Actionable threat intelligence and deeper platform control
June 1–7, 2026
Cloudflare turned threat indicators into instant WAF rules, Workflows gained saga-style rollbacks, and Workers traffic can now be filtered through Gateway policies. Vercel shipped experimental realtime voice support in the AI SDK and persistent drives for sandboxes.
Threat intelligence you can act on immediately
The week’s most significant development was Cloudflare’s Security Center upgrades. You can now create WAF rules directly from Threat Events saved views, turning Cloudforce One indicators into active defense without manual extraction. Security teams can also pivot from a blocked event to a full Threat Actor Profile, revealing the “who, why, and how” behind an attack. This closes the gap between detection and response — intelligence that isn’t immediately actionable is just noise.
A platform for building more resilient applications
Cloudflare Workflows now supports saga-style rollbacks, letting you add compensating logic to each step.do() that executes in reverse order on failure — critical for multi-step operations touching inventory, payments, or external APIs. Separately, the Workers VPC binding now routes public Internet egress through Cloudflare Gateway, so Zero Trust policies that apply to WARP users also govern your Workers’ traffic. The AI Gateway’s new spend limits track cumulative dollar cost per model or user, blocking requests when budgets are exceeded — a practical alternative to rate limiting for cost control.
Wrangler 4.98.0 introduced a migrations_pattern field for D1 bindings, supporting ORM-generated migration folders, while the deploy command now accepts a generic path argument that auto-detects whether the target is a Worker file or static assets. The Vite Plugin gained experimental cloudflare.config.ts support, and the SMTP submission beta adds a third way to send transactional email from Workers. R2 SQL now supports UNION, INTERSECT, EXCEPT, and SELECT DISTINCT for analytical queries on Iceberg tables.
Realtime voice, persistent sandboxes, and OIDC
The AI SDK’s experimental Realtime API support adds a useRealtime hook for speech-to-speech conversations, with provider implementations for OpenAI, Google, and xAI including server-side ephemeral token creation. Vercel’s Sandbox Drives (private beta) provide persistent, attachable storage independent of any sandbox lifecycle — useful for keeping agent workspaces across disposable environments. The skills.sh API is now available, querying 600,000+ open-source skills via short-lived OIDC tokens. Render added OIDC authentication with AWS in beta, and Turborepo’s latest canary ignores peer dependencies in the package graph, reducing false positives in dependency resolution.
On the smaller side, Railway shipped five CLI versions — durable streaming exec over WebSocket, agentic auth flows, and an interactive sandbox directory picker — and Next.js continued its canary cycle with Turbopack memory management improvements and App Shell staging.
Releases covered
- Security Center - Create WAF rules directly from Threat Events saved views
- Security Center - Introducing Threat Actor Profiles in Threat Events
- Workflows - Rollback support now available in Workflows
- Gateway, Cloudflare Mesh, Workers VPC - Filter Workers' public Internet traffic using Gateway policies
- AI Gateway - Control AI costs with spend limits
- Workers wrangler@4.98.0 adds D1 migrations_pattern and generalizes deploy paths
- Workers Vite Plugin v1.40.0 adds experimental cloudflare.config.ts support
- Email Service - Authenticated SMTP submission now available in beta
- R2 SQL - R2 SQL now supports UNION, INTERSECT, EXCEPT, and SELECT DISTINCT