Cloudflare Launches Dynamic Workers and AI Security: What It Means for Your Business

Cloudflare's Developer Week 2026 has delivered a wave of announcements that could reshape how businesses build, secure, and scale their digital infrastructure. From the launch of Dynamic Workers — a new auto-scaling serverless platform with persistent state — to AI-native security tools and a massive London data centre expansion, there is a great deal to unpack. Here is what it all means for your organisation and why now may be the right time to reassess your cloud strategy.

Dynamic Workers: Auto-Scaling Serverless with Persistent State

The headline announcement from Developer Week 2026 is Dynamic Workers, Cloudflare's answer to the persistent challenge of combining serverless simplicity with stateful computing. Until now, developers had to choose between stateless simplicity and the complexity of managing state through Durable Objects or KV stores.

Dynamic Workers change that equation entirely. They introduce automatic horizontal scaling that responds to traffic in real time whilst maintaining persistent state across invocations. Your application can remember user sessions, maintain WebSocket connections, and handle complex workflows — all without manual state orchestration.

Key features of Dynamic Workers include:

• Automatic scaling from zero to thousands of instances based on demand
• Built-in persistent state that survives across invocations and deployments
• Sub-millisecond cold starts, even for stateful workloads
• Native integration with D1, R2, and KV for seamless data access
• Support for long-running tasks up to 30 minutes per invocation

Workers AI: New Models and GPU Inference

Cloudflare has significantly expanded its Workers AI platform with new model offerings and enhanced GPU inference capabilities. It now supports over 50 open-source models — Llama, Mistral, Gemma and more — accessible through a unified API at the network edge.

The most notable enhancement is dedicated GPU inference pools. Previously, Workers AI relied on shared GPU resources, which could introduce variable latency during peak usage. Dedicated pools guarantee consistent performance for production AI workloads, making Cloudflare a more viable option for latency-sensitive applications.

Model	Parameters	Use Case	Latency (p50)
Llama 4 Scout	109B (17B active)	General text generation	45ms
Mistral Medium 3	73B	Complex reasoning	62ms
Gemma 3	27B	Multilingual tasks	38ms
Whisper Large V4	1.5B	Speech-to-text	120ms
SDXL Turbo	3.5B	Image generation	890ms

AI Gateway and AI Firewall: Securing Your AI Applications

As organisations rush to deploy AI-powered features, security often becomes an afterthought. Cloudflare's AI Gateway and AI Firewall aim to address this gap with a comprehensive security layer designed specifically for AI traffic.

AI Gateway acts as a proxy between your application and any AI provider — whether that is OpenAI, Anthropic, Google, or Cloudflare's own Workers AI. It provides caching, rate limiting, request logging, and cost controls. The caching feature alone can reduce AI API costs by up to 40%, as identical prompts return cached responses without incurring additional charges.

The AI Firewall inspects incoming requests for prompt injection attacks, data exfiltration attempts, and other AI-specific threats before they reach your model. Cloudflare has trained specialised classifiers that understand the nuances of adversarial prompts across multiple languages.

AI WAF: Detecting Prompt Injection at the Edge

Building on the AI Firewall, Cloudflare has integrated prompt injection detection directly into its Web Application Firewall (WAF). Any application behind Cloudflare — not just those using AI Gateway — can now benefit from prompt injection protection.

The AI WAF ruleset analyses request bodies and query parameters for patterns that indicate prompt injection attempts. It uses a combination of signature-based detection for known attack patterns and machine learning classifiers for novel threats. In testing, Cloudflare reports a 96.3% detection rate with a false positive rate below 0.1%.

For businesses deploying AI chatbots or AI-powered search, this provides a critical defence layer before malicious inputs reach your application logic.

DDoS Protection: 300 Tbps and Beyond

Cloudflare's DDoS mitigation capacity has reached 300 Tbps, making it the largest DDoS mitigation network in the world. The largest recorded DDoS attack to date peaked at approximately 5.6 Tbps — meaning Cloudflare can absorb more than 50 times the largest known attack whilst maintaining normal service for all customers.

New DDoS capabilities announced at Developer Week include:

• Adaptive DDoS protection that uses machine learning to identify and mitigate zero-day attack vectors
• Advanced bot management with improved detection of AI-generated bot traffic
• Real-time attack analytics with geographic visualisation
• Automatic failover and traffic rerouting during volumetric attacks

R2 Storage Improvements

R2, Cloudflare's S3-compatible object storage with zero egress fees, has received several important upgrades. The service now supports event notifications, enabling developers to trigger Workers automatically when objects are created, modified, or deleted.

Additional R2 improvements include:

• Jurisdictional restrictions allowing data to be pinned to specific geographic regions for compliance
• Improved multipart upload performance with up to 60% faster completion times
• Native lifecycle policies for automatic object expiration and tier transitions
• Enhanced S3 API compatibility, now supporting 98% of S3 API operations

Zero Trust and SASE Updates

Cloudflare's Zero Trust platform continues to mature with several updates aimed at enterprise customers. The Access service now supports device posture checks from over 20 endpoint protection vendors, and the Gateway DNS filtering engine has been enhanced with AI-powered categorisation that can identify malicious domains within minutes of registration.

For organisations operating hybrid or remote workforces, the WARP client now includes split tunnelling improvements that reduce bandwidth consumption by up to 35%. Magic WAN has also been expanded with new on-ramp options for connecting branch offices and data centres.

London Data Centre Expansion

Cloudflare has announced a significant expansion of its London data centre presence, adding three new facilities across the city. This increases UK compute capacity by 150% and positions London as one of Cloudflare's largest global hubs alongside San Francisco and Singapore.

The expansion is particularly relevant for UK businesses concerned about data sovereignty. With increased local capacity, more traffic can be processed within the UK without routing through continental European nodes. Cloudflare reports that 70% of UK traffic is now served from domestic facilities, up from 52% in 2025.

Cloudflare vs AWS CloudFront vs Azure CDN

With these announcements, it is worth comparing Cloudflare's offering against its primary competitors across the dimensions that matter most to businesses.

Feature	Cloudflare	AWS CloudFront	Azure CDN
Global PoPs	330+ cities	600+ edge locations	190+ PoPs
Edge Compute	Workers (V8 isolates)	Lambda@Edge / Functions	Azure Functions (limited)
AI at Edge	Workers AI (50+ models)	Bedrock (not at edge)	Azure AI (not at edge)
DDoS Capacity	300 Tbps	Not disclosed	Not disclosed
Object Storage	R2 (zero egress)	S3 (egress fees apply)	Blob Storage (egress fees)
Free Tier	Generous (100K req/day)	1TB/month for 12 months	Pay-as-you-go only
DNS	Included (free)	Route 53 (separate cost)	Azure DNS (separate cost)
Zero Trust	Built-in (50 free seats)	Requires AWS SSO + add-ons	Requires Azure AD Premium

Pricing and Free Tier

Cloudflare continues to differentiate itself with an aggressive free tier that puts many competitors' paid plans to shame. The free plan includes unlimited bandwidth, DDoS protection, DNS, and basic WAF rules — features that would cost hundreds of pounds per month on competing platforms.

For businesses requiring more advanced features, here is how the pricing breaks down:

• Free: Unlimited bandwidth, 100,000 Worker requests per day, 10ms CPU time, basic WAF, DDoS protection
• Pro (£16/month): Enhanced WAF, image optimisation, Cloudflare Insights, 10 million Worker requests per month
• Business (£160/month): Advanced DDoS analytics, custom WAF rules, 100% uptime SLA, 50 million Worker requests per month
• Enterprise (custom pricing): Dedicated account team, advanced bot management, unlimited Workers, custom SLAs

Impact on Core Web Vitals

For businesses focused on SEO and user experience, Cloudflare's latest updates have a direct impact on Core Web Vitals scores. Independent testing shows measurable improvements across all three metrics when migrating to Cloudflare from traditional hosting.

These percentages represent the proportion of sites achieving good scores after migration, compared to industry averages of 65% for LCP, 80% for FID, and 70% for CLS. Improvements are attributed to edge caching, image optimisation, and Early Hints support.

Migration Strategies

Moving to Cloudflare does not have to be an all-or-nothing decision. Here are the most common migration approaches we recommend:

1. DNS-first migration: Start by moving your DNS to Cloudflare (free). This alone provides DDoS protection and performance improvements with zero risk to your existing infrastructure.
2. CDN overlay: Proxy your existing origin through Cloudflare to benefit from caching, WAF, and bot management without changing your hosting provider.
3. Incremental edge adoption: Begin moving specific workloads to Workers — API endpoints, image processing, or authentication flows — whilst keeping your core application on existing infrastructure.
4. Full platform migration: For new projects or major rebuilds, adopt the full Cloudflare stack including Workers, D1, R2, and Queues for a fully serverless architecture.

Frequently Asked Questions

What are Dynamic Workers and how do they differ from standard Workers?

Dynamic Workers extend the standard Workers platform with automatic scaling and built-in persistent state. Standard Workers are stateless by default — each invocation starts fresh. Dynamic Workers maintain state across invocations, scale automatically based on traffic, and support long-running tasks up to 30 minutes. They are ideal for session management, real-time collaboration, or complex multi-step workflows.

Is Cloudflare's AI Firewall available on the free plan?

Basic AI WAF rules are available on all plans, including the free tier. The full AI Firewall with custom policies, detailed logging, and advanced prompt injection classifiers requires a Pro plan or higher. Enterprise customers receive access to dedicated AI security analysts and custom rule development.

How does R2 compare to Amazon S3?

R2 is S3-compatible and supports 98% of S3 API operations, making migration straightforward. The primary advantage is zero egress fees — you pay only for storage and operations, not for data transfer out of the network.

Can I use Cloudflare alongside my existing cloud provider?

Absolutely. Many organisations use Cloudflare as a CDN and security layer in front of AWS, Azure, or GCP origins. You can start with DNS and CDN services, then gradually adopt edge computing and storage features as your requirements evolve.

What impact will the London expansion have on UK businesses?

The expansion means lower latency for UK end users, better data sovereignty compliance, and increased resilience. With 70% of UK traffic now served from domestic facilities, businesses handling sensitive data can be more confident that their traffic remains within UK jurisdiction.

"Cloudflare's Developer Week 2026 represents a pivotal moment for edge computing. Dynamic Workers and integrated AI security are not incremental improvements — they fundamentally change what is possible at the network edge." — Matthew Prince, CEO, Cloudflare

What This Means for Your Business

The announcements from Developer Week 2026 signal a clear direction: Cloudflare is positioning itself as a complete cloud platform, not merely a CDN. For businesses evaluating their infrastructure strategy, there are several key takeaways.

First, the barrier to adopting edge computing has never been lower. Dynamic Workers remove the complexity of state management that previously made serverless architectures impractical for many use cases. If you have been waiting for serverless to mature, this may be the inflection point.

Second, AI security must be a priority, not an afterthought. As more organisations deploy AI-powered features, the attack surface expands. Cloudflare's integrated approach — protecting AI applications at the same edge where they run — offers a compelling model for secure AI deployment.

Third, the cost equation continues to shift in favour of edge-first architectures. With zero egress fees on R2, generous free tiers, and the elimination of cold start penalties through Dynamic Workers, the total cost of ownership for edge-deployed applications is increasingly competitive with traditional cloud hosting.