How a San Francisco startup became the indispensable backbone of global connectivity — and why it matters more than ever to Singapore
Introduction: The Internet’s Quiet Guardian
Every time you load a webpage, stream a video, or log into a work application, there is a reasonable chance that your data has passed through infrastructure you have never heard of. Cloudflare, Inc. — traded on the New York Stock Exchange under the ticker NET — operates one of the most consequential networks on the planet, yet it remains largely invisible to the billions of people whose digital lives it shapes daily. Founded in 2009 by Matthew Prince, Lee Holloway, and Michelle Zatlyn, the company went public in 2019 and has since evolved from a niche content delivery and security tool into what it now calls a “connectivity cloud”: a unified platform that accelerates performance, enforces security, and increasingly powers the next generation of artificial intelligence applications — all from the edge of the internet.
By early 2026, Cloudflare serves millions of customers across more than 100 countries, handles approximately 45 million HTTP requests per second, and operates a global network with 477 terabits per second of capacity. Its FY 2025 revenue reached $2.17 billion — a 30% year-on-year increase — with gross margins holding at a formidable 77%, reflecting the efficiency of its software-defined infrastructure. For Singapore and Southeast Asia, Cloudflare is not merely a technology vendor. It is a critical piece of the regional internet’s connective tissue, with implications that extend from fintech resilience to national cybersecurity strategy.
Part I: What Cloudflare Actually Does
The Edge Network Explained
To understand Cloudflare’s power, one must first understand the concept of the “edge.” Traditional internet architecture routes user requests across long distances to centralised data centres, introducing latency — that critical milliseconds-long delay between action and response. Cloudflare’s approach is different: by operating hundreds of data centres strategically positioned in major internet exchange points around the world, it places its services as physically close to end users as possible. This “edge computing” model means that security checks, content delivery, and even computational workloads can be executed locally, dramatically reducing latency and improving the end-user experience.
The company’s network spans more than 330 cities globally, and its anycast routing technology ensures that user traffic is automatically directed to the nearest available point of presence. This architecture underpins virtually every product and service Cloudflare offers.
Content Delivery and Performance
Cloudflare’s origins lie in content delivery — the practice of caching and serving web content from locations close to users. Its Content Delivery Network (CDN) remains a foundational offering, used by websites ranging from small personal blogs to Fortune 500 enterprises. Beyond simple caching, Cloudflare’s CDN integrates Argo Smart Routing, which uses real-time network intelligence to route traffic along the fastest available internet paths, bypassing congestion and avoiding degraded routes. For businesses serving global audiences, the performance gains can be substantial.
The company also pioneered support for modern transport protocols, including HTTP/3 and QUIC, which are particularly beneficial for mobile users in latency-sensitive environments — a highly relevant consideration for Southeast Asia’s predominantly mobile-first internet population.
DDoS Mitigation: Defence at Scale
Distributed Denial of Service (DDoS) attacks — in which adversaries flood a target with overwhelming volumes of malicious traffic — have grown dramatically in scale and sophistication. Cloudflare’s network capacity and global footprint make it uniquely positioned to absorb and neutralise these attacks. In August 2025, the company blocked what was then the largest publicly recorded DDoS attack, peaking at 11.5 terabits per second. That record was surpassed just four months later, in December 2025, when an Aisuru botnet launched a 31.4 terabits-per-second campaign against telecommunications companies in a campaign Cloudflare dubbed “The Night Before Christmas.” The company’s ability to absorb attacks at this scale without disruption is a testament to its network’s capacity — and a sobering illustration of how the global threat landscape continues to escalate.
Its Web Application Firewall (WAF) complements DDoS protection by filtering malicious HTTP traffic, blocking SQL injection, cross-site scripting, and the vulnerabilities catalogued in the OWASP Top 10. The WAF is continuously updated with new threat signatures, benefiting all customers simultaneously — a significant advantage of Cloudflare’s shared intelligence model, where data from millions of protected websites informs defences across the entire network.
Zero Trust and the End of the Perimeter
For decades, enterprise security operated on a “castle-and-moat” model: establish a secure perimeter, trust everything inside it, and distrust everything outside. The shift to cloud computing, remote work, and distributed applications has rendered this model obsolete. Cloudflare’s Zero Trust platform — marketed as Cloudflare One — replaces the perimeter with identity-based access controls applied to every individual request, regardless of where the user or application is located.
Cloudflare One is built on the Secure Access Service Edge (SASE) framework, integrating network connectivity with security services in a single cloud-delivered platform. Key components include Cloudflare Access, which provides granular, least-privilege access to internal applications and infrastructure without requiring a traditional VPN; Cloudflare Gateway, which enforces web filtering and DNS security policies; and CASB (Cloud Access Security Broker) capabilities that scan SaaS applications for misconfigurations and sensitive data exposure. Enterprises like Discord have publicly cited Cloudflare One’s Zero Trust approach as central to their internal security architecture.
Part II: Cloudflare in the Age of Artificial Intelligence
From Infrastructure to AI Platform
Cloudflare’s most significant strategic evolution in recent years is its transformation from a security and performance company into a comprehensive platform for building, securing, and deploying artificial intelligence applications. This shift is not merely cosmetic — it reflects a fundamental recognition that the infrastructure requirements of the AI era are distinct from those of the preceding cloud era. AI applications demand extremely low latency inference, global distribution, and robust security at every layer of the stack.
Workers AI is Cloudflare’s flagship offering in this space. Launched in 2023, it allows developers to run machine learning models within milliseconds of users by leveraging Nvidia GPUs distributed across Cloudflare’s global network. In 2025, the company introduced the “Infire Engine,” a breakthrough inference optimizer built in Rust that enables large language models to run on edge GPUs without the “cold starts” — delays associated with spinning up new compute instances — that plague competing approaches. This significantly reduces latency for real-time AI applications such as chatbots, recommendation systems, and autonomous agents.
The company’s acquisition of Replicate, announced in November 2025, further extends its AI platform capabilities. Replicate is a San Francisco-based platform that enables developers to run, fine-tune, and deploy open-source machine-learning models via an API without managing infrastructure. Combined with Cloudflare’s edge network, this acquisition positions the company to offer a seamless, globally distributed model deployment environment.
In January 2026, Cloudflare acquired Human Native, an AI data marketplace that brokers transactions between developers and content creators — a strategic move that addresses one of the most contentious issues in the AI industry: the fair compensation of human-generated data used to train AI models.
Securing AI: Firewall for AI and AI Gateway
As enterprises rush to adopt generative AI tools, they face a new category of security risk. Employees submitting sensitive proprietary data to consumer AI chatbots, AI models being manipulated through adversarial “prompt injection” attacks, and the proliferation of unsanctioned “shadow AI” applications within organisations — these threats require security controls purpose-built for the AI context.
Cloudflare has responded with a suite of AI-specific security products. Firewall for AI applies Cloudflare’s WAF technology to AI applications, blocking malicious prompts and detecting attempts to extract sensitive data before they reach underlying models. It integrates with Llama Guard to detect and block harmful or toxic content, and can identify “shadow AI” endpoints — AI applications added to an organisation’s infrastructure without security team oversight. The product is model-agnostic, meaning it can protect custom-built AI applications as readily as deployments using third-party models from OpenAI, Anthropic, or Google.
AI Gateway provides observability and caching for AI API calls, enabling organisations to monitor how AI models are being used, control costs through intelligent caching of repeated queries, and enforce usage policies. Its integration with Llama Guard enables administrators to set granular rules governing acceptable AI interactions.
AI Prompt Protection, launched in August 2025 as part of the Cloudflare One Zero Trust platform, allows security teams to monitor and intercept sensitive data — such as source code or customer records — before it is submitted to AI models, enforcing data governance without blocking AI adoption entirely.
MCP Server Portals, released in open beta in 2025, enable organisations to centrally manage, secure, and observe every connection to Model Context Protocol servers — the emerging standard for connecting AI agents to external tools and data sources. This makes Cloudflare a critical control plane for the emerging world of agentic AI.
The Agentic Internet
Perhaps the most consequential aspect of Cloudflare’s AI strategy is its positioning for the “agentic internet” — a paradigm in which autonomous AI agents, rather than human users, generate the majority of internet traffic. Cloudflare’s Workers platform, its developer-facing serverless compute environment, is increasingly used to build and deploy AI agents that operate entirely at the edge. The proliferation of AI agents demands exactly the infrastructure Cloudflare excels at providing: low-latency, secure, globally distributed compute that scales elastically with demand. Analysts at RBC Capital Markets noted that this trend structurally benefits Cloudflare, as AI agents require the kind of edge-proximate, rapidly scalable inference that the company’s network uniquely provides.
Part III: The Business of Internet Infrastructure
Financial Profile and Growth Trajectory
Cloudflare’s financial trajectory tells a story of disciplined hypergrowth. From its 2019 IPO, the stock has appreciated by over 1,400% to early 2026, though it remains approximately 15% below its speculative peak reached during the 2021 technology bubble. Its FY 2025 performance — $2.17 billion in revenue at 30% growth — demonstrated that the company is converting its technological leadership into durable commercial momentum. The 77% gross margin reflects the economics of a software-defined network: once the infrastructure is built, serving additional customers generates minimal incremental cost.
The company’s enterprise go-to-market motion, led by President of Revenue Mark Anderson (formerly of Alteryx), has focused on “landing and expanding” within Fortune 500 accounts — winning initial contracts with one product and progressively expanding into the broader platform. Chief Strategy Officer Stephanie Cohen, a 2024 hire from Goldman Sachs, has been tasked with translating Cloudflare’s technical capabilities into the financial world’s investment and procurement frameworks.
Sands Capital Management’s Technology Innovators Fund, in its Q4 2025 investor letter, highlighted the structural dynamics driving Cloudflare’s growth: cyberattacks have become more frequent, more costly, and more sophisticated; the migration of workloads to cloud expands the attack surface; and security has shifted from a discretionary budget item to a core operating requirement. These dynamics benefit Cloudflare disproportionately, given the breadth and integration of its platform.
Competitive Positioning
Cloudflare’s primary competitive advantage is the architectural integration of its platform. While individual components — CDN, WAF, DDoS protection, Zero Trust, edge compute — have specialist competitors, no single vendor combines all of these capabilities on a unified, globally distributed network with comparable scale. This platform coherence reduces vendor complexity for enterprise customers and creates significant switching costs once an organisation is deeply integrated into the Cloudflare ecosystem.
The company’s adoption of post-quantum cryptography — becoming one of the first providers to enable post-quantum encryption by default for all users in 2024 — illustrates its habit of addressing emerging threats ahead of the market curve. As quantum computing advances and threatens current encryption standards, Cloudflare’s early adoption positions it favourably with security-sensitive enterprise and government customers.
Part IV: Singapore and Southeast Asia
Singapore as Regional Hub
Singapore has served as one of Cloudflare’s most strategically important Asia-Pacific hubs since the company established its Singapore data centre as its 12th global facility. Today, the Singapore point of presence (designated SIN in Cloudflare’s operational nomenclature) is a critical node in the regional network, handling traffic flows across Southeast Asia and serving as an interconnection point for subsea cables that carry data between Asia, the Middle East, and Europe. The facility undergoes regular maintenance and capacity upgrades — reflecting its importance to the regional architecture.
The Singapore data centre’s strategic value extends beyond its own borders. As a regional internet exchange hub, it provides connectivity benefits to users across Indonesia, Malaysia, Thailand, Vietnam, and the Philippines. The latency improvements delivered by Cloudflare’s Singapore presence are particularly meaningful for the region’s mobile-first internet population, for whom every millisecond of loading time translates directly into user experience and commercial outcomes.
Singapore’s Digital Economy and the Cloudflare Imperative
Singapore’s digital economy is among the most advanced in the world. According to IMDA’s Singapore Digital Economy Report 2025, the digital economy contributed S$128.1 billion — approximately 18.6% of national GDP — in 2024, with a compounded annual growth rate of 11.2% between 2018 and 2023. Over 95% of SMEs have adopted at least one digital technology, and tech employment has grown to 214,000 workers, with median monthly wages of S$7,950 — significantly above the national non-tech median.
This digitisation creates both opportunity and exposure. The Singapore Police Force’s Mid-Year Scams and Cybercrime Brief 2024 recorded a 18% increase in scams and cybercrime incidents in the first half of the year, with total monetary losses reaching at least US$385.6 million in the same period. Singapore ranked 8th globally as a threat source destination in 2024, and Cloudflare’s own Radar data placed Singapore 7th globally as a source location for Application Layer Attacks in 2025. These figures underscore the urgency of robust cybersecurity infrastructure — and the role that platforms like Cloudflare play in providing it.
The Singapore cybersecurity market was estimated at US$574.4 million in 2025 and is projected to grow to US$773.2 million by 2029, at a CAGR of 7.72%. Singapore’s Cybersecurity Act, amended in 2024 to expand regulatory oversight to new categories of digital infrastructure, further elevates the compliance imperative for enterprises relying on cloud and edge security providers.
The AI Threat Landscape in the Region
Cloudflare’s APAC Field CTO Nan Hao Maguire, presenting regional data in early 2026, painted a striking picture of the evolving threat environment. More than half of the top 10 source countries for DDoS attacks globally are located in Asia. Bots account for 31% of all internet traffic on Cloudflare’s network, and 60% of all internet traffic is API-based — a significant shift from the web browsing paradigm of a decade ago. Traffic to generative AI services grew by 251% in 2025 alone, and DDoS attacks against leading AI companies surged by 347% month-on-month in September 2025 as regulatory and public scrutiny of AI intensified.
For Singapore enterprises, these trends have immediate practical implications. Fintech platforms, government digital services, e-commerce operators, and healthcare providers all rely on the same global infrastructure that is increasingly under sophisticated, AI-augmented attack. Cloudflare’s position as a provider that both delivers AI capabilities and secures them creates a virtuous loop — its network intelligence, derived from protecting millions of sites globally, continuously improves the effectiveness of its security products for every customer.
Infrastructure Dependency: A Structural Vulnerability
The two major Cloudflare outages of late 2025 — a November incident caused by a bug in bot management logic, and a December incident triggered by a WAF update — revealed a structural characteristic of the modern internet that Singapore’s digital economy cannot afford to ignore. Because Cloudflare’s infrastructure is so pervasively integrated into global web operations, even brief disruptions propagate almost instantaneously across continents.
During the November outage, cloud-based collaboration tools and enterprise SaaS platforms across Singapore, Japan, and South Korea experienced significant slowdowns. SMEs using cloud-hosted tools for operations, logistics, and commerce faced service interruptions. The incidents highlighted a critical question for the region: can Southeast Asia’s rapid digital growth be sustained if it continues to depend so heavily on infrastructure it does not build or control?
This question has gained particular salience in the context of Singapore’s data centre moratorium of 2019-2022, which prompted cloud operators to expand into neighbouring markets. Malaysia’s Johor state has emerged as the region’s fastest-growing data centre hub, and the Johor-Singapore Special Economic Zone presents compelling infrastructure opportunities. The diversification of regional digital infrastructure — while leveraging Cloudflare’s global network for security and performance — may be the most prudent path for enterprises seeking both resilience and capability.
Use Cases Across Singapore’s Economy
Financial Services: Singapore’s MAS-regulated financial institutions operate under stringent technology risk management requirements, including the FSM-N21 Notices on Technology Risk Management and FSM-N06 Notices on Cyber Hygiene. Cloudflare’s Zero Trust platform provides the granular access controls, identity verification, and API security that financial institutions require to meet these obligations while supporting digital banking innovation. Real-time payments platforms and retail trading applications, which demand microsecond-level reliability, benefit from Cloudflare’s low-latency edge network.
Government and Public Sector: Singapore’s Smart Nation initiative has produced extensive digital public infrastructure, including Singpass, GovTech services, and the growing suite of government-to-citizen digital services. These systems are high-value targets for adversarial actors, and the security assurance provided by WAF, DDoS protection, and Bot Management is a critical component of their operational resilience.
Technology Startups and Developers: Singapore’s startup ecosystem — one of the most vibrant in Southeast Asia — relies heavily on cloud-native architectures. Cloudflare’s free tier, which provides meaningful CDN and security capabilities at no cost, has been a foundational resource for early-stage companies. As startups scale, Cloudflare’s Workers platform provides a serverless compute environment for deploying globally distributed applications without the operational overhead of managing infrastructure. For AI-native startups, Workers AI provides access to inference capabilities on Cloudflare’s edge GPU network.
Media and E-Commerce: Singapore’s status as a regional media hub means that platforms distributing video, news, and entertainment content across Southeast Asia benefit significantly from Cloudflare’s CDN capabilities. E-commerce platforms, which are acutely sensitive to page load times — with research consistently linking loading speed to conversion rates — similarly benefit from the performance optimisations delivered by Cloudflare’s edge network.
Part V: Looking Forward
The Post-Quantum Horizon
Cryptography underpins the security of virtually every digital transaction. The emergence of quantum computers capable of breaking current encryption standards — RSA, ECDSA, and related algorithms — represents a long-horizon but existential threat to the internet’s security infrastructure. Cloudflare’s early adoption of post-quantum encryption standards, enabling it by default for all users in 2024, provides a degree of “harvest now, decrypt later” protection: even if adversaries are currently collecting encrypted traffic with the intention of decrypting it once quantum computers mature, traffic protected by post-quantum algorithms will remain secure.
For Singapore, where financial, governmental, and strategic data flows through the same internet infrastructure as commercial traffic, post-quantum cryptographic readiness is a national security consideration, not merely a technical one.
The Agentic Future and Cloudflare’s Role
The transition from a human-driven internet to one increasingly populated by AI agents will reshape every aspect of digital infrastructure. Cloudflare’s investments in agent-friendly infrastructure — MCP Server Portals for secure agent connectivity, Workers AI for distributed inference, AI Gateway for observability — position it as the infrastructure layer of the agentic internet. As Singapore’s enterprises adopt AI agents for customer service, logistics optimisation, financial analysis, and regulatory compliance, the infrastructure these agents run on becomes as strategically important as the models themselves.
The Regulatory Dimension
Cloudflare’s 2025 China strategy — a partnership with JD Cloud to navigate the 2026 CSL (China Cybersecurity Law) amendments — illustrates the increasingly complex regulatory geography in which global internet infrastructure companies must operate. For Singapore, which has positioned itself as a neutral, rule-of-law jurisdiction attractive to both Western and Asian technology companies, Cloudflare’s ability to operate across regulatory jurisdictions is a complementary advantage. Singapore-headquartered enterprises with operations across ASEAN — subject to a patchwork of data localisation laws, cyber notification requirements, and privacy regulations — benefit from a provider with the regulatory sophistication to operate compliantly across all of these environments.
Conclusion: The Infrastructure Underneath Everything
Cloudflare is one of those rare companies whose importance is inversely proportional to its public visibility. It does not make the devices people use, nor the applications they run, nor the content they consume. What it does — often invisibly, always at scale — is make the connections between those things faster, safer, and more reliable. In an era when cyberattacks are growing in frequency and sophistication, when AI is reshaping both the capabilities and the threats of the digital world, and when the stakes of digital infrastructure have never been higher, that role has never been more consequential.
For Singapore — a city-state that has staked its economic future on being Asia’s premier digital hub — Cloudflare is not merely a vendor. It is a foundational layer of the infrastructure upon which the Smart Nation is being built. Understanding what Cloudflare does, how it works, and where it is strategically positioned is not just useful for technology professionals. It is essential knowledge for anyone seeking to understand the architecture of the modern digital economy.