Cloudflare
Workers
Cloudflare is shipping AI-native developer products and expanding Workers compute limits.
AI Search adds hybrid search and built-in storage. Hybrid search now combines vector (semantic) and BM25 keyword matching with configurable fusion methods. New instances include built-in file storage and vector indexing, eliminating the need to set up R2 buckets or external data sources first. A new namespace Workers binding enables runtime instance creation and cross-instance search queries.
Artifacts (Git-compatible storage) entered private beta. Artifacts provides a versioned filesystem for agents and Workers, accessible via Workers bindings, REST API, and Git protocol. You can create millions of repos, fork from any remote, and hand off URLs to any Git client.
Browser Run ships Live View, Human in the Loop, and Session Recordings. The product (formerly Browser Rendering) gained real-time visibility into running sessions, human intervention capabilities for intervention workflows, and replay functionality. Browser Run also added WebMCP support so AI agents can call website functions directly instead of relying on screenshot-analyze-click loops. Concurrency limits for paid plans jumped 4x — 30 to 120 concurrent browsers per account, and REST API rate limits increased to 10 req/s.
Workflows and Containers expanded capacity on paid plans. Workflows concurrent instances increased 5x (10k to 50k), creation rate tripled (100 to 300/s per account), and queued instance limits doubled (1M to 2M). Containers gained regional and jurisdictional placement constraints (regions, jurisdiction) to control where workloads run for compliance.
Workers SDK upgraded with Flagship feature flags and improved local dev. Wrangler added artifacts:write OAuth scope and end-to-end Flagship binding support for evaluating feature flags. The Vite plugin now exposes a local explorer via e hotkey during dev. OpenAPI template upgraded to chanfana v3 and Zod v4.
Security and observability improvements. Access gained independent MFA (TOTP, security keys, biometrics) without relying on IdP. Data Loss Prevention settings moved to account level for consistent enforcement. Privacy Proxy metrics are now queryable via GraphQL. WAF added RCE detection for Mesop and protections for Cisco/FortiClient vulnerabilities.
Cloudflare Mesh launched. Post-quantum encrypted networking connects servers, laptops, and phones with private Mesh IPs, supporting TCP/UDP/ICMP and CIDR routes — no infrastructure deployment required. VPC Networks (public beta) let Workers reach any service in private networks by binding to Tunnel or Mesh.