Cloudflare Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

Cloudflare Issues Reports

Latest outage, problems and issue reports in social media:

• 
  Res (@lavenderleaf86) reported 2 minutes ago

  @Cloudflare @CloudflareHelp @CloudflareDev I'm migrating a client to Cloudflare, but when he tried creating an account w/ his Gmail it gave an error & said to contact support. Which he can't because it requires an account... He sent an email 2 days ago w/ no response. What to do?

• 
  Andrew Scofield (@hyperserif) reported 7 minutes ago

  Spent a couple hours debugging a new app not working in production on Cloudflare workers. I'm still a little confused on the fix to be honest, but it appears that if you enter your environment variables in the dashboard and then run wrangler deploy from your local machine it will wipe out some but not all of those ones you entered in the dashboard. Maybe it only wipes out the ones that are plain text? I don't know. It was dumb, its working now, I'm not sure what to do next time.

• 
  Hacksore (@Hacksore) reported 8 minutes ago

  No WAF No gRPC/protobufs No Kubernetes No service mesh No 17 layers of observability (Jaeger + Prometheus + Grafana + OpenTelemetry + whatever new **** dropped this week) No "eventually consistent" 8 microservices with Kafka between them No Cloudflare + 3 CDNs + edge functions No "we use hexagonal architecture" No Terraform for 47 resources No "left shift security" bullshit yeah it's not that complicated

• 
  0noise (@0noisee) reported 11 minutes ago

  Netease Qiyu AI customer service platform hits Cloudflare Radar #2 with 27% traffic surge

• 
  A Sayeed (@asayeed95) reported 11 minutes ago

  Cloudflare Workers: zero cold starts, runs at the edge globally. For a voice API, cold starts are fatal. A 500ms init on first request breaks the caller experience. Workers never have that problem.

• 
  Jay (@_JayTheDev) reported 12 minutes ago

  @sitehostnz Any ideas on the source of the attack? Would cloudflare help?

• 
  The_Daniel (@dan_mwita8) reported 13 minutes ago

  @SidJain_80 Implement connection pooling with a strict limit and fail gracefully when you hit it , but the real protection is preventing the thundering herd from reaching your auth service simultaneously. Three layers to add: Rate limiting at the edge. Cloudflare, AWS WAF, or your load balancer should throttle reconnection attempts before they reach your infrastructure. Not blocking but just queuing and spreading them over time. Millions of reconnects compressed into seconds becomes millions spread over a minute. Your auth service goes from drowning to being busy. Client-side exponential backoff with jitter. Every disconnected client shouldn't immediately retry on reconnect. They should wait a random amount of time ,backoff factor multiplied by jitter , before attempting. This naturally spreads the reconnection load across seconds instead of milliseconds. Without jitter, all clients retry simultaneously and you still get the thundering herd. Auth service circuit breaker. When database connection pool hits capacity, stop accepting new requests immediately. Return a 503 Service Unavailable with a Retry-After header instead of queuing connections that will timeout anyway. Clients get a clear signal to back off and retry later. This prevents the cascade where pending requests keep accumulating and consuming resources. The deeper issue is that connection pooling alone doesn't protect you , it just formalizes the limit you'll hit. The protection is architecture that spreads load over time instead of allowing simultaneous reconnects to pile up.

• 
  ReflectiveRuby 🇺🇦 🇵🇸 🇸🇩 🇨🇩 🇻🇪 (@ReflectiveRuby2) reported 18 minutes ago

  @zunzetrider Have you never seen fake Cloudflare verifications that run PowerShell scripts? They've been getting people for a while.

• 
  𝙁𝙧𝙤𝙨𝙩 (@FroITIA) reported 18 minutes ago

  @Paul_eth01 @openclaw wow that's insane what did he build exactly openai must be impressed vienna devs are next level this story is wild cloudflare stock moving legal teams scared 60 days to openai retired dev legend breaking it down this week

• 
  Yash Daftary (@YDaftary) reported 20 minutes ago

  The last week was brutal for thousands of people due to layoffs. • Meta laid off 8,000 employees ~ 10% of their global workforce • Cloudflare axed 1,100 employees ~ 20% of their headcount • Bolt fired their entire HR department The pattern is concerning and the future is uncertain as companies adopt AI and make their workflows efficient. While layoffs have been a growing trend, the boom in internet businesses cannot be ignored. I say this because I see it happening at @FanBasisInc, we have noticed an increase in new sellers over the past few months. And it's not slowing down, the internet economy is expected to grow to $16.5 trillion by 2028. Every wave of layoffs create the next class of internet entrepreneurs.

• 
  John Iosifov ✨💥 Ender Turing | AiCMO (@johniosifov) reported 24 minutes ago

  In May 2026 alone, NVIDIA, SAP, Google, ServiceNow, Deel, and Cloudflare all launched agentic platforms. Not "agent features." Platforms. With governance layers, multi-agent orchestration, and enterprise-scale deployment infrastructure. This matters more than the individual announcements. The infrastructure is finalizing. For two years, the conversation was "agents are promising but not production-ready." The bottleneck was always the same: models could do the task in demos, but you couldn't deploy them reliably at scale with proper auditing, governance, and cross-system integration. That's what May 2026 addressed. Simultaneously. Across the biggest vendors in enterprise software. SAP Joule now orchestrates 200+ specialized agents across finance, supply chain, HR, and procurement. NVIDIA and ServiceNow shipped Project Arc — an autonomous desktop agent with always-on observability and policy-based governance. Google released a full enterprise agent platform for building, deploying, scaling, and governing agents. Cloudflare rolled out dynamic workflows for durable execution across millions of unique agent runs at near-zero idle cost. These aren't the same announcement. They're different layers of the same infrastructure stack: - Model layer: agents can do the work - Execution layer: agents run reliably at scale (Cloudflare) - Governance layer: agents are auditable and compliant (NVIDIA/ServiceNow) - Domain layer: agents know the business context (SAP, Deel) - Platform layer: agents can be built and deployed without custom engineering (Google) When all five layers ship in the same month, that's not coincidence. That's industry convergence. 57% of enterprises already have agents in production. In 12 months, that number is going to look very different. The agents are ready. The infrastructure is ready. The only remaining variable is whether your organization figured out the governance problem before the opportunity passed. If your pilot is still "exploring," you're not running an experiment anymore. You're watching others capture the market.

• 
  Ahmed Moubtahij (@ahmed_moubtahij) reported 24 minutes ago

  @steipete @Cloudflare I can't help but wonder what kind of LLM problems bust the compute that even you have access to. I can't help but wonder if there are efficiency gains on the table that are just not a consideration anymore.

• 
  CliffDoesAI (@CliffDoesAI) reported 25 minutes ago

  Anthropic just confirmed something that should change how every builder ships code. Claude Mythos Preview — their unreleased frontier model — found over 10,000 high- or critical-severity vulnerabilities in production software in one month. Cloudflare alone found 2,000 bugs across their critical-path systems. The false positive rate was lower than human testers. Read that again. A model that isn't even publicly available yet is outperforming security teams on bug discovery. But here's what nobody's talking about: the bottleneck moved. Finding bugs used to be the hard part. Now AI is finding them faster than humans can patch them. Anthropic said it directly: "Progress on software security used to be limited by how quickly we could find new vulnerabilities. Now it's limited by how quickly we can verify, disclose, and patch." The numbers back this up. 530 high- or critical-severity bugs disclosed to maintainers. Only 75 patched so far. The average patch time is two weeks. Some open-source maintainers asked Anthropic to slow down the disclosures because they physically can't keep up. This is the real AI adoption pattern nobody talks about: the tool works great at step one, and immediately overloads step two. You don't have a finding-vulnerabilities problem anymore. You have a triage-and-fix problem. I see the same thing with AI coding agents. Claude Code and Codex can generate PRs faster than I can review them. The bottleneck shifts from "write the code" to "decide if the code is right." If you're building with AI agents right now, here's what the Glasswing pattern teaches: First, invest in your review infrastructure before you invest in more agent capability. The model that generates 10 PRs an hour is useless if you can only review 2. Second, automated triage matters more than automated creation. Anthropic is now shipping skills, a subagent harness, and a threat model builder to their enterprise customers — not to find more bugs, but to handle the flood of findings they already have. Third, the companies that win will be the ones with the cleanest approval gates, not the biggest compute budgets. Anthropic is also making real moves here — Claude Security is in public beta, they've launched a Cyber Verification Program for security pros, and they're shipping the actual tools their partners used with Mythos. Skills, automated triage, threat model building. The AI security arms race is already asymmetric. Defenders who adopt these tools now get months or years of advantage before attackers catch up. What's your patch cycle look like when AI finds 100 bugs a day in your codebase?

• 
  Mike Gannotti (@MichaelGannotti) reported 26 minutes ago

  THE HOOK Anthropic's Project Glasswing just dropped its first update, and the headline number is staggering: Claude Mythos Preview has found more than 10,000 high- or critical-severity vulnerabilities in system-critical software — in one month. Cloudflare alone flagged 2,000 bugs (400 high/critical). Mozilla patched 271 Firefox vulnerabilities, 10x what the previous Claude model caught. This isn't a lab demo. This is production software that runs the internet. But the real story isn't the discovery rate. It's the patching rate. THE INTERPRETATION The data reveals something the headline misses: of the 23,019 total vulnerabilities Mythos found across 1,000+ open-source projects, only 97 have been patched. Not 97%. Ninety-seven total. Of 530 high/critical bugs disclosed to maintainers, only 75 are patched. Only 65 have public advisories. Let me put that in perspective: Anthropic's AI is uncovering vulnerabilities roughly 10x faster than the security ecosystem can fix them. The 90.6% true-positive rate is impressive — this isn't noise. But the funnel from discovery → triage → disclosure → patch is collapsing under volume. Several open-source maintainers have asked Anthropic to slow down disclosures because they can't keep up. Think about that: the defensive AI is outpacing the human defensive capacity, and the humans are asking it to stop telling them what's broken. THE IMPLICATION This is the most concrete example yet of what I'd call the "asymmetric capability gap" in AI. Finding bugs is an O(n) problem at the frontier — you throw more compute at scanning, you find more bugs. Fixing them is an O(n²) social coordination problem — every patch requires human review, architectural judgment, backward compatibility decisions, regression testing, and coordinated deployment across thousands of dependent systems. For business leaders building with AI, the implication is direct: your security posture can no longer assume that undiscovered vulnerabilities are your main risk. The risk is now *known but unpatched* vulnerabilities. The attack surface isn't shrinking — it's being illuminated faster than it's being contracted. Three concrete actions: 1. Shorten your patch cycles now. Microsoft and Palo Alto Networks are already shipping 5x more patches per release cycle. If your organization's patch SLA is 30 days, it needs to be 7. If it's 7, it needs to be 24 hours for criticals. 2. Invest in the boring fundamentals. Anthropic's own recommendation — MFA, hardened configurations, comprehensive logging — isn't new advice. But it hits differently when you realize that thousands of zero-days are being discovered monthly, and most won't have patches available before the 90-day disclosure window opens. 3. Audit your dependency tree ruthlessly. The open-source projects Mythos scanned underpin most enterprise stacks. If you're running unpatched versions of common libraries, you should assume the vulnerability is known to someone — it's just not known to you yet. THE COUNTERPOINT Here's what Anthropic's post carefully avoids saying: they're creating the problem and selling the solution. Mythos Preview isn't public — it's gated behind Project Glasswing partnerships. But Anthropic explicitly acknowledges that "models with similar cybersecurity skills will soon be more broadly available." GPT-5.5 already benchmarks close on ExploitBench. The defensive advantage of Glasswing is temporary by design. More importantly, the 90-day coordinated vulnerability disclosure window was designed for a world where vulnerabilities are rare and discovery is expensive. That model breaks when an AI can enumerate thousands of bugs in a month. The entire CVD framework — which balances disclosure timing between finders and vendors — assumes a trickle, not a firehose. Nobody has proposed a replacement framework that works at this volume. And there's an uncomfortable question Anthropic doesn't address: if Mythos-class capabilities will soon be available to attackers, is the net effect of publishing 10,000 vulnerability locations positive or negative during the window where only 97 are patched? Anthropic's answer is clearly "the knowledge helps defenders," but right now the ratio of discovered-to-patched vulnerabilities suggests defenders can't act on the knowledge fast enough. THE BOTTOM LINE AI has fundamentally broken the economics of vulnerability discovery. Finding bugs used to be the hard part; fixing them was routine. Now finding is cheap and fixing is the bottleneck. Every organization's security strategy needs to invert: stop optimizing for threat detection (the AI has that covered) and start optimizing for patch velocity and blast-radius reduction (the part humans still own). The companies that survive the next 18 months won't be the ones with the best threat intel — they'll be the ones with the fastest remediation cycles. #ProjectGlasswing #AICybersecurity #VulnerabilityManagement

• 
  drumiskl.algo (@Drumiskl) reported 26 minutes ago

  @SmashNiKeR @RealAllinCrypto @itsmejeremy77 And when Cloudflare was down, none of the ICP websites were working.