When you create a new Zero Trust organization, Cloudflare now adds the Cloudflare identity provider as your default login method. Previously, new organizations started with one-time PIN (OTP).
With the Cloudflare identity provider, your users authenticate using their existing Cloudflare account credentials, and authentication is restricted to members of your account. You can still add OTP or connect any third-party identity provider whenever you need to.
This change only applies to newly created accounts. Existing organizations keep the login methods they already have configured. If you would like to use the Cloudflare Identity Provider in an existing account, you must enable it.
exec()is now available for Containers. Usethis.ctx.container.exec()to start processes inside a running Container, stream standard input and output, inspect exit codes, and signal each process.Call
exec()from a class extendingContainer, or from another Durable Object throughthis.ctx.container. The associated Container must already be running.This example starts the Container when needed, then reads its Node.js version:
src/index.js import { Container } from "@cloudflare/containers";export class MyContainer extends Container {async readVersion() {if (!this.ctx.container.running) {await this.start();}const process = await this.ctx.container.exec(["node", "--version"]);const output = await process.output();const decoder = new TextDecoder();return {exitCode: output.exitCode,stdout: decoder.decode(output.stdout),stderr: decoder.decode(output.stderr),};}}src/index.ts import { Container } from "@cloudflare/containers";export class MyContainer extends Container {async readVersion() {if (!this.ctx.container.running) {await this.start();}const process = await this.ctx.container.exec(["node", "--version"]);const output = await process.output();const decoder = new TextDecoder();return {exitCode: output.exitCode,stdout: decoder.decode(output.stdout),stderr: decoder.decode(output.stderr),};}}The command array starts an executable directly, without an implicit shell. Invoke a shell explicitly for pipes, redirects, or variable expansion.
One RPC method can coordinate multiple
exec()calls in one caller-to-Durable Object round trip. It can also pass byte-orientedReadableStreaminput or return streamed output with flow control.For options and streaming examples, refer to Execute commands.
You can create PlanetScale Postgres and MySQL databases from Cloudflare and bill PlanetScale database usage through your Cloudflare account as a pay-as-you-go customer. Cloudflare contract customers will be able to add PlanetScale usage to their contract in July so reach out to your Cloudflare account team if interested.
Create a PlanetScale database from the Cloudflare dashboard to check out globally distributed Workers optimized for regional data access.
Go to Create a PlanetScale databasePlanetScale databases created from Cloudflare work with Workers through Hyperdrive. Hyperdrive manages database connection pools and query caching, so you can use PlanetScale as a centralized relational database for Workers applications without changing your database drivers, object-relational mapping (ORM) libraries, or SQL tooling.
PlanetScale usage appears on your Cloudflare invoice each billing period as a dollar total at PlanetScale's standard pricing ↗. You can introspect per-database billing usage via PlanetScale's dashboard ↗.
When you create a PlanetScale database from the Cloudflare dashboard, you receive the same PlanetScale developer experience, including development branches, query insights, and Model Context Protocol (MCP) server support for agents.
To get started, refer to PlanetScale Postgres and MySQL with Hyperdrive.
Radar has changed how it measures Workers AI model and task popularity.
Previously, popularity was based on the number of unique accounts running inferences against each model or task. It is now based on the number of inferences, giving a more representative view of actual usage volume. This change will affect all new measurements as well as historical data. As a result, the model and task distributions shown on Radar may differ from what you saw previously, and historical trends may shift accordingly.
The Workers AI model popularity ↗ chart shows the distribution of inferences across models.

The Workers AI task popularity ↗ chart shows the distribution of inferences across tasks.

The same data is available via the following API endpoints:
Explore the data on the AI Insights page ↗.
Cloudflare Fonts now forwards
/cf-fontsrequests to your origin server when it encounters invalid paths or unexpected runtime errors, instead of returning 4xx or 5xx responses directly. This update also adds additional input validation to enhance security.
You can now configure Artifacts namespaces, repos, and tokens directly from the Cloudflare dashboard.
Artifacts is Git-compatible storage that lets you store repos on Cloudflare and interact with them using standard Git workflows.
You can view and create namespaces, which are top-level containers for repos:

You can view, create, fork, and search repos within a namespace:

You can open a repo to view its files and copy its Git remote URL.

You can also provision tokens directly from the dashboard to scope Git access to a single repo, with read tokens for clone, fetch, and pull workflows, or write tokens when a client needs to push changes.
To get started, go to the Cloudflare dashboard ↗ and select Storage & databases > Artifacts.
If you are enrolled in the Artifacts beta, you can use the dashboard to set up Artifacts. If you would like to join the beta, complete the request form ↗.
Cloudflare now accepts ML-DSA ↗ (FIPS 204) post-quantum certificates on the connection between Cloudflare's edge and your origin server. Combined with our existing X25519MLKEM768 key agreement, this lets you establish end-to-end post-quantum authentication on the Cloudflare-to-origin connection.
ML-DSA is supported in two origin-facing features:
- Authenticated Origin Pulls (AOP) — upload an ML-DSA client certificate that Cloudflare will present during the mTLS handshake to your origin. Available at both zone-level and per-hostname scopes.
- Custom Origin Trust Store (COTS) — upload an ML-DSA certificate authority that Cloudflare will trust when validating your origin server certificate under Full (strict) encryption mode.
Refer to Post-quantum signatures for certificate generation and setup guidance, and to PQC in Cloudflare products for the current post-quantum deployment status across Cloudflare.
The latest release of the Agents SDK ↗ makes it easier to build agents that can safely interact with real systems and keep working through interruptions.
Agents can now browse websites through Browser Run, write code against external tools through Code Mode, use client-provided tools when delegating to Think sub-agents, and recover more reliably from deploys, Durable Object evictions, and connection churn.
Agents can now use Browser Run through a single durable
browser_executetool. Instead of choosing from a fixed list of actions, the model writes code against the Chrome DevTools Protocol (CDP) and can inspect pages, capture screenshots, read rendered content, debug frontend behavior, and interact with live browser sessions.JavaScript const browserTools = createBrowserTools({ctx: this.ctx,browser: this.env.BROWSER,loader: this.env.LOADER,session: { mode: "dynamic" },});TypeScript const browserTools = createBrowserTools({ctx: this.ctx,browser: this.env.BROWSER,loader: this.env.LOADER,session: { mode: "dynamic" },});Browser sessions can be one-time, reused, or promoted from one-time to persistent during a run. This is useful when an agent needs a human to log in, complete MFA, or approve a sensitive action. The run can pause, keep the same tabs and cookies, and resume after approval.
The browser tools also add Live View URLs, optional session recording, and quick actions such as
browser_markdown,browser_extract,browser_links, andbrowser_scrapefor one-shot browsing tasks.Code Mode now uses
createCodemodeRuntime, connectors, and a durable execution log. This lets you give a model onecodemodetool instead of a large prompt full of tool definitions. The model can discover the capabilities it needs, write code against typed globals, and reuse saved snippets.JavaScript const runtime = createCodemodeRuntime({ctx: this.ctx,executor: new DynamicWorkerExecutor({ loader: this.env.LOADER }),connectors: [new GithubConnector(this.ctx, this.env, connection)],});const result = streamText({model,messages,tools: { codemode: runtime.tool() },});TypeScript const runtime = createCodemodeRuntime({ctx: this.ctx,executor: new DynamicWorkerExecutor({ loader: this.env.LOADER }),connectors: [new GithubConnector(this.ctx, this.env, connection)],});const result = streamText({model,messages,tools: { codemode: runtime.tool() },});When the code reaches an approval-gated action, the runtime pauses execution and returns a pending approval. After approval, completed calls replay from the durable log, the approved action runs, and the same code continues. This makes it practical to build agents that create issues, update external systems, or perform other side effects without custom pause-and-resume logic for every tool.
Think sub-agents can now use client-defined tools over the RPC
chat()path. A parent agent can pass tool schemas withclientToolsand resolve tool calls throughonClientToolCall. This lets delegated agents use caller-provided capabilities without requiring a browser WebSocket.JavaScript await child.chat(message, callback, {signal,clientTools: [{name: "get_user_timezone",description: "Get the caller's timezone",parameters: { type: "object" },},],onClientToolCall: async ({ toolName, input }) => {return runClientTool(toolName, input);},});TypeScript await child.chat(message, callback, {signal,clientTools: [{name: "get_user_timezone",description: "Get the caller's timezone",parameters: { type: "object" },},],onClientToolCall: async ({ toolName, input }) => {return runClientTool(toolName, input);},});Think Workflows also improve
step.prompt(). A prompt step now runs a full agentic turn before returning structured output, so the agent can call tools before producing the typed result. This makes Workflow steps more useful for durable triage, research, and approval flows.The unified Think execute tool can also include
cdp.*browser capabilities alongsidestate.*andtools.*when Browser Run is bound.Voice clients can route assistant audio to a specific output device. Use
outputDeviceIdwithuseVoiceAgent, or callclient.setOutputDevice()from the framework-agnostic client.JavaScript const voice = useVoiceAgent({agent: "MyVoiceAgent",outputDeviceId: selectedSpeakerId,});TypeScript const voice = useVoiceAgent({agent: "MyVoiceAgent",outputDeviceId: selectedSpeakerId,});Browsers without speaker-selection support continue playing through the default output device and report a non-fatal
outputDeviceError.This release includes several fixes for production agents:
useAgentandAgentClienthandle WebSocket replacement more reliably during reconnects and configuration changes.- Chat stream replay is more reliable after reconnects, deploys, and provider errors.
- Fiber recovery continues across multi-pass scans and backs off when recovery hooks keep failing.
- Agent teardown continues even when the request that started teardown is canceled.
- Large session histories use byte-budgeted reads to reduce memory pressure during startup.
To update to the latest version:
npm i agents@latest @cloudflare/think@latest @cloudflare/codemode@latest @cloudflare/ai-chat@latest @cloudflare/voice@latestyarn add agents@latest @cloudflare/think@latest @cloudflare/codemode@latest @cloudflare/ai-chat@latest @cloudflare/voice@latestpnpm add agents@latest @cloudflare/think@latest @cloudflare/codemode@latest @cloudflare/ai-chat@latest @cloudflare/voice@latestbun add agents@latest @cloudflare/think@latest @cloudflare/codemode@latest @cloudflare/ai-chat@latest @cloudflare/voice@latestRefer to the Code Mode documentation, Browser tools documentation, Think tools documentation, and Voice documentation for more information.
These updates introduce new features for optimizing and manipulating with Images:
- New
compositeoption: Control how overlays are blended with the base image. - Percentage widths: Set the dimensions of an overlay as a fraction of the dimensions of the base image.
- New
fitmodes: Useaspect-cropto always preserve the target aspect ratio orscale-upto always enlarge images. - New
upscaleparameter: Apply AI upscaling to produce sharper, more detailed results when enlarging images.
- New
We are excited to announce GLM-5.2 on Workers AI, Z.ai's flagship agentic coding model.
@cf/zai-org/glm-5.2is a text generation model built for agentic coding workflows. With function calling and reasoning support, it can handle long codebases, multi-step planning, and tool-augmented agents.Key features and use cases:
- Agentic coding: Designed for autonomous coding tasks, long-horizon planning, and complex software engineering workflows
- Large context window: GLM-5.2 supports up to a 1,048,576 token context window. Workers AI is launching the model with a 262,144 token context window and plans to increase this in the future
- Function calling: Build agents that invoke tools and APIs across multiple conversation turns
- Reasoning: Tackles complex problem-solving and step-by-step reasoning tasks
Use GLM-5.2 through the Workers AI binding (
env.AI.run()), the REST API at/runor/v1/chat/completions, or AI Gateway.Pricing is available on the model page or pricing page.
VPC Network bindings now support the
connect()Socket API for raw TCP connections to private destinations, in addition to HTTP traffic viafetch().This means Workers can now open TCP sockets to any private service reachable through the bound Cloudflare Tunnel, Cloudflare Mesh, or Cloudflare WAN on-ramp — Redis, Memcached, MQTT, custom binary protocols, or any other TCP-based service.
JSONC {"$schema": "./node_modules/wrangler/config-schema.json","vpc_networks": [{"binding": "PRIVATE_NETWORK","network_id": "cf1:network","remote": true}]}TOML [[vpc_networks]]binding = "PRIVATE_NETWORK"network_id = "cf1:network"remote = trueAt runtime, use
connect()on the binding to open a TCP socket to a private destination:TypeScript export default {async fetch(request: Request, env: Env) {// Open a TCP connection to a private Redis instanceconst socket = await env.PRIVATE_NETWORK.connect("10.0.1.50:6379");// Write a Redis PING commandconst writer = socket.writable.getWriter();await writer.write(new TextEncoder().encode("PING\r\n"));await writer.close();return new Response(socket.readable);},};For more details, refer to VPC Networks and the Workers Binding API.
You can now create custom trace spans in your Workers code using
tracing.enterSpan(). Custom spans appear alongside the automatic platform instrumentation (fetch calls, KV reads, D1 queries, and other platform operations) in your traces and OpenTelemetry exports, with correct parent-child nesting.The API is available via
import { tracing } from "cloudflare:workers"or through the handler context asctx.tracing:TypeScript import { tracing } from "cloudflare:workers";export default {async fetch(request, env, ctx) {return tracing.enterSpan("handleRequest", async (span) => {span.setAttribute("url.path", new URL(request.url).pathname);const data = await env.MY_KV.get("key");return new Response(data);});},};Spans nest automatically based on the JavaScript async context, and are auto-ended when the callback returns or its returned promise settles. The
Spanobject providessetAttribute(key, value)for attaching metadata and anisTracedproperty to check whether the current request is being sampled.
Tracing must be enabled in your Wrangler configuration for spans to be recorded.
For full API details and examples, refer to Custom spans.
You can now match incoming requests against Cloudforce One threat intelligence in your WAF rules. A new detection looks up the client IP address of each request against the threat intelligence database. If the IP was involved in threat activity in the past seven days, Cloudflare populates
cf.intel.ip.*fields that you can use in custom rules and rate limiting rules.The detection populates the following fields. Use the
any()function with the[*]wildcard to match array values:cf.intel.ip.datasets— the dataset that flagged the IP address (ddosorwaf).cf.intel.ip.target_industries— industries the IP address has targeted.cf.intel.ip.attacker_names— known threat actors associated with the IP address.cf.intel.ip.attacker_countries— source countries of the threat activity.cf.intel.ip.target_countries— countries the IP address has targeted.
For example, the following custom rule expression blocks requests from IP addresses associated with DDoS activity that have targeted France:
any(cf.intel.ip.target_countries[*] == "FR") and any(cf.intel.ip.datasets[*] == "ddos")These fields work with the Cloudflare API and Terraform. Matches are logged in Security Analytics.
The threat intelligence detection is available to customers with an active Cloudforce One subscription. For more information, refer to Threat intelligence.
This week's release introduces new managed protection to address a critical SQL injection vulnerability in Ghost CMS (CVE-2026-26980) and a new generic rule designed to identify and block sophisticated SQL Injection (SQLi) bypass attempts leveraging obfuscated boolean logic. These rules protect affected installations from unauthorized data exfiltration at the network edge.
Key Findings
- CVE-2026-26980: A blind SQL injection vulnerability in the Ghost CMS Content API (versions 3.24.0 to 6.19.0) allows unauthenticated remote attackers to inject malicious SQL commands via query parameters due to improper input validation.
Ruleset Rule ID Legacy Rule ID Description Previous Action New Action Comments Cloudflare Managed Ruleset N/A Ghost CMS - SQLi - CVE:CVE-2026-26980 Log Block This is a new detection.
Cloudflare Managed Ruleset N/A SQLi - Obfuscated Boolean - URI Log Disabled This is a new detection.
AI Gateway logs now capture the user agent of the client that made each request, making it easier to identify which SDK, library, or application sent the traffic flowing through your gateway. For example, you can tell apart requests coming from
openai-pythonversus a custom application or a Cloudflare Worker.The user agent appears alongside the other details in each log entry, and you can filter logs by user agent (equals, does not equal, or contains) in the dashboard.
For more information, refer to Logging.
You can now filter the Metrics tab for a Durable Objects namespace by an individual Durable Object's ID or name in the Cloudflare dashboard. Previously, metrics charts only showed aggregate, namespace-level data, making it difficult to isolate the behavior of a specific object.
Go to Durable Objects
Start typing an ID or name into the filter and select a match from the autocomplete dropdown. The autocomplete only shows objects with invocations during the selected time range, so an object that does not appear has not been invoked in that window. This does not necessarily mean the object has been deleted. Every chart on the page updates to reflect only the selected object. This makes it easier to identify and investigate a single Durable Object when debugging a high-traffic object, an error spike, or unexpected storage usage. Clear the filter to return to namespace-level metrics.
Metrics are powered by the GraphQL Analytics API, so standard analytics behavior such as ingestion delay and sampling applies.
For more information, refer to Metrics and analytics.
Cloudflare's Terraform v5 Provider makes it easy for developers to manage their Cloudflare infrastructure using a configuration as code approach. It releases every 2-3 weeks ↗ to ensure that you can always manage the latest features in the platform. This week, we launched Terraform v5.20.0, which adds 24 new resources, bumps the underlying Go SDK to cloudflare-go v7, and includes a range of bug fixes and state upgraders based on community feedback.
- cloudflare_ai_search_namespace: Manage AI Search namespaces
- cloudflare_custom_csr: Manage custom certificate signing requests
- cloudflare_dls_prefix_binding: Manage DLS regional service prefix bindings
- cloudflare_flagship_app: Manage Flagship feature flag apps
- cloudflare_flagship_flag: Manage Flagship feature flags
- cloudflare_google_tag_gateway: Manage Google Tag Gateway
- cloudflare_load_balancer_monitor_group: Manage load balancer monitor groups
- cloudflare_oauth_client: Manage IAM OAuth clients
- cloudflare_origin_cloud_region: Manage origin cloud regions (v2 endpoints)
- cloudflare_secrets_store: Manage Secrets Store instances
- cloudflare_secrets_store_secret: Manage Secrets Store secrets
- cloudflare_share: Manage resource shares
- cloudflare_share_recipient: Manage share recipients
- cloudflare_share_resource: Manage shared resources
- cloudflare_zero_trust_device_deployment_groups: Manage Zero Trust device deployment groups
- cloudflare_zero_trust_dlp_data_class: Manage DLP data classes
- cloudflare_zero_trust_dlp_data_tag: Manage DLP data tags
- cloudflare_zero_trust_dlp_data_tag_category: Manage DLP data tag categories
- cloudflare_zero_trust_dlp_sensitivity_group: Manage DLP sensitivity groups
- cloudflare_zero_trust_dlp_sensitivity_level: Manage DLP sensitivity levels
- cloudflare_zero_trust_dlp_sensitivity_level_order: Manage DLP sensitivity level ordering
- cloudflare_zero_trust_resource_library_application: Manage Zero Trust resource library applications
- cloudflare_zero_trust_resource_library_category: Manage Zero Trust resource library categories
- cloudflare_zero_trust_tunnel_warp_connector_config: Manage WARP connector tunnel configurations
- cache: add create (POST) method for smart_tiered_cache
- cache: update OPCR config to v2 endpoints
- dlp: promote classification Stainless config to main
- dlp: add custom prompt topics endpoint
- email_security_block_sender: state upgrader for v4 to v5 migration
- email_security_impersonation_registry: state upgrader for v4 to v5 migration
- email_security_trusted_domains: state upgrader for v4 to v5 migration
- snippets: add Terraform
id_propertyannotations for snippet and snippet_rules - bump Go SDK to cloudflare-go v7
- account_member: missing upgrade path from v5.0–v5.15
- authenticated_origin_pulls_settings: nil pointer panic
- bot_management: restore
content_bots_protectionhandling in model.go - dns_record: prevent FQDN normalization from swallowing name shortening changes
- list: nullify empty nested objects to prevent inconsistent result after apply
- load_balancer_pool: accept early-v5 object-shape state at schema_version=0
- load_balancer_pool: add
UseStateForUnknownforload_sheddingattribute to prevent drift - r2_custom_domain: restore degraded-response handling in resource.go
- regional_hostname: update cloudflare-go imports from v6 to v7
- secrets_store: fix model/schema parity and guard acceptance tests
- spectrum_application: accept early-v5 object-shape state at schema_version=0
- worker: preserve
observability.traces.propagation_policyacross reads - worker: add
propagation_policyto observability defaults - worker_version: restore handwritten D1
database_idhandling - workers_custom_domain: missing
CertIdfield in state migration - workers_script: restore annotations Read workaround stripped by codegen
- zero_trust_access_identity_provider: change
read_onlyfrom computed to optional - zero_trust_access_identity_provider: add
UseStateForUnknownto SAML-only config fields - zero_trust_access_identity_provider: use
UseNonNullStateForUnknownon scim_config fields - zero_trust_access_policy: populate
account_idwhen migrating zone-scoped v4 state - zero_trust_access_policy: missing
common_namestransform in migration - gracefully handle nil pointer dereference when config has
attributes_flatduring migration - set initial schema version to 500 for all new resources
Extracted
MoveStatenil guard into shared helper
@cf/moonshotai/kimi-k2.7-codeis now available on Workers AI. Kimi K2.7 Code is a code-optimized variant of the Kimi K2 family, built on a Mixture-of-Experts architecture with 1T total parameters and 32B active per token.K2.7 Code delivers meaningful gains over K2.6 on coding and agentic benchmarks:
- +21.8% on Kimi Code Bench v2
- +11.0% on Program Bench
- +31.5% on MLS Bench Lite
K2.7 Code uses 30% fewer reasoning tokens compared to K2.6, reducing overthinking and lowering inference cost for reasoning-heavy workloads.
- 262.1k token context window for retaining full conversation history, tool definitions, and codebases across long-running agent sessions
- Long-horizon coding with improved instruction following and higher end-to-end coding task success rates
- Vision inputs for processing images alongside text
- Thinking mode with configurable reasoning depth via
chat_template_kwargs.thinking - Multi-turn tool calling for building agents that invoke tools across multiple conversation turns
- Structured outputs with JSON schema support
If you are migrating from Kimi K2.6, note the following:
- K2.7 Code is optimized for coding tasks with improved benchmark performance and reasoning efficiency
- Cached input token pricing is $0.19 per M tokens (vs $0.16 for K2.6)
- API usage is identical — no parameter changes required
Use Kimi K2.7 Code through the Workers AI binding (
env.AI.run()), the REST API at/ai/run, or the OpenAI-compatible endpoint at/v1/chat/completions. You can also use AI Gateway with any of these endpoints.For more information, refer to the Kimi K2.7 Code model page and pricing.
Browser Run's
/snapshotendpoint now supports aformatsparameter that lets you return multiple page formats in a single API call. Previously,/snapshotreturned only HTML content and a screenshot. You can now also include Markdown and the accessibility tree in the same response.These formats are particularly useful for AI agent workflows:
- Markdown provides a token-efficient representation of page content that LLMs can process directly, without parsing HTML markup.
- The accessibility tree provides a structured representation of a page's elements, including roles, labels, and hierarchy, helping LLMs understand page structure and navigate its contents.
The following example returns a screenshot, Markdown, and the accessibility tree in one call:
Terminal window curl -X POST 'https://api.cloudflare.com/client/v4/accounts/<accountId>/browser-rendering/snapshot' \-H 'Authorization: Bearer <apiToken>' \-H 'Content-Type: application/json' \-d '{"url": "https://example.com/","formats": ["screenshot", "markdown", "accessibilityTree"]}'TypeScript import Cloudflare from "cloudflare";const client = new Cloudflare({apiToken: process.env["CLOUDFLARE_API_TOKEN"],});const snapshot = await client.browserRendering.snapshot.create({account_id: process.env["CLOUDFLARE_ACCOUNT_ID"],url: "https://example.com/",formats: ["screenshot", "markdown", "accessibilityTree"],});console.log(snapshot.markdown);console.log(snapshot.accessibilityTree);TypeScript interface Env {BROWSER: BrowserRun;}export default {async fetch(request, env): Promise<Response> {return await env.BROWSER.quickAction("snapshot", {url: "https://example.com/",formats: ["screenshot", "markdown", "accessibilityTree"],});},} satisfies ExportedHandler<Env>;You must request at least two formats. If you only need one, use the respective single-format endpoint such as
/screenshotor/markdown.Refer to the
/snapshotdocumentation for the full list of accepted values.
You can now define custom topics for AI prompt protection. Predefined AI prompt topics cover common content and intent categories such as PII, source code, and jailbreak attempts. Custom topics let you detect unique or proprietary concepts that are not included in predefined categories.
You describe a custom topic in natural language, and Cloudflare DLP detects whether a prompt matches that topic based on context rather than specific keywords. For example, a topic that describes confidential merger discussions matches a prompt that paraphrases the deal, even when the prompt never uses the word merger or names the companies involved. To detect literal values such as internal codenames or product identifiers, use a custom wordlist or pattern entry instead.
Custom topics run through the same application granular controls path as predefined AI prompt topics. Custom topics are available for ChatGPT, Google Gemini, Perplexity, and Claude.
- In the Cloudflare dashboard ↗, go to Zero Trust > Data loss prevention > Detection entries.
- Select AI prompt topics, then select Custom Prompt Topic.
- Describe the topic in natural language. Be specific about the concept you want to detect. For example, describe unreleased product roadmap details or confidential customer contract terms.
- Add this detection entry to an existing DLP profile, or create a new DLP profile.
- Use the profile in a Gateway HTTP policy to log or block prompts that match the topic.
For more information, refer to AI prompt topics.

Customers can now view the number of Dynamic Workers invoked during their billing period from the Workers overview page in the Cloudflare dashboard.
This count reflects the number of Dynamic Workers that Cloudflare would bill for during the selected billing period. Dynamic Workers usage data only goes back to June 1, 2026.
You can also query this count through the GraphQL Analytics API by using
workersInvocationsByOwnerAndScriptGroupsand selectingdistinctDynamicWorkerCount:query getDynamicWorkersCount($accountTag: string!$filter: AccountWorkersInvocationsByOwnerAndScriptGroupsFilter_InputObject) {viewer {accounts(filter: { accountTag: $accountTag }) {workersInvocationsByOwnerAndScriptGroups(limit: 10000, filter: $filter) {uniq {distinctDynamicWorkerCount}}}}}Use variables to set the account and billing-period date range:
{"accountTag": "<ACCOUNT_ID>","filter": {"date_geq": "2026-06-01","date_leq": "2026-06-30"}}For more information, refer to Dynamic Workers pricing.
AI Search now supports namespace-level Wrangler commands, making it easier to manage namespaces from your terminal, scripts, and agent workflows.
The following commands are available:
Command Description wrangler ai-search namespace listList AI Search namespaces wrangler ai-search namespace createCreate a new AI Search namespace wrangler ai-search namespace getGet details for a namespace wrangler ai-search namespace updateUpdate a namespace description wrangler ai-search namespace deleteDelete an AI Search namespace Create a namespace for a new application or tenant directly from the CLI:
Terminal window wrangler ai-search namespace create docs-production --description "Production documentation search"List namespaces with pagination or filter by name or description:
Terminal window wrangler ai-search namespace list --search docs --page 1 --per-page 10Use
--jsonwithlist,create,get, andupdateto return structured output that automation and AI agents can parse directly.Instance-level commands also now support a
--namespaceflag, so you can interact with instances inside a specific namespace from the CLI:Terminal window wrangler ai-search list --namespace docs-productionFor full usage details, refer to the AI Search Wrangler commands documentation.
Cloudflare now enforces DNS records quotas at the account level for Enterprise accounts. Instead of a per-zone limit, these accounts have a quota on the total number of records across all of their zones, letting you distribute records across your zones however you like — regardless of each zone's plan. Public and internal zones are counted separately, each with a default quota of 1,000,000 records.
Accounts without an account-level quota are unaffected: existing per-zone quotas behave exactly as before.
For more details, refer to DNS records quota.
The Flagship API reference is now available. You can use the Cloudflare API to create and update apps, and to create, update, delete, and list feature flags without using the dashboard.
For example, create a new boolean flag with the API:
Terminal window curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/flagship/apps/$APP_ID/flags \-H "Content-Type: application/json" \-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \-d '{"key": "new-checkout","enabled": true,"default_variation": "off","variations": {"off": false,"on": true},"rules": []}'To create an API token, go to Account API Tokens ↗ in the Cloudflare dashboard and search for Flagship.
The API reference includes endpoints for Flagship apps, flags, changelog entries, and flag evaluation. Agents can also use the Flagship reference in the Cloudflare skill ↗ to create and manage Flagship resources.
Refer to the Flagship documentation to learn more about evaluating feature flags from your applications.
Use the Images binding to upload, list, retrieve, update, and delete images stored in Images directly from your Worker without managing API tokens or making HTTP requests.
The
env.IMAGES.hostednamespace supports the following storage and management operations:.upload(image, options)— Upload a new image to your account..list(options)— List images with pagination..image(imageId).details()— Get image metadata..image(imageId).bytes()— Stream the original image bytes..image(imageId).update(options)— Update metadata or access controls..image(imageId).delete()— Delete an image.
For example, you can upload an image from a request body and return its metadata:
TypeScript const image = await env.IMAGES.hosted.upload(request.body, {filename: "upload.jpg",metadata: { source: "worker" },});return Response.json(image);Or retrieve and serve the original bytes of a hosted image:
TypeScript const bytes = await env.IMAGES.hosted.image("IMAGE_ID").bytes();return new Response(bytes);For more information, refer to the Images binding.