All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

How Cloudflare hardens Workers security with V8 sandboxes and CPU memory protection

By

ketanhwr

8mo ago· 19 min readenInsight
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

Baker's choice. Dense with flavour, light on filler.

Score100TypeanalysisSentimentpositive

Summary

Cloudflare details the security hardening measures for its Workers serverless platform, focusing on defense-in-depth strategies. The article explains how Cloudflare uses V8 sandboxes, CPU memory protection keys (MPK), and other software/hardware features to isolate and protect customer code running on their globally distributed infrastructure. The approach ensures that customer workloads remain secure while benefiting from Cloudflare's low-latency global network, with the company emphasizing that security is a core part of their serverless offering.

Key quotes

· 3 pulled
You write code. We handle the rest.
Part of 'handling the rest' is making Workers as secure as possible.
We use defense-in-depth, including V8 sandboxes and the CPU's memory protection keys, to keep your data safe.
Snippet from the RSS feed
Cloudflare Workers are constantly being updated to be as secure and efficient as possible. We are further hardening Workers by making use of the latest software and hardware features. We use defense-in-depth, including V8 sandboxes and the CPU's memory pr

You might also wanna read

Google API Key Security Issue: Public Maps Keys Share System with Private Gemini API

The article reveals a significant security issue where Google Maps API keys, which are designed to be public and embedded in web pages, shar

simonwillison.net·3mo ago

Deno Sandbox: Secure Environment for Running LLM-Generated Code with API Access

Deno Sandbox is a new security solution designed for running LLM-generated code that needs to access external APIs with real credentials. Un

deno.com·3mo ago

Anthropic Releases Free Security Plugin for Claude Code Terminal to Detect Vulnerabilities

Anthropic has released a free security-guidance plugin for its Claude Code terminal tool that autonomously reviews code edits, model outputs

cybersecuritynews.com·6h ago

Google enters AI agent runtime race as the infrastructure layer becomes commoditized

Google repositioned Antigravity as a platform for developing and managing teams of autonomous AI agents at its I/O conference. The platform

bit.ly·12h ago

wolfCOSE: A Lightweight COSE + CBOR Library for Embedded Systems with PQC and FIPS 140-3 Support

wolfCOSE is a lightweight C library implementing CBOR (RFC 8949) and COSE (RFC 9052/9053) for embedded systems, using wolfSSL as the crypto

github.com·1d ago

Anthropic launches Claude Security beta for codebase vulnerability scanning

Anthropic has released Claude Security, a defensive security tool within Claude Code on the web, from closed preview to beta for Claude Ente

thenewstack.io·1d ago