Cloudflare
Cloudflare

Build Fast.
Stay Sovereign.

Clement Wong  ·  Director, Solutions Engineering COE, APAC

Every Decade, a New Infrastructure Layer Wins

// 2000s · web era

The browser was the platform

HTTP connected everything. The infrastructure layer that won was delivery: CDN, edge caching, DDoS protection. Getting fast, reliable content to users globally.

protocol: HTTP

// 2010s · api era

The API was the platform

Mobile demanded composable services. The infrastructure layer that won was connectivity: API gateways, webhooks, identity, payments. Building blocks that composed into products.

protocol: REST

// now · agent era

The agent is the platform

AI agents act, not just answer. They read data, call APIs, write to systems, and coordinate with other agents. The infrastructure layer that matters is between the model and the real world.

protocol: MCP

Each shift created new infrastructure winners, companies that owned the layer between the application and the world. Web winners became irrelevant to mobile. Mobile winners are scrambling for the agent era.

Cloudflare's conviction: The infrastructure layer for the agent era is edge compute, agent orchestration, and governance, running close to the data and governed by default.

Our Bet: What We Are and What We Are Not

// what we decided not to build

Foundation model training

Model fine-tuning infrastructure

MLOps / data science platform

Competing with OpenAI, Anthropic, or Google

These are solved problems. The market has winners. We don't need to fight there.

// what we built instead

Serverless inference at the edge, no GPU ops

Application primitives that compose into anything

Agent orchestration with persistent state

Governance and control built into the network

Nobody is training foundation models. Everybody is building on top of them.

You bring the model.  We provide everything else.

The Primitives: Building Blocks of AI Applications

// composable by design · each primitive is useful alone, powerful together

COMPUTE

Workers

Serverless code at 330+ PoPs, zero cold starts, no infra

Durable Objects

Persistent agent memory, session state, real-time sync

Workflows

Durable multi-step pipelines, retries, guaranteed execution

Workers for Platforms

Isolated sandbox per team, agency, or customer

AI

Workers AI

50+ open-source models, GPU at the edge, zero ops

Vectorize

Vector DB for embeddings, semantic search, RAG

AI Gateway

Every LLM call: logged, rate-limited, cached, auditable

Agents SDK

Stateful long-running agents with MCP client/server support

DATA

R2

S3-compatible object storage. Zero egress fees. Data stays.

D1

Serverless SQL at the edge, no connection pooling

Workers KV

Globally replicated key-value, sub-ms reads worldwide

Queues

Async messaging, decouple producer from consumer

CONTROL

Zero Trust

Identity-aware access. Already deployed. AI inherits it.

Gateway

MCP traffic control. Detect, log, block every tool call.

Workers Observability

100% log capture. No sampling, no Datadog bill.

Cloudflare Calls

WebRTC SFU/TURN without the infrastructure cost

Connected via Worker Bindings: in-process calls, no HTTP overhead, no credentials, no egress cost between primitives

How the Primitives Compose: A Government AI Agent

// end-to-end: a policy officer asks a question, an agent retrieves, reasons, and responds

01

Request

"What is the current procurement policy for cloud services?"

user / system

02

Worker

Routes request, validates Zero Trust identity, applies rate limiting

compute

03

AI Gateway

Logs request, checks budget, applies fallback policy, caches repeats

ai · control

04

Workers AI + Vectorize

Embeds query, searches document corpus, retrieves top-k passages from R2

ai · data

05

Durable Object

Holds conversation history, tracks context, schedules background tasks

compute

06

Response

Grounded answer with citations, logged and auditable, under sovereignty controls

user / system

worker.ts — all in-process, no HTTP, no credentials
const emb   = await env.AI.run('@cf/baai/bge-base-en-v1.5', { text: query })
const hits  = await env.VECTORIZE.query(emb.data[0], { topK: 5 })
const state = await env.AGENT.get(sessionId)

Every step runs on Cloudflare's network  ·  Every step is logged  ·  No data leaves your approved region

The Agentic Moment: MCP Changes Everything

// the protocol shift

Model Context Protocol (MCP)

MCP is how AI agents interact with external systems: APIs, databases, files, services. Every AI coding tool your teams use (Cursor, Claude Code, Copilot) is now an MCP client.

An MCP server is how your services become accessible to agents. Not through documentation. Through direct, programmatic tool calls.

"Getting a company's MCP server on Cloudflare is like getting their website behind Cloudflare CDN a decade ago."

// cloudflare plays both sides

B

Build: Workers is where MCP servers run

Auth baked in. State via Durable Objects. TypeScript-native. Globally deployed. Shopify, Stripe, and Anthropic are all building their MCP servers on Workers.

npm create cloudflare@latest --template mcp-server

S

Secure: Gateway is the MCP control plane

Zero Trust Gateway sees every MCP tool call, even inside encrypted traffic. Detect shadow MCP deployments, log every action, enforce approval policies before an agent executes.

The Developer Experience: Why Teams Actually Choose This

// from zero to deployed in minutes

# scaffold · develop · deploy
$ npm create cloudflare@latest my-ai-agent
  ✔ selecting template: ai-agent
  ✔ selecting language: TypeScript
  ✔ installing dependencies

$ npx wrangler dev      # local, full parity
$ npx wrangler deploy   # global in seconds
worker.ts — worker bindings, no HTTP, no credentials
const emb  = await env.AI.run(model, { text })
const hits = await env.VECTORIZE.query(emb, { topK: 5 })
const doc  = await env.R2.get(hits[0].id)
const mem  = await env.AGENT.get(sessionId)

// what this means for your teams

No infra team needed

No Kubernetes, no Docker, no IAM roles, no VPC config. Developers ship without waiting for platform ops.

Local dev matches production

wrangler dev runs the exact same runtime locally. No "works on my machine" surprises.

Governance is structural, not bolted on

AI Gateway and Zero Trust are in the path by default. Developers don't opt into governance. It's already there.

AI-generated code has a governed home

Code on Workers for Platforms gets automatic tenant isolation, SSO, and centralised observability.

What This Means for Your Organisation

// three scenarios specific to govtech · not generic use cases

scenario_01

Developer velocity without governance chaos

50 developers across 5 agencies building AI apps. No central visibility. No shared infrastructure. No audit trail.

Workers for Platforms gives each team an isolated sandbox. AI Gateway logs every model call. Central IT controls the guardrails. Teams move fast inside them.

Workers for Platforms · AI Gateway

scenario_02

AI agents that touch government data

An agent reads policy docs, queries structured data, drafts reports. What can it access? Who controls it? What did it do?

Zero Trust enforces identity-aware access. Durable Objects controls agent state. MCP Gateway logs every tool call, before it executes.

Durable Objects · Zero Trust · MCP Gateway

scenario_03

Multi-agency AI at sovereignty

Multiple agencies with separate data residency requirements, compliance postures, and audit obligations. One AI platform serving all.

R2 with regional controls. Data never leaves the approved jurisdiction. Workers AI runs inference in-region. Per-tenant isolation via Workers for Platforms.

R2 · Workers AI · Workers for Platforms

Reference Architecture: The GovTech AI Stack

// built on cloudflare primitives · inherits your existing security posture

citizen portal  ·  government officer  ·  ai developer tool (mcp client)

cloudflare network  ·  cdn + waf + ddos  ·  already deployed · already trusted

workers · routing & auth

workflows · orchestration

workers for platforms · sandboxes

ai gateway  ·  every ai call: logged · cost-controlled · cached · auditable · model fallback

workers ai / external llm

llama · mistral · openai · anthropic

vectorize + durable objects

semantic memory · agent state

r2 · documents (zero egress)

d1 · structured data

zero trust · mcp gateway

Who Is Already Building on This

// proof that the platform works at production scale

Shopify

Workers for Platforms powers checkout extensibility. Each of millions of merchants gets isolated, sandboxed compute. MCP server for commerce being built on Workers.

Workers for Platforms · MCP

Canva

Real-time collaborative features across 100M+ users powered by Durable Objects. AI image generation workflows on Workers AI.

Durable Objects · Workers AI

NYC Government

Housing Authority opened a housing waitlist for the first time in 15 years. Cloudflare handled the traffic surge with reliable, secure access at scale.

Workers · DDoS · WAF

Global Pharmaceutical Company

Internal AI developer platform. Any employee self-service deploys production apps with auto-provisioned DB, storage, SSO. 4,000+ zones. "Our second public cloud."

Workers for Platforms · Workers AI · R2

500M+ User Social Platform

53 billion requests per day on Workers. Workers Logs replaced Datadog. 100% log capture, no sampling. "Search is actually much better."

Workers · Workers Logs · Durable Objects

Leading Management Consulting Firm

AI Gateway deployed firm-wide. Full visibility into every LLM call across all providers and teams. Identified shadow AI usage within 48 hours.

AI Gateway · Zero Trust

78% of the world's top 50 generative AI products run on Cloudflare

59% of top AI companies use Workers beyond DNS

Three Ways to Start

// no big-bang migration · prove value incrementally · each starts on the network you already trust

1

AI Gateway

Point your existing LLM calls at Cloudflare AI Gateway. One endpoint change. Immediate visibility across all providers: who is calling what, at what cost, with what prompts.

gateway.ai.cloudflare.com/v1/
{account}/{gateway}/openai

time_to_value: < 1 day

2

AI Agent on Workers

Build one AI agent on Cloudflare's stack: Workers, Durable Objects, Vectorize, AI Gateway. Pick a real internal use case. Ship it. Use it as the reference for everything that follows.

A policy Q&A agent or internal document search is a natural first candidate. Concrete value, low risk, fully demonstrable.

time_to_value: 2–3 weeks

3

Developer Platform

Deploy Workers for Platforms as the governed sandbox for your AI-building teams. Each team or agency gets isolated compute, storage, and database, auto-provisioned, SSO-gated, centrally auditable.

The pattern the pharmaceutical company used. The foundation for an internal AI platform that scales across the whole organisation.

time_to_value: 3–4 weeks

let's talk about your environment

Four Questions to Open the Conversation

// the_agent_shift

Where do you see AI agents (not chatbots, but agents that take real actions) emerging in your organisation today?

// governance_posture

When an AI agent calls an API or reads a document in your environment today, is that visible? Logged? Controlled?

// build_vs_buy

What's your current approach to AI application infrastructure: rolling your own, using managed cloud services, or something in between?

// the_one_thing

If there's one AI infrastructure problem you'd solve this quarter, what would it be?

Cloudflare