Introducing the 2026 Cloudflare Threat Report

Cloudflare's 2026 Threat Report warns of a shift to high-trust, high-throughput attacks measured by a "Measure of Effectiveness (MOE)", documenting AI-driven automation, nation-state pre-positioning against critical infrastructure, SaaS/IaaS abuse for C2 and delivery, token theft that undermines MFA, and record hyper-volumetric DDoS activity; the report profiles named threat groups, cites active tooling (e.g., XenoRAT, LummaC2), and discloses CVE-2026-22813 while urging a move toward autonomous defense.