In this episode of This Week in NET (the second this week focused on building with AI), host João Tomé is joined by Steve Faulkner, Engineering Director at Cloudflare, to discuss how he rebuilt a Next.js-compatible framework in just one week using AI. The project, called vinext, began as an experiment and evolved into a working proof of concept.

We explore what AI-first development looks like in practice, how coding agents were used to rewrite and test large API surfaces, and what happens when you treat dependencies as something you can regenerate rather than maintain manually.

The results were surprising: faster local builds, smaller bundles, deployment to Workers with a single command, and a total AI token cost of roughly $1,100.

We also discuss:

• Using voice-to-code workflows (SuperWhisper + local models)

• AI reviewing code multiple times

• Whether AI-assisted rebuilds will become common

• What this means for 2026 and beyond

Mentioned blog posts:

• How we rebuilt Next.js with AI in one week

⏱️ Timestamps 

0:12 — Introduction: the latest on the Cloudflare blog (monitoring post-quantum encryption and ASPA routing; JavaScript Streams — why we deserve a better API)

3:22 — Steve’s role and Workers platform overview

4:34 — How the idea came to be

6:11 — When AI tools became “good enough”

7:13 — Tooling setup: OpenCode, Claude, parallel agents

9:03 — AI beyond coding: management and markdown workflows

10:58 — What AI-first development actually means

12:03 — Performance gains: 4x faster builds, 57% smaller bundles

14:11 — ~$100 in tokens: the real cost

15:35 — Deploying to Workers with one command

17:25 — Community feedback and early adoption

19:09 — Will AI rebuild other frameworks?

20:25 — Voice-to-code workflows (SuperWhisper, Parakeet)

23:31 — Traffic-Aware Pre-Generation (TPR) explained

25:23 — Production caution and security

26:19 — How to get started (use AI to migrate your app)

27:12 — The big takeaway: AI is changing how we build software

In this episode of This Week in NET, host João Tomé is joined by Matt Curry to break down Code Mode: a way to give AI agents access to the entire Cloudflare API (2,500+ endpoints) using two tools and roughly ~1,000 tokens of context.  

Instead of exposing thousands of individual tools (which quickly becomes expensive and brittle), Code Mode lets the model write JavaScript to search and execute against a compact API context. The result is massive compression, lower cost, and better performance.

We also include demos showing how agents can query real infrastructure, navigate multiple accounts, and build things like multiplayer experiences using Durable Objects and WebSockets.

⏱️ Timestamps 

0:53 — Intro: agents, MCP, tokens, and what Code Mode means

2:53 — Why exposing 2,500+ endpoints as tools doesn’t scale

6:49 — How Code Mode works: generate an SDK and let the model write code

9:57 — Demo: querying deployed Workers and infrastructure

14:37 — Multiplayer with Durable Objects (live demo “wow” moment)

24:32 — Compression stats: 2 million tokens → ~1,000 tokens

27:26 — Code Mode SDK v2 and wrapping your own APIs

31:52 — The Sandbox: running untrusted code safely

38:03 — What’s next: progressive disclosure and MCP evolution

Mentioned blog posts:

• Code Mode: give agents an entire API in 1,000 tokens
  
  

In this episode, host João Tomé is joined by Celso Martinho, VP of Engineering at Cloudflare, to discuss two major launches: Markdown for Agents and Moltworker (for OpenClaw) — and what they signal about the future of AI agents on the Internet.

Celso explains how Markdown for Agents was conceived, built, and shipped in just one week, why AI systems prefer markdown over HTML, and how converting a typical blog post from 16,000 HTML tokens to roughly 3,000 markdown tokens can reduce cost, improve speed, and increase accuracy for AI models. We also explore Moltworker, a proof-of-concept showing how a personal AI agent originally designed to run on a Mac Mini can instead run on Cloudflare’s global network using Workers, R2, Browser Rendering, AI Gateway, and Zero Trust.

We discuss observability for AI crawlers, new monetization models for publishers, the rapid growth of agent ecosystems, and why AI is becoming less hype and more infrastructure.

Mentioned blog posts:

• Introducing Markdown for Agents
• Introducing Moltworker: a self-hosted personal AI agent, minus the minis

⏱️ Timestamps

1:15 — Introducing Markdown for Agents

1:46 — From idea to ship in one week

2:37 — Why AI systems prefer markdown over HTML

3:30 — HTML “packaging” vs semantic content

4:39 — How Cloudflare converts HTML to markdown in real time

5:19 — Token savings: 16,000 vs 3,000 tokens

6:29 — Context windows, cost, and AI efficiency

8:21 — Tracking markdown trends in Cloudflare Radar

9:05 — Live demo: content negotiation header with curl

11:07 — AI projects in Lisbon: AI Search, PaperCrawl, and more

12:36 — Observability and new monetization models for publishers

13:56 — What is OpenClaw and why it went viral

14:54 — From Hacker News to Cloudflare in hours

17:06 — Running OpenClaw on Cloudflare instead of a Mac Mini

18:05 — Why this is a proof of concept (not a product)

20:06 — Architecture: Zero Trust, Workers, R2, Browser Rendering, AI Gateway

22:32 — Demo: AI agent records and posts a video automatically

24:53 — 10,000 GitHub stars and open source support

26:11 — AI in 2026: intensifying work, not replacing it

In this episode of This Week in NET, host João Tomé is joined by Emily Hancock, Cloudflare’s Chief Privacy Officer and Data Protection Officer, for a wide-ranging conversation about privacy in 2026 and how the role has evolved in the age of AI.

Emily explains how privacy officers shifted from GDPR compliance to broader data governance, responsible AI practices, cybersecurity collaboration, and cross-border data frameworks. We explore privacy by design, data minimization, vendor risk, government requests, warrant canaries, digital sovereignty, insider threats, and how AI is reshaping both attacker and defender capabilities.

We also discuss Cloudflare’s approach to responsible AI, how teams use internal controls to avoid misuse of customer data, and why “human in the loop” remains essential for accuracy, safety, and trust.

Check the Cloudflare Blog: blog.cloudflare.com

1:53 — Blogs roundup 

3:58 — How the CPO role has evolved since GDPR

7:04 — From GDPR to AI governance

9:46 — Privacy + cybersecurity: breaches, notifications, preparedness

14:08 — “Fire doors” and incident containment

14:56 — Privacy by design & data minimization

20:07 — Government requests, due process, and transparency

22:08 — Warrant canaries & what Cloudflare will never do

23:17 — Digital sovereignty: localization and global differences

26:25 — Data Localization Suite & Metadata Boundary

28:06 — AI and privacy: rules, training, customer protections

29:35 — Cloudflare’s AI principles

31:32 — AI sovereignty & running inference close to users

32:19 — “AI as an intern”: accuracy and human review

34:31 — Protecting personal data when using AI

36:20 — What’s coming in 2026: regulation & fragmentation

38:37 — Insider threats & Zero Trust

40:33 — Emily’s privacy wish list for 2026

In this episode, David Belson — Cloudflare’s Head of Data Insights — joins us to walk through the biggest Internet disruptions of late 2025 and early 2026.

At the start, we also highlight several new posts on the Cloudflare Blog: Moltworker, a self-hosted personal AI agent built with OpenClaw (former MoltBot and ClawdBot) and Cloudflare’s Developer Platform; Post-Quantum Matrix Homeserver, a proof-of-concept encrypted messaging server running entirely on Cloudflare Workers; Route Leak Incident (Jan 22), what happened in Miami and how routing policy safeguards are being improved; Google’s AI Advantage, why crawler separation is needed for fair competition and better protection for publishers.

We then go into the major Internet trends, including the storm-related disruption in three regions in Portugal this week. Our main focus is the government-directed nationwide shutdown in Iran. 

Then we also go over Q4 2025 disruptions: repeated weather-driven outages across Africa and the Caribbean, submarine cable failures, DNS anomalies, and the persistent risk of centralized points of failure. David also explains how Starlink’s global footprint is reshaping Radar visibility — and why the Internet remains remarkably resilient despite a turbulent quarter.

Mentioned blog posts: 

• Cable cuts, storms, and DNS: a look at Internet disruptions in Q4 2025
• Introducing Moltworker: a self-hosted personal AI agent, minus the minis
• Route leak incident on January 22, 2026
• Building a serverless, post-quantum Matrix homeserver

⏱️ Timestamps

0:30 — Weekly blog roundup (Moltworker, Route Leak, Google’s AI Advantage)

4:13 — Storm impact in Portugal: what Radar saw in Leiria, Santarém, and Coimbra

11:55 — Iran’s multi-week Internet shutdown: scale, signals, and how it unfolded

18:15 — The “National Information Network”: partial access, allowlisting, and blocked services

21:24 — Power vs. connectivity: how electricity failures show up as Internet outages

22:33 — Q4 global round-up: Jamaica, Sri Lanka, Indonesia, and cyclone-driven disruptions

30:32 — Technical failures: ISP issues, DNS problems, routing mistakes, and what Radar detects

33:47 — The future of Radar: Starlink visibility, provider-level metrics, and disruption heat maps

In this first 2026 edition of This Week in NET, João Tomé is joined by Patrick Day from Cloudflare’s Impact & Policy team to break down the recently released Cloudflare Impact Report — including how Cloudflare supports elections, protects journalists, advances Internet standards, and expands access to secure AI infrastructure.

At the start, we also go over some of our recent blog posts:

• Acquisitions: Astro and Human Native join the Cloudflare ecosystem.

• Technical Deep Dive: How a small DNS optimization in 1.1.1.1 exposed a decades-old ambiguity in early Internet standards.

• Global Trends: A severe government-directed Internet shutdown in Iran and BGP anomalies observed in Venezuela.

Mentioned topics:

• Cloudflare Impact Report
• The Cloudflare Blog

In this end-of-year episode of This Week in NET, host João Tomé is joined by Omer Yoachimik, Senior Product Manager for DDoS Protection at Cloudflare, to break down the realities of the 2025 DDoS threat landscape — and what’s coming next.

They discuss how DDoS attacks reached previously “theoretical” scales in 2025, including record-breaking 31 Tbps attacks, the rise of massive botnets like Aisuru, and how geopolitical events increasingly shape cyber activity. Omer explains why traditional scrubbing-center defenses are becoming obsolete, how Cloudflare’s autonomous, globally distributed mitigation works, and why automation and real-time intelligence are now essential.

The conversation closes with practical advice for organizations, common myths about DDoS risk, and what to expect in 2026 as attacks grow larger, faster, and more sophisticated.

DDoS threats related blog posts: https://blog.cloudflare.com/tag/ddos/

In this special Year in Review episode of This Week in NET, host João Tomé is joined by David Belson to break down the Cloudflare Radar 2025 Year in Review.

Together, they explore what Cloudflare’s global network reveals about how the Internet evolved over the past year — from the rapid rise of AI crawlers and agent traffic, to record-breaking DDoS attacks, the spread of post-quantum encryption, and the growing impact of government-directed shutdowns and outages.

The conversation looks at Internet resilience, security trends, and performance across countries, as well as what changed in Internet services, mobile platforms, and connectivity in 2025, and what these signals might tell us about 2026.

Explore the full Radar Year in Review microsite.

Read the related blog posts on the Cloudflare Blog:

• The 2025 Cloudflare Radar Year in Review: The rise of AI, post-quantum, and record-breaking DDoS attacks
• ChatGPT's rivals, Kwai's quiet rise: the top Internet services of 2025
  
  

In this short episode of This Week in NET, Craig Dennis, Senior Developer Educator for AI at Cloudflare, explains why Replicate is joining Cloudflare, and what that means for developers building with AI.

Replicate is widely known for making it easy to run thousands of high-quality AI models, from image generation and video to audio and language models, all through a simple, developer-friendly API. Craig breaks down why Replicate became such an important part of the AI ecosystem, and how bringing it into Cloudflare helps make Workers the best place to build and deploy AI and agentic workflows.

And there’s a bonus: we’re giving away Replicate credits so you can try models yourself. Stay tuned to the episode to learn how to get access and start experimenting.

Mentioned blog posts:

• Why Replicate is joining Cloudflare

In this episode of This Week in NET, we talk with Daniele Molteni, Director of Product Management for Cloudflare’s WAF, about how Cloudflare responded within hours to a newly disclosed React Server Components vulnerability — deploying global protection before the public advisory was even released.

That speed matters. In just the first 11 days after disclosure, Cloudflare observed more than 1 billion exploitation attempts related to React2Shell, with sustained pressure averaging over 4 million hits per hour, and peaks far higher. Threat actors quickly integrated the vulnerability into large-scale scanning and reconnaissance, targeting even critical infrastructure. If you run React, upgrading is urgent.

Daniele explains how WAF rules are built, how new payload logging improvements help customers understand real attack traffic, and what’s coming next in 2026 — including Firewall for AI, fraud detection, and safer, gradual rule rollouts.

To close the episode, Systems Engineer Steve James gives a hands-on demo of a real-time multiplayer chess app running inside ChatGPT, built with the Agents SDK and Cloudflare Workers.

Mentioned blog posts:

• React2Shell and related RSC vulnerabilities threat brief: early exploitation activity and threat actor techniques
• Cloudflare WAF proactively protects against React vulnerability
• Get better visibility for the WAF with payload logging