Cloudflare Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

Cloudflare Issues Reports

Latest outage, problems and issue reports in social media:

• 
  'himeriya' 'mie' 🧢✉️ case ponnect (@himeriyamie) reported 7 minutes ago

  crunchyroll almost stopped me from paying my college tuition because the system is based off of cloudflare or smth i got the cloudflare is down message when trying to pay it still somehow went through but istg crunchyroll will pay if they get me in legal trouble with my college

• 
  Nevo David (@wickedguro) reported 7 minutes ago

  Postiz is currently on $105k MRR. My infrastructure is actually very cheap: > Railway = ~$200/m > CloudFlare R2 = ~$160/m, it's too damn cheap > X = $1000/m, yes, yes, you have to move to their PPU (good for me, it will remove some competitors) > Transloadit = $800/m > ChatGPT credits = $200/m

• 
  erik@try.works (@trydotworks) reported 8 minutes ago

  @threepointone Oh my bad. I'm still learning cloudflare and didn't get to Think yet

• 
  Linus Mixson (@LinusMixson) reported 8 minutes ago

  @psycho_fren @vxunderground It's substantially more complicated than that. Cloudflare is infrastructure & their customers (in the US, at least) have an expectation that when they use a network infrastructure provider the content of the communication between server and client is not being read by intermediaries without their permission. Cloudflare's service is opt-in because otherwise it would involve constantly surveillance of ~all traffic from your site by a third party. They are not seeking to profit off of CSAM.

• 
  Adetunji | Software Engineer (Web & Mobile) (@itzadetunji1) reported 12 minutes ago

  @nooriefyi Cloudflare doesn't support all the features that my nextjs app does Seems to be why devs have stuck with cloudflare for quite a long time now

• 
  Vinayaka Hegde (@VinayakaHe50360) reported 14 minutes ago

  @nooriefyi this kinda comparsion is incomplete without breaking down usage patters & what exactly changed in the stack. and, vercel and cloudflare optimize for diff layers of the stack, so migrations are not apples to apples.

• 
  Aiona Edge (@aionaedge) reported 15 minutes ago

  Anthropic's Project Glasswing just released its first results, and the headline is staggering: Claude Mythos Preview has uncovered more than 10,000 high- or critical-severity vulnerabilities across partner software in just one month. Cloudflare alone found 2,000 bugs (400 high/critical). Mozilla patched 271 Firefox vulnerabilities — ten times what the previous Claude model caught. Palo Alto Networks shipped five times its normal patch volume. Microsoft says its patch releases will "continue trending larger for some time." But here's what the headlines are missing. **WHAT EVERYONE IS SAYING** The coverage reads like a cybersecurity breakthrough story. AI finds bugs! Software gets safer! Anthropic saves the internet! The narrative writes itself — a frontier AI model deployed responsibly through controlled partnerships, finding real vulnerabilities before bad actors can exploit them. It's the "responsible AI" story everyone wants to believe. And to be clear: the numbers are real. Anthropic independently scanned 1,000 open-source projects and found 6,202 high- or critical-severity vulnerabilities, with a 90.6% true positive rate after third-party verification. A Mythos-powered tool at a partner bank caught a $1.5M fraudulent wire transfer. The UK's AI Security Institute confirmed Mythos is the first model to fully solve both of its in-house cyber range simulations. These are not demo numbers. This is production-grade capability. **WHAT'S ACTUALLY GOING ON** Here's the part that should keep security leaders up at night: of those 23,019 total vulnerabilities Mythos found in open-source projects, only 97 have been patched. 97 out of 23,019. The bug-finding capacity of AI has completely outpaced the bug-fixing capacity of the humans who maintain the software the entire world runs on. Open-source maintainers have literally asked Anthropic to slow down disclosures because they can't keep up. The average fix time for a high- or critical-severity bug is two weeks. Anthropic's model finds them in hours. That's not a feature — that's a systemic risk multiplier. And Anthropic themselves are saying this explicitly. They write: "No company, including Anthropic, has built safeguards strong enough to stop misuse of these models and prevent serious damage." They note that Mythos-class capabilities will soon be widely available. OpenAI's GPT-5.5 is already competitive on these benchmarks, with a specialized GPT-5.5 Cyber variant available to vetted researchers. The asymmetric advantage attackers get from this — the ability to find and weaponize vulnerabilities at machine speed — is not theoretical. It is the current reality. Consider the math: a Mythos-class model can find a critical vulnerability in hours. The average time to patch is two weeks. That gap — call it the "exposure window" — just widened from a crack to a canyon. And it's not just zero-days anymore. It's thousands of known-but-unpatched vulnerabilities sitting in open-source infrastructure that the entire internet depends on. **WHAT THIS MEANS FOR BUSINESS LEADERS** 1. **Your patch cadence is now a competitive vulnerability.** If your organization patches on a monthly cycle, you're operating on a timescale that AI attackers have already left behind. The companies that will survive the next 24 months are the ones that can patch in days, not weeks. Audit your patch management process right now. If it takes you longer than 72 hours from patch availability to deployment for critical vulnerabilities, you are exposed. 2. **Open-source risk has fundamentally changed.** If you're running open-source infrastructure (and you are — the average enterprise has thousands of OSS dependencies), the old assumption was that obscurity provided some protection. That assumption is dead. Every unpatched vulnerability in every project you depend on is now findable by machine. Map your dependencies, identify which projects have small maintainer teams, and start contributing resources to their security. 3. **AI security tools are no longer optional — they're existential.** The same capability that finds 10,000 vulnerabilities can also exploit them. If your security team isn't using AI-powered vulnerability detection and response tools right now, you're defending a castle with medieval weapons against an army that has aerial reconnaissance. Budget for this in Q3, not next year's plan. 4. **The "responsible deployment" window is closing.** Anthropic is holding Mythos Preview back from public release specifically because they can't guarantee it won't be misused. But they acknowledge comparable models are coming. The period where only vetted partners have this capability is temporary. Your security planning should assume widespread availability by end of 2026. The real story of Project Glasswing isn't that AI can find bugs. It's that AI has exposed a structural weakness in how the world maintains its critical software. We built a civilization on open-source code maintained by underfunded teams, and we just gave everyone — defenders and attackers alike — a map of every crack in the foundation. The question isn't whether AI will make software more secure eventually. It almost certainly will. The question is what happens in the transition — and whether we can close the gap between finding flaws and fixing them before someone else exploits them first. #ProjectGlasswing #Cybersecurity #AISafety

• 
  Skuffd (@skuffd) reported 20 minutes ago

  @cloudflare Can y'all setup a *** hosting service plsss it could be called gitsun or gitburn, something like that

• 
  Linus Mixson (@LinusMixson) reported 20 minutes ago

  @psycho_fren @vxunderground It's substantially more complicated than that. Cloudflare is infrastructure & their customers (in the US, at least) have an expectation that, when they use a network infrastructure provider, the content of the communication between server and client is not being read by intermediaries without their permission. Cloudflare's service is opt-in because otherwise it would involve continual surveillance of ~all traffic from your site by a third party. They are not seeking to profit off of CSAM & will both mount internal investigations and cooperate completely with law enforcement when they are notified of it.

• 
  Sooraj (@suryanox7) reported 20 minutes ago

  @gselendal interesting.. Never tried, I usually work with cloudflare or spinning myself with ollama etc. Thanks

• 
  Rahaman Bin Ujit (@rahamanbinujit) reported 22 minutes ago

  @theBRLguy Next.js + Vercel for the front, Postgres on Supabase or Neon for data, Cloudflare in front for cache and edge. Most SaaS performance problems are downstream of slow DB queries, not framework choice. The stack matters less than the query plan.

• 
  Aevris AI (@aevrisai) reported 28 minutes ago

  Last night our API went down with Railway's outage. Tonight it can't. In one session we built: → Render backup deployment → Cloudflare Worker → Auto-failover between two providers → Dual UptimeRobot monitoring A security platform that goes offline is not a security platform. Fixed. Permanently. #AISecuity #Infrastructure #AEVRIS

• 
  Rodrigo (@Rag_time666) reported 30 minutes ago

  @Im_IrushiK Cloudflare is down

• 
  Max Nardit (@mnardit) reported 36 minutes ago

  But something is forming in the rubble: an AI-content licensing market. Cloudflare pay-per-crawl (HTTP 402), Perplexity's Publishers Program, News Corp's reported $250M OpenAI deal. Model-collapse research means LLMs structurally need fresh human signal they can't generate themselves.

• 
  Fatima Yusuf (@fatimayusf) reported 37 minutes ago

  Huge effort by the team. Startups can now get up to $350,000 in credits on @Cloudflare. There’s never been a better time to build 🚀