel with corporate devices, enforce strict Pre-Boot Authentication (PBA) via your endpoint management tools (MDM/GPO) to act as a vital hardware barrier against physical BitLocker bypasses. 2. The "HTTP/2 Bomb" Threatens enterprise web infrastructure. Security researchers have disclosed a severe vulnerability in the default configurations of major web servers - including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. Tracked as CVE-2026-49975, the flaw combines a compression bomb with a Slowloris-style flow-control window hold. A single attacker operating from a basic home internet connection can leverage this flaw to consume up to 32GB of server memory in less than 20 seconds, crashing web applications instantly. Why it matters: Online banking platforms, public health portals, and university student portals running default web server configurations are highly vulnerable to prolonged denial-of-service (DoS) attacks, rendering vital services inaccessible to citizens and clients. Action: Prioritize the immediate update of your exposed web servers (NGINX, Apache, IIS, Envoy) to their latest secure versions. If immediate patching is impossible due to operational downtime constraints, configure your edge firewalls or Web Application Firewall (WAF) to enforce strict maximum limits on header size and stream counts, or temporarily disable HTTP/2 support on public-facing banking and student portals. 3. Active exploitation: Cisco Catalyst SD-WAN Manager zero-day. Cisco issued an urgent warning regarding a high-severity, unpatched zero-day flaw (CVE-2026-20245) affecting its Catalyst SD-WAN Manager. Local, authenticated attackers with netadmin access are actively exploiting this vulnerability via the command-line interface to achieve root privilege escalation and push rogue configuration changes to network edge devices. Why it matters: This represents a continuing, severe campaign against SD-WAN infrastructure this year. For defense organizations, financial backbones, and healthcare networks managing highly distributed networks across South Africa and Europe, an unauthorized configuration push could compromise the integrity of isolated communication channels or silently redirect secure traffic. Action: Because a permanent vendor patch is still pending under intense crunch conditions, completely isolate your Cisco Catalyst SD-WAN management interfaces from the public internet. Restrict all administrative console access strictly to isolated internal networks or dedicated out-of-band management segments using tight Access Control Lists (ACLs), and immediately audit configuration logs for any unauthorized root-level modifications. (Source: https://nvd.nist.gov/vuln/detail/CVE-2026-20245) 4. UK NCSC: testing frontier AI models in National Cyber defense. The UK's National Cyber Security Centre (NCSC) published a landmark case study detailing their framework for bringing frontier Artificial Intelligence out of the laboratory and into government cyber defense infrastructure. Concurrently, global threat intelligence reports note that ransomware syndicates are aggressively adopting automated AI tools to scale their operations - specifically using machine learning to automate system reconnaissance and optimize social engineering tactics. Why it matters: As defensive frameworks adopt AI to accelerate patch management, threat actors are using the exact same technology to spot vulnerabilities faster. Organizations across all target spaces must evaluate their third-party software supply chains to ensure vendors are securing their own AI implementations. Action: Conduct an enterprise-wide audit of internal development pipelines and shadow AI tool usage. Ensure your development teams are not pulling insecure or unvetted open-source AI building blocks into production environments, and demand a comprehensive Software Bill of Materials (SBOM) from your third-party software vendors to verify how they secure their own integrated AI systems. (Source: https://www.gov.uk/government/case-studies/when-ai-leaves-the-lab-testing-frontier-models-in-government-cyber-defence) Key recommendations: * Immediately update your core web server software (NGINX, Apache, IIS, Envoy) to its latest safe version, or have your web provider block unusually heavy incoming traffic to prevent your servers from crashing under the HTTP/2 Bomb exploit. * Force a mandatory update to the June 2026 security patch on all work and personal systems, and configure endpoint policies to enforce strict Pre-Boot Authentication (PBA) to block unpatched or physically compromised devices from exposing local corporate data. * Disconnect the Cisco management screen from the public internet entirely and restrict login access strictly to trusted IT administrator computers using strict Access Control Lists (ACLs). * Heavily restrict what company data your AI tools are allowed to see, and install a specialized safety filter to scan all question text and third-party software dependencies before they reach your core models.
Cloudflare Radar data shows automated bot traffic now accounts for 57.5% of HTML webpage requests, surpassing human traffic for the first time in internet history, driven by surging agentic AI.