Skip to content
City PM
  • Germany
  • France
  • Europe
  • Markets
  • Business
  • Opinion
  • DE
  • Germany
  • France
  • Europe
  • Markets
  • Business
  • Opinion
  • DE
Tuesday 03 March 2026 2:04 pm  |  Updated:  Wednesday 04 March 2026 1:21 pm

Cloudflare 2026 Threat Intelligence Report: Nation-State Actors and Cybercriminals Shift from ‘Breaking In’ to ‘Logging In’

By: Business Wire

Add as a preferred source on Google

Cloudflare, Inc. (NYSE: NET), the leading connectivity cloud company, today published its inaugural 2026 Cloudflare Threat Report. This report draws on the expertise of the Cloudforce One threat research team and the scale of Cloudflare’s global network to spotlight a fundamental rewiring of the modern cyberattack. The data reveals that threat actors are using DDoS attacks of unprecedented scale, leveraging AI systems to exploit vulnerabilities, and continuing to strike at traditional weak spots like email to find ways to “log in” versus “break in.”

The 2026 report arms security teams against emerging threats, detailing the tactics and trends behind the 230 billion threats Cloudflare blocks on average each day. With AI making it easier for anyone to launch sophisticated attacks, threat actors are moving faster than ever. They are not just crashing websites; they are quietly infiltrating payroll systems and tricking software into trusting them. Security is no longer about keeping strangers out, it’s about proving that the users inside your network are who they say they are.

“Hackers thrive on the gaps left by fragmented, stale threat intelligence. At Cloudflare, we’ve built the largest and most comprehensive global sensor network that gives us a front-row seat to threats invisible to everyone else,” said Matthew Prince, co-founder and CEO of Cloudflare. “By sharing this intelligence with the world, we’re plugging the gaps and shifting the advantage back to the defenders. The result is a safer, more reliable Internet, where it is fundamentally more difficult and expensive for hackers to operate.”

Over the past year, Cloudforce One has analyzed trillions of network signals and threat actor tactics, techniques, and procedures (TTPs) to uncover the most common attack vectors, nation-state espionage tactics, and the real-world impact of AI on cyberattacks. Key findings include:

  • AI Erases the Technical Barrier to Entry to Launch Attacks: Threat actors are using Large Language Models (LLMs) to map networks in real-time, develop new exploits, and create hyper-realistic deepfakes. Cloudforce One tracked a threat actor who leveraged AI to help identify the location of high-value data. This allowed the actor to compromise hundreds of corporate tenants — high-volume SaaS applications that allow multiple organizations to share resources — in one of the most impactful supply chain attacks seen.
  • Chinese Threat Actors Trade Broad Attacks for Precision Strikes: State-sponsored actors, specifically Salt Typhoon and Linen Typhoon, have shifted focus toward North American telecommunications, government entities, and IT services. These actors are shifting from traditional espionage to persistent pre-positioning — the act of installing code on the network or system of a rival state to allow for future attacks — within U.S. critical infrastructure.
  • Corporate Identities are Being Hijacked: North Korean operatives are using AI-generated deepfakes and fraudulent IDs to bypass hiring filters, embedding state-sponsored workers directly into Western corporate payrolls. Using U.S.-based “laptop farms,” these threat actors are masking their true location.
  • DDoS Attacks Surpass Human Response Capabilities: Large-scale botnets like Aisuru have evolved into nation-state level threats capable of taking down entire country’s networks. With record-breaking attacks reaching 31.4 Tbps, these high-speed strikes now demand fully autonomous defenses.

“Threat actors are constantly changing tactics, finding new vulnerabilities to exploit and ways to overwhelm their victims. To avoid being caught off guard, organizations must shift from a reactive posture to one fueled by real-time, actionable intelligence,” said Blake Darché, head of threat intelligence, Cloudforce One at Cloudflare. “This report is a North Star for understanding the scale of attacks, and how threat actor aggression and techniques are shifting. The message to defenders is simple: lead with intelligence or risk falling behind in a race where the stakes have never been higher.”

To learn more about the 2026 Cloudforce One Threat Intelligence Report please check out the resources below:

  • 2026 Cloudforce One Global Threat Report
  • Cloudforce One

About Cloudforce One

Driven by a mission to help defend the Internet, Cloudforce One leverages telemetry from Cloudflare’s global network, which protects approximately 20% of the web, to drive threat research and operational response, protecting critical systems for millions of organizations worldwide.

About Cloudflare

Cloudflare, Inc. (NYSE: NET) is the leading connectivity cloud company. It empowers organizations to make their employees, applications and networks faster and more secure everywhere, while reducing complexity and cost. Cloudflare’s connectivity cloud delivers the most full-featured, unified platform of cloud-native products and developer tools, so any organization can gain the control they need to work, develop, and accelerate their business.

Powered by one of the world’s largest and most interconnected networks, Cloudflare blocks billions of threats online for its customers every day. It is trusted by millions of organizations – from the largest brands to entrepreneurs and small businesses to nonprofits, humanitarian groups, and governments across the globe.

Learn more about Cloudflare’s connectivity cloud at cloudflare.com/connectivity-cloud. Learn more about the latest Internet trends and insights at https://radar.cloudflare.com.

Follow us: Blog | X | LinkedIn | Facebook | Instagram

Forward-Looking Statements

This press release contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended, which statements involve substantial risks and uncertainties. In some cases, you can identify forward-looking statements because they contain words such as “may,” “will,” “should,” “expect,” “explore,” “plan,” “anticipate,” “could,” “intend,” “target,” “project,” “contemplate,” “believe,” “estimate,” “predict,” “potential,” or “continue,” or the negative of these words, or other similar terms or expressions that concern Cloudflare’s expectations, strategy, plans, or intentions. However, not all forward-looking statements contain these identifying words. Forward-looking statements expressed or implied in this press release include, but are not limited to, statements regarding the capabilities and effectiveness of Cloudforce One and Cloudflare’s other products and technology, the benefits to Cloudflare’s customers from using Cloudforce One and Cloudflare’s other products and technology, Cloudflare’s plans and objectives for the 2026 Cloudflare Threat Report, Cloudflare’s global network, and Cloudflare’s products and technology, Cloudflare’s technological development, future operations, growth, initiatives, or strategies, and comments made by Cloudflare’s CEO, head of threat intelligence, and others. Actual results could differ materially from those stated or implied in forward-looking statements due to a number of factors, including but not limited to, risks detailed in Cloudflare’s filings with the Securities and Exchange Commission (SEC), including Cloudflare’s Annual Report on Form 10-K filed on February 26, 2026, as well as other filings that Cloudflare may make from time to time with the SEC.

The forward-looking statements made in this press release relate only to events as of the date on which the statements are made. Cloudflare undertakes no obligation to update any forward-looking statements made in this press release to reflect events or circumstances after the date of this press release or to reflect new information or the occurrence of unanticipated events, except as required by law. Cloudflare may not actually achieve the plans, intentions, or expectations disclosed in Cloudflare’s forward-looking statements, and you should not place undue reliance on Cloudflare’s forward-looking statements.

©2026 Cloudflare, Inc. All rights reserved. Cloudflare, the Cloudflare logo, and other Cloudflare marks are trademarks and/or registered trademarks of Cloudflare, Inc. in the U.S. and other jurisdictions. All other marks and names referenced herein may be trademarks of their respective owners.

Cybersecurity report 2026 highlights shift to logging in strategies by nation-state actors and cybercriminals

View source version on businesswire.com: https://www.businesswire.com/news/home/20260303235760/en/

Contact

Cloudflare, Inc.
Daniella Vallurupalli
Vice President, Head of Global Communications
[email protected]

Company Logo
Company Logo
Read more

Cloudflare Launches Design Partner Designation to Accelerate Secure AI and Seamless SASE Adoption

Share this article

  • Facebook
  • X
  • LinkedIn
  • WhatsApp
  • Email

Similarly tagged content:

Sections

  • Businesswire

Categories

  • Product/Service

Trending Articles

  • Citroën 2CV returns as a £13,000 electric car, and the timing is no accident

  • The former African gold miner taking on the billionaire Issa brothers

  • Music tycoon Simon Cowell sued by prominent City lawyer

  • As it happened: Choppy day for FTSE 100 after Iran closes Strait of Hormuz as strikes ramp up

  • Barclays and Lloyds back calls to digitalise UK markets and unlock £33bn boost

More from City PM

  • Cloudflare Launches Design Partner Designation to Accelerate Secure AI and Seamless SASE Adoption

    Business Wire
  • Cloudflare Announces Research Pilot with OpenAI

    Business Wire
  • Cloudflare Acquires VoidZero to Build the Future of the AI-Native Web

    Business Wire
  • Cloudflare Introduces Precursor; One-Click Behavioral Defense Against Modern Bots

    Business Wire
  • Cloudflare Allows the Agentic Internet to Flourish with a Simple Philosophy: Your Content, Your Rules

    Business Wire
  • Cloudflare and beehiiv Introduce AI Crawl Controls to Help Independent Publishers Navigate the AI Era

    Business Wire
  • Cloudflare Collaborates With Leading Browsers to Develop a Privacy-First Protocol For the Global Internet

    Business Wire
  • WP Engine Enhances Global Edge Security With Bot Management to Control AI-Driven Website Traffic

    Business Wire

City PM — European politics, business and analysis.

Europe

  • Germany
  • France
  • Europe
  • UK & Ireland

Topics

  • Business
  • Markets
  • AI
  • Technology
  • Opinion
  • Energy

More

  • Politics
  • Economics
  • Fintech
  • Legal
  • Sport
  • Life

Company

  • About City PM
  • Editorial Policy
  • Corrections
  • Contact
  • Terms of Use
  • Privacy Policy
  • Cookie Policy
© 2026 City PM · Published by CityPM Media, Bahnhofstrasse 65, 8001 Zürich, Switzerland
About · Editorial Policy · Corrections · Contact · Privacy · Facebook