2004
Project Honey Pot
Matthew Prince built a distributed reputation system for spammers and malicious IPs. The underlying lesson was that a network can learn if enough traffic passes through it.
Cloudflare
The Global
Control Plane
Why planet-scale edge computing matters for the future of the internet and agents.
The Beginning
0→1 to Planet Scale
Not another CDN. One shared edge network that gets faster, safer, and smarter with every request that passes through it.
2009
Harvard Business School origin
Michelle Zatlyn recognized the commercial wedge: make sites faster and safer without forcing customers to rebuild infrastructure. Lee Holloway translated that idea into the technical architecture.
2010
Disrupt launch and freemium wedge
Cloudflare launched publicly with a self-serve model that brought developers and SMBs in cheaply, then used the same network to serve progressively larger customers.
2019
Public company, broader control plane
After the IPO, the company expanded the story from CDN and security into a wider enterprise control plane across networking, Zero Trust, and developer infrastructure.
2025
AI-native traffic and agentic internet
The narrative shifts again: if AI agents create, fetch, and transact across the web at machine speed, the edge network becomes policy, payment, observability, and execution infrastructure.
The Founding Bet
Technical innovation
Put security, routing, and compute in the request path once, then keep widening what the network can do for every additional customer.
Business model innovation
Start free. Acquire millions of small sites, learn from their traffic, then use that intelligence to sell upmarket. Enter at the bottom of the market where incumbents won't compete.
Strategic Evolution
Four Acts
Each act widens the same control plane instead of creating separate infrastructure businesses.
Protect the open web
Lead with DDoS protection, WAF, and performance so Cloudflare sits in the request path for as much traffic as possible.
- Freemium motion builds broad distribution and threat telemetry.
- Performance and security are sold as one integrated outcome, not two products.
- The network gets smarter as traffic density rises.
Connect enterprises to the edge
Expand from protecting websites to connecting users, branches, and applications through the same global network using Zero Trust and SASE.
- Cloudflare One turns the edge into a network replacement story.
- Enterprise expansion becomes easier because the edge already fronts internet traffic.
- The buyer shifts from web owner to CIO and security leader.
Edge primitives for developers
Workers, R2, D1, Durable Objects, and Pages give developers composable compute, storage, and state primitives at the edge, converting distribution into platform gravity.
- Developers adopt primitives bottom-up before procurement catches up.
- Each primitive (compute, storage, state, queues) compounds retention on-platform.
- The control plane broadens from network operator to full application substrate.
Inference, agents, and AI economics
Cloudflare runs inference at the edge (Workers AI with major model providers), provides primitives for agentic applications, and mediates the economics between AI companies and publishers.
- Workers AI makes every model available at the edge with pay-per-inference economics.
- AI gateway, vectorize, and crawl controls become the stack for agentic applications.
- The monetization surface shifts from infrastructure to platform-level AI economics.
Product Organization
Protect, Connect, Build
While "Four Acts" describes temporal evolution, "Protect, Connect, Build" categorizes current product offerings.
Protect
Application security and threat protection leveraging intelligence from 20% of the web.
- DDoS Protection (L3-L7)
- Web Application Firewall
- Bot Management
- Email Security (Area 1)
- API Security
Connect
Zero Trust and SASE converging security and networking on Cloudflare's global backbone.
- Cloudflare One (SASE)
- Zero Trust Network Access
- Magic WAN
- Secure Web Gateway
- CASB
Build
Developer platform and edge compute with 4.5M active developers building the future.
- Workers (serverless)
- R2 (object storage)
- D1 (SQL database)
- Workers AI
- Pages, Durable Objects
Financial Overview
The Numbers
The core question: can infrastructure intensity coexist with platform-scale operating leverage?
2030 Target
$5B
Requires sustained ~18-20% CAGR from current base.
FY 2025 revenue
$2.17B
YoY growth
34%
$100K+ customers
4,298
Gross margin
74.9%
Developers
4.5M
Competitive Position
Strategic Moat
One edge network that unifies traffic, security, and compute. Each PoP (Point of Presence) is a data center that runs the full stack, security, routing, and compute, so every request is handled close to the user in a single distributed layer.
PoP density creates a compounding moat
Core Shared edge network
Developers, SMBs, and free plans keep top-of-funnel cheap.
1 Self-serve distribution
2 More traffic through PoPs
Traffic density increases global visibility into latency and abuse.
3 Better security and routing models
Threat reputation, caching, and policy get smarter with usage.
4 More products on the same edge
Protect, Connect, and Build all benefit from the same control plane.
What the PoP advantage really means
| Capability | Integrated edge model | Regional cloud + separate control planes |
|---|---|---|
| Traffic entry and acceleration | Every PoP terminates, inspects, routes, and accelerates traffic in one pass. | CDN, security, and routing often live in separate services or appliance tiers. |
| Security and policy | WAF, DDoS, bot defense, and Zero Trust share one data plane. | Policy is spread across vendors, appliances, or separate consoles. |
| Compute runtime | Runtime executes on the same edge network that handles the request. | Compute sits in regions, away from the traffic layer. |
| Data and state | R2, D1, KV, and Durable Objects keep state close to execution. | State is centralized, so edge logic often round-trips to a region. |
| Developer adoption | Developers can start free and expand into a fuller platform on one account and bill. | Moving from CDN to compute usually means a new product boundary and pricing model. |
Growth Engine
Strategic Growth
Two engines: incubate internal bets and capture external momentum.
Incubate internally
Build when the capability is strategic and still emerging.
AI traffic and economics
Run inference at the edge and control who calls what, how traffic routes, and how it gets monetized.
Data gravity around R2 and D1
Keep storage and state on-platform so workloads don't flow back to a hyperscaler.
Acquire strategically
Buy when time matters more than invention.
AI deployment and model serving
Shorten the path from idea to production inference at the edge.
Observability and developer experience
Close gaps in the build-ship-observe loop before they slow adoption.
Real-time collaboration
Fill workflow gaps developers expect around Durable Objects.
The right M&A posture is not "buy growth" but "compress time-to-platform-completeness." Package Protect, Connect, and Build as one fundable decision.
M&A Strategy
Acquisitions
Each acquisition compresses time-to-platform-completeness. The pattern: invent core primitives internally, then acquire workflow and acceleration layers around them.
Act 1
Protect
Security wedge acquisitions that deepen inspection and access control.
Core Protect primitives
WAFDDoS MitigationBot Management
Acquisitions below added email security, cloud posture, and infrastructure access.
Email and phishing security before traffic hits apps.
Email SecurityPreventive cloud control posture, not just after-the-fact detection.
Cloudflare OneZero Trust access for servers, databases, and Kubernetes.
Infrastructure AccessAct 2
Connect
Network and Zero Trust capabilities that convert edge presence into enterprise connectivity.
Core Connect primitives
WARPTunnelGatewayMagic WAN
Acquisitions below added browser isolation, CASB, and network orchestration.
Remote browser isolation for the secure access stack.
Browser IsolationSaaS security posture and CASB for the enterprise control plane.
CASB + GatewayNetwork orchestration and visibility for WAN and multi-cloud.
Magic WAN + SASEAct 3 + 4
Build
Developer-platform acquisitions that deepen platform gravity around state, collaboration, and observability.
Core Build primitives
WorkersDurable ObjectsR2D1Workflows
Acquisitions below layer workflow, observability, and model serving on top.
Third-party tag orchestration and edge execution.
Edge TagsObservability for serverless and Worker workloads.
Workers ObservabilityReal-time collaboration primitives on top of Durable Objects.
Real-time CoordinationDatabase workflow and DX around D1.
D1 Developer Experience50,000+ production-ready AI models for Workers AI.
Workers AI Act 4
The Agentic Internet
The agentic internet needs three things Cloudflare already has: reach, control, and inevitability.
"What we're doing to help publishers empower agentic transactions is a big enough deal to us that we've begun to refer to it internally as Act Four." Matthew Prince, Q2 2025 Earnings Call
Reach
190+ GPU cities. 50ms to 95% of users.
The most distributed inference network on earth. Agents need answers at the edge, not round-trips to a region.
Control
1B+ daily crawl control responses
Cloudflare brokers access between AI companies and publishers. Permissions, pricing, and paywall enforcement in one layer.
Inevitability
80% of top AI companies already on Cloudflare
Agents visit 5,000 sites where humans visit five. The agentic internet already runs through this network.
4,000%
YoY AI inference growth
80%
of top AI cos on Cloudflare
50%+
of traffic now API-driven
Thesis
The Decade Ahead
The next decade will bring more agents than people, more inference than training, and more edge decisions than cloud round-trips. Positioned across protection, distribution, and compute, Cloudflare is not just infrastructure. It is becoming the control layer for how AI traffic is routed, executed, and monetized.
sanej.build