Enterprise browser agents and identity control planes: execution blueprint
Practical governance and operating patterns based on current public tech signals.
#zero-trust
33 articlesBrowser Agents in the Enterprise, Identity, Session Boundaries, and Safe Delegation
A concrete architecture for introducing browser agents with auditable delegation and least-privilege defaults.
Agent Sandboxes and Zero Trust Egress: A Practical Enterprise Pattern in 2026
CloudflareのAgents Weekで示されたSandbox/Outbound制御を踏まえ、企業向けAIエージェントの安全運用パターンを実務観点で整理。
Inbox and Browser AI Are Becoming the New Enterprise Attack Surface
How to model and mitigate risks as assistant features expand inside email, browsers, and daily productivity workflows.
Designing an Agent-Ready Web: Anonymous Credentials and Origin Protection
How to balance AI agent access, abuse prevention, and user privacy with modern web accountability patterns.
Cloudflare for AI Apps: Zero-Trust LLM Gateway Patterns from Prompt Ingress to Tool Egress
A security-first blueprint for protecting AI workloads with identity-aware routing, prompt inspection, and controlled tool execution.
Cloudflare Bot Management in 2026: Intent-Centric Governance for AI Crawlers and Agents
A practical governance model for handling AI crawlers, autonomous agents, and legitimate automation without breaking user experience.
Beyond Bots vs Humans: Building Intent-Centric Traffic Governance with Anonymous Credentials
A production playbook for replacing brittle bot labels with intent scoring, accountability controls, and privacy-preserving trust signals.
Browser Automation for Agents: Human-in-the-Loop Security Patterns Enterprises Can Audit
Designing browser-capable agents with approval gates, session recording, and least-privilege credentials.
Cloudflare Mesh in Practice: Post-Quantum Private Networking Without Traditional VPN Overhead
A practical architecture guide for adopting Cloudflare Mesh with device posture, route governance, and phased migration from VPN/bastion patterns.
Cloudflare Mesh + Workers VPC: Private Connectivity Patterns for Agentic Systems
A practical architecture for giving autonomous agents scoped private access without exposing internal services to the public internet.
Cloudflare Mesh + Workers VPC: A Practical Private Access Playbook for Production AI Agents
How to design private tool access for AI agents on Cloudflare with scoped identity, policy boundaries, and measurable blast-radius control.
Cloudflare Mesh for AI Agents: A Zero-Trust Blueprint for Private Tool Access
How to expose private systems to autonomous agents without rebuilding your network around static tunnels.
Unstoppable File Share Spam Is a Governance Signal: Rebuilding Collaboration Security with Zero-Trust Defaults
A practical response playbook for collaboration platform abuse, from identity controls to automated triage and user-safe defaults.
From Announcement to Delivery: Building a 2029 Post-Quantum Migration Program for Real Enterprises
A practical operating model for security, platform, and product teams translating post-quantum urgency into measurable migration work.
Cloudflare Organizations Beta: Building an IAM Operating Model Across Accounts, Teams, and Automation
A practical operating model for adopting Cloudflare Organizations beta with federated identity, least privilege, and migration guardrails.
Cloudflare’s 2029 Post-Quantum Target: Designing a Real Migration Program Before Deadlines Collapse
How to convert post-quantum ambition into an executable migration program across TLS, internal PKI, and vendor dependencies.
Cloudflare's 2029 Post-Quantum Target: A Practical Migration Playbook for Engineering Teams
How to turn post-quantum urgency into an executable roadmap across TLS, service identity, and operational risk controls.
Passkeys at Scale: Device-Bound Sessions and Identity Hardening for High-Risk Apps
A phased rollout strategy to move from password+OTP toward phishing-resistant authentication and measurable account safety.
Tailscale’s New macOS Architecture: Migration Lessons for Endpoint Networking Teams
Operational guidance for teams adapting to Tailscale’s updated macOS model, with rollout controls, support playbooks, and security validation.
Cloudflare AI Security for Apps GA: Runtime Defense Architecture That Actually Operates
Turning AI runtime security announcements into enforceable controls, measurable risk reduction, and operational playbooks.
Cloudflare AI Security for Apps: A Runtime Governance Blueprint for Real Agent Traffic (2026)
How to operationalize Cloudflare AI Security for Apps with discovery, policy tiers, and incident loops that survive production scale.
Cloudflare Threat Report 2026 and MOE: Rewriting Enterprise Defense for Throughput-Driven Adversaries
How to redesign detection, identity controls, and response operations when attackers optimize for effort-to-outcome efficiency instead of technical elegance.
AI Security for Apps GA: Runtime Protection Patterns for Agentic Systems
A practical defense architecture for prompt abuse, tool misuse, and data leakage as AI security controls move into mainstream app platforms.
From Legacy to Agile SASE: A Migration Operating Model for 2026
Cloudflare's legacy-to-agile SASE narrative is useful only when translated into phased migration architecture, service ownership, and measurable outcomes.
Enterprise RAG Security in 2026: Threat Model, Controls, and Runtime Operations
From prompt injection to data exfiltration, a concrete security architecture for production RAG systems with measurable controls.
AI Impersonation and Fake Tool Sites: Building a Defense Program for 2026
A cross-functional program to detect and contain fake AI tool phishing campaigns targeting employees, developers, and customers.
Defending Against AI Tool Clone Sites: Enterprise Playbook After the Claude Fake-Site Wave
A practical control stack for protecting employees from fake AI service portals and credential theft campaigns.
Cloudflare AI Security for Apps GA: A Rollout Playbook for Platform Teams
How to operationalize Cloudflare AI Security for Apps GA with staged enforcement, prompt-data controls, and SOC-ready telemetry.
Data Security in the Prompt Era: A Practical Cloud-to-Endpoint Architecture
How to redesign enterprise security controls when data now flows from endpoints to AI prompts across cloud services.
Endpoint-to-Prompt Security: Designing Data Protection for Enterprise GenAI
How to implement unified data controls from endpoint posture to prompt-time policy enforcement in enterprise AI workflows.
IP Overlap Is the New Normal: Return Routing Patterns for Modern SASE
How to design resilient SASE client routing when enterprises collide on private address space and split-tunnel assumptions break.
From Endpoint to Prompt: Why Unified Data Security Is Becoming the New SASE Baseline
Cloudflare One’s latest direction reflects a broader market move: data security must extend into AI prompt surfaces.