Cloudflare

Overview

Cloudflare is a large internet infrastructure and security company that appears in these newsletter mentions primarily in two roles: as a platform vendor shipping developer-facing runtime and web tooling, and as an enterprise security partner testing advanced AI systems for vulnerability discovery. For AI Product Managers, Cloudflare matters because it sits at the intersection of infrastructure, performance, security, and developer experience—areas where AI is increasingly being used not just for coding assistance, but for platform adaptation, security testing, and operational automation.

In the recent coverage, Cloudflare serves as a concrete example of enterprise-scale software security exposure under Anthropic's Project Glasswing, where it reported large volumes of discovered bugs, including hundreds classified as high or critical severity. It also shows up in product and ecosystem experimentation: exposing DNS APIs that developers can build on, and using AI to accelerate compatibility work around frameworks like Next.js. Taken together, Cloudflare is a useful reference point for AI PMs evaluating how frontier models affect software development velocity, infrastructure portability, and security workflows.

Key Developments

• 2026-03-03 — Cloudflare was highlighted for using AI to recreate the Next.js API on V as V-Next in just three days, reportedly reaching 94% API coverage and enabling Next.js apps on Cloudflare Workers with up to 4.4× faster builds and 57% smaller bundles.
• 2026-03-23 — Simon Willison used Cloudflare's CORS-enabled JSON API for 1.1.1.1 to build a DNS lookup UI with Claude Code, demonstrating how Cloudflare infrastructure can become part of lightweight AI-assisted developer tooling.
• 2026-05-19 — As part of Project Glasswing, Cloudflare ran Anthropic's Mythos Preview across more than fifty internal repositories and found the model could chain multiple low-severity primitives into working exploits, while also autonomously writing, compiling, running, and iterating on proof-of-concept exploit code.
• 2026-05-23 — In Anthropic's initial Project Glasswing update, Cloudflare reported around 2,000 bugs, including 400 high/critical-severity issues, making it one of the clearest examples in the newsletter of AI materially increasing bug-finding throughput in enterprise software security.

Relevance to AI PMs

1. AI-native security workflows are becoming operational, not experimental. Cloudflare's Project Glasswing results suggest that frontier models can surface vulnerabilities at a scale that shifts the bottleneck from finding bugs to triage, disclosure, and remediation. AI PMs building devtools, platform products, or internal copilots should plan for workflow design around human review, severity classification, and patch management.

2. AI can accelerate platform compatibility and migration work. The V-Next example shows how AI can be used to reproduce or adapt framework APIs quickly, potentially changing timelines for ecosystem support, developer onboarding, and runtime portability. AI PMs should think about where model-assisted code generation can compress roadmap items that were previously considered too expensive.

3. Infrastructure APIs become more valuable when paired with AI-assisted interfaces. The 1.1.1.1 DNS UI example is a reminder that well-exposed APIs can be rapidly turned into useful end-user tools with coding agents like Claude Code. For AI PMs, this means product value may increasingly come from making systems easy for models to query, combine, and present—not just easy for humans to program manually.

Related

• Anthropic — Connected through Project Glasswing and Mythos Preview, which Cloudflare used for large-scale vulnerability discovery.
• Project Glasswing — The security initiative where Cloudflare surfaced a significant number of bugs across internal codebases.
• mythos-preview — The Anthropic model variant used by Cloudflare in Glasswing testing.
• claude-code — Mentioned in connection with developer tooling built on top of Cloudflare's DNS API.
• 1111 — Refers to Cloudflare's 1.1.1.1 resolver service, which exposed the JSON API used in the DNS lookup example.
• nextjs — Cloudflare was discussed in the context of reproducing Next.js API compatibility for its platform.
• v-next — The AI-assisted Cloudflare effort to rebuild Next.js API support on V.
• v-next — Central to the newsletter's portrayal of Cloudflare using AI for rapid framework adaptation.
• vit and rolldown — Related ecosystem entities that may matter in adjacent build tooling and runtime discussions, though their relationship here is indirect.
• mythos-preview and project-glasswing together frame Cloudflare as a case study in enterprise AI security operations rather than just infrastructure delivery.