Cloudflare 2026 Threat Intelligence Report: Nation-State Actors and Cybercriminals Shift from 'Breaking In' to 'Logging In'
MWN-AI** Summary
Cloudflare's inaugural 2026 Threat Intelligence Report reveals significant shifts in cyberattack tactics, highlighting a transformation from "breaking in" to "logging in." The report suggests that the barriers to sophisticated cybercrime have diminished, allowing threat actors to leverage advanced technologies like AI for malicious purposes. According to Cloudflare, their global network blocks approximately 230 billion threats daily, underlining the heightened pace and complexity of attacks.
The report details an alarming trend where cybercriminals and nation-state actors employ DDoS attacks of unprecedented scale and turn to traditional weak points, such as email, to gain unauthorized access. Matthew Prince, Cloudflare's CEO, emphasizes that security strategies must now focus on verifying user identities within networks instead of merely keeping intruders out.
Key findings reveal that AI has significantly erased technical barriers to launching attacks. Hackers have utilized Large Language Models (LLMs) to conduct real-time network mapping and identify critical data, leading to extensive supply chain assaults. For example, state-sponsored actors are increasingly shifting their focus towards North American critical infrastructure, suggesting a move from broad attacks to more precise, persistent efforts.
Additionally, North Korean operatives are exploiting AI-generated deepfakes to infiltrate corporate environments, raising concerns over corporate identity hijacking. The report highlights record-breaking DDoS attacks reaching 31.4Tbps, necessitating fully autonomous defensive measures due to the overwhelming capabilities of emerging large-scale botnets.
Blake Darché, Head of Threat Intelligence at Cloudflare, underscores the evolving nature of threat tactics. Organizations are urged to adopt a proactive stance, relying on real-time intelligence to prevent being outpaced in a rapidly changing cyber landscape. Overall, the report serves as a crucial resource for understanding the contemporary state of cyber threats and emphasizes the need for robust defensive strategies.
MWN-AI** Analysis
The release of Cloudflare's 2026 Threat Intelligence Report highlights a significant evolution in cybersecurity threats, marking a shift from breaching systems to exploiting user credentials. For investors, understanding these dynamics is key to assessing the company’s growth potential and resilience in an increasingly hostile cyber landscape.
Cybercriminals, using advanced AI technologies, are now efficiently "logging in" rather than "breaking in," indicating a paradigm shift in tactics. This trend significantly escalates the risk profile for companies reliant on digital operations. Cloudflare reports blocking an average of 230 billion threats daily, a strong indication of their critical role in protecting businesses.
Investors should note several factors driving Cloudflare's value. First, the insight provided by the Cloudforce One threat research team empowers organizations to preemptively fortify their defenses. The growing dependence on their services creates a robust customer base, ensuring recurring revenue growth. Second, as cyberattacks become more sophisticated, the demand for advanced cybersecurity solutions is likely to rise, positioning Cloudflare as a leader in this domain.
However, the report also highlights challenges ahead. The unprecedented scale of DDoS attacks and the emergence of AI-driven tactics could pressure margins as Cloudflare may need to invest heavily in innovation and infrastructure to counter these threats effectively.
In conclusion, while Cloudflare's future appears promising, characterized by growing demand and a solid market position, investors should closely monitor the evolving threat landscape and the company’s ability to adapt. A balanced view considering both the opportunities for rapid growth and the inherent risks posed by increasingly sophisticated cyber threats will be crucial for investment decisions related to Cloudflare, Inc. (NYSE: NET).
**MWN-AI Summary and Analysis is based on asking OpenAI to summarize and analyze this news release.
New insights demonstrate that the barrier to entry for sophisticated cybercrime has collapsed
Cloudflare, Inc. (NYSE: NET), the leading connectivity cloud company, today published its inaugural 2026 Cloudflare Threat Report . This report draws on the expertise of the Cloudforce One threat research team and the scale of Cloudflare’s global network to spotlight a fundamental rewiring of the modern cyberattack. The data reveals that threat actors are using DDoS attacks of unprecedented scale, leveraging AI systems to exploit vulnerabilities, and continuing to strike at traditional weak spots like email to find ways to “log in” versus “break in.”
The 2026 report arms security teams against emerging threats, detailing the tactics and trends behind the 230 billion threats Cloudflare blocks on average each day. With AI making it easier for anyone to launch sophisticated attacks, threat actors are moving faster than ever. They are not just crashing websites; they are quietly infiltrating payroll systems and tricking software into trusting them. Security is no longer about keeping strangers out, it’s about proving that the users inside your network are who they say they are.
“Hackers thrive on the gaps left by fragmented, stale threat intelligence. At Cloudflare, we’ve built the largest and most comprehensive global sensor network that gives us a front-row seat to threats invisible to everyone else,” said Matthew Prince, co-founder and CEO of Cloudflare. "By sharing this intelligence with the world, we’re plugging the gaps and shifting the advantage back to the defenders. The result is a safer, more reliable Internet, where it is fundamentally more difficult and expensive for hackers to operate."
Over the past year, Cloudforce One has analyzed trillions of network signals and threat actor tactics, techniques, and procedures (TTPs) to uncover the most common attack vectors, nation-state espionage tactics, and the real-world impact of AI on cyberattacks. Key findings include:
- AI Erases the Technical Barrier to Entry to Launch Attacks: Threat actors are using Large Language Models (LLMs) to map networks in real-time, develop new exploits, and create hyper-realistic deepfakes. Cloudforce One tracked a threat actor who leveraged AI to help identify the location of high-value data. This allowed the actor to compromise hundreds of corporate tenants — high-volume SaaS applications that allow multiple organizations to share resources — in one of the most impactful supply chain attacks seen.
- Chinese Threat Actors Trade Broad Attacks for Precision Strikes : State-sponsored actors, specifically Salt Typhoon and Linen Typhoon, have shifted focus toward North American telecommunications, government entities, and IT services. These actors are shifting from traditional espionage to persistent pre-positioning — the act of installing code on the network or system of a rival state to allow for future attacks — within U.S. critical infrastructure.
- Corporate Identities are Being Hijacked: North Korean operatives are using AI-generated deepfakes and fraudulent IDs to bypass hiring filters, embedding state-sponsored workers directly into Western corporate payrolls. Using U.S.-based "laptop farms," these threat actors are masking their true location.
- DDoS Attacks Surpass Human Response Capabilities: Large-scale botnets like Aisuru have evolved into nation-state level threats capable of taking down entire country’s networks. With record-breaking attacks reaching 31.4 Tbps, these high-speed strikes now demand fully autonomous defenses.
“Threat actors are constantly changing tactics, finding new vulnerabilities to exploit and ways to overwhelm their victims. To avoid being caught off guard, organizations must shift from a reactive posture to one fueled by real-time, actionable intelligence,” said Blake Darché, head of threat intelligence, Cloudforce One at Cloudflare. “This report is a North Star for understanding the scale of attacks, and how threat actor aggression and techniques are shifting. The message to defenders is simple: lead with intelligence or risk falling behind in a race where the stakes have never been higher.”
To learn more about the 2026 Cloudforce One Threat Intelligence Report please check out the resources below:
About Cloudforce One
Driven by a mission to help defend the Internet, Cloudforce One leverages telemetry from Cloudflare’s global network, which protects approximately 20% of the web, to drive threat research and operational response, protecting critical systems for millions of organizations worldwide.
About Cloudflare
Cloudflare, Inc. (NYSE: NET) is the leading connectivity cloud company. It empowers organizations to make their employees, applications and networks faster and more secure everywhere, while reducing complexity and cost. Cloudflare’s connectivity cloud delivers the most full-featured, unified platform of cloud-native products and developer tools, so any organization can gain the control they need to work, develop, and accelerate their business.
Powered by one of the world’s largest and most interconnected networks, Cloudflare blocks billions of threats online for its customers every day. It is trusted by millions of organizations – from the largest brands to entrepreneurs and small businesses to nonprofits, humanitarian groups, and governments across the globe.
Learn more about Cloudflare’s connectivity cloud at cloudflare.com/connectivity-cloud . Learn more about the latest Internet trends and insights at https://radar.cloudflare.com .
Follow us: Blog | X | LinkedIn | Facebook | Instagram
Forward-Looking Statements
This press release contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended, which statements involve substantial risks and uncertainties. In some cases, you can identify forward-looking statements because they contain words such as “may,” “will,” “should,” “expect,” “explore,” “plan,” “anticipate,” “could,” “intend,” “target,” “project,” “contemplate,” “believe,” “estimate,” “predict,” “potential,” or “continue,” or the negative of these words, or other similar terms or expressions that concern Cloudflare’s expectations, strategy, plans, or intentions. However, not all forward-looking statements contain these identifying words. Forward-looking statements expressed or implied in this press release include, but are not limited to, statements regarding the capabilities and effectiveness of Cloudforce One and Cloudflare’s other products and technology, the benefits to Cloudflare’s customers from using Cloudforce One and Cloudflare’s other products and technology, Cloudflare’s plans and objectives for the 2026 Cloudflare Threat Report, Cloudflare’s global network, and Cloudflare’s products and technology, Cloudflare’s technological development, future operations, growth, initiatives, or strategies, and comments made by Cloudflare’s CEO, head of threat intelligence, and others. Actual results could differ materially from those stated or implied in forward-looking statements due to a number of factors, including but not limited to, risks detailed in Cloudflare’s filings with the Securities and Exchange Commission (SEC), including Cloudflare’s Annual Report on Form 10-K filed on February 26, 2026, as well as other filings that Cloudflare may make from time to time with the SEC.
The forward-looking statements made in this press release relate only to events as of the date on which the statements are made. Cloudflare undertakes no obligation to update any forward-looking statements made in this press release to reflect events or circumstances after the date of this press release or to reflect new information or the occurrence of unanticipated events, except as required by law. Cloudflare may not actually achieve the plans, intentions, or expectations disclosed in Cloudflare’s forward-looking statements, and you should not place undue reliance on Cloudflare’s forward-looking statements.
©2026 Cloudflare, Inc. All rights reserved. Cloudflare, the Cloudflare logo, and other Cloudflare marks are trademarks and/or registered trademarks of Cloudflare, Inc. in the U.S. and other jurisdictions. All other marks and names referenced herein may be trademarks of their respective owners.
View source version on businesswire.com: https://www.businesswire.com/news/home/20260303235760/en/
Cloudflare, Inc.
Daniella Vallurupalli
Vice President, Head of Global Communications
press@cloudflare.com
FAQ**
How does Cloudflare Inc - Class A NET plan to enhance its security measures in response to the unprecedented scale of DDoS attacks highlighted in the 2026 Threat Report?
Given the insights on AI's role in cyberattacks, what innovations is Cloudflare Inc - Class A NET exploring to counter AI-driven threat actor tactics mentioned in the recent report?
With threats from state-sponsored actors increasing, what strategies are in place at Cloudflare Inc - Class A NET to protect U.S. critical infrastructure from infiltration?
How does Cloudflare Inc - Class A NET aim to leverage its comprehensive global sensor network to improve real-time threat intelligence sharing as outlined in the 2026 Threat Report?
**MWN-AI FAQ is based on asking OpenAI questions about Cloudflare Inc - Class A (NYSE: NET).
NASDAQ: NET
NET Trading
4.43% G/L:
$202.38 Last:
2,072,564 Volume:
$192.19 Open:
