← All blog posts 6 min readcommunity

Cloudflare Agents Week 2026: every announcement explained

By Koenig AI Academy Editorial Team · April 30, 2026 · Reviewed by Koenig AI Academy editors
What you'll learn
  • Understand the architectural transition from human-centric to agent-centric web infrastructure.
  • Identify the 22+ key features shipped during Cloudflare Agents Week 2026.
  • Explain the role of RFC 9728 in enabling secure agent authentication.

Cloudflare Agents Week is a week-long series of product announcements and platform updates designed to transform the internet from a human-centric network into an "agent-ready" ecosystem. Between April 13 and April 17, 2026, Cloudflare shipped 22+ features that address the fundamental bottlenecks of AI agent deployment: identity, compute, storage, and discoverability.

The week’s announcements represent a significant architectural bet: that AI agents are not just another bot to be blocked, but a new class of first-class citizens requiring their own security primitives and infrastructure. By moving beyond simple "bots vs. humans" detection, Cloudflare is positioning itself as the connectivity cloud for the autonomous era.

_6 min read_

Key facts 22+ features shipped across identity, compute, storage, and communication layers. Managed OAuth (RFC 9728) allows agents to authenticate against internal apps without service accounts. Dynamic Workers & Sandboxes GA provide secure environments for agents to execute untrusted code. Artifacts & AI Search offer Git-compatible storage and RAG-as-a-service primitives for agent memory. AI Gateway expanded to support 14+ providers with unified billing and observability [7]. Agent Readiness Score (isitagentready.com) launched to audit websites for AI compatibility.

Identity: Solving the "Confused Deputy" problem For years, agents have been forced to operate in the shadows, using insecure service accounts or hardcoded tokens to access internal data. During Agents Week, Cloudflare introduced Managed OAuth for Access, an implementation of the emerging RFC 9728 standard [1].

This standard allows agents to dynamically discover how to authenticate against a protected URL. Instead of an agent "laundering" its actions through a generic service account, it now follows a standard OAuth 2.0 flow, prompting the human operator for consent. This ensures that every action an agent takes is cryptographically tied to the user’s identity, solving the "confused deputy" problem where an agent might be tricked into exceeding its intended authority.

This architectural shift aligns with the glossary/mcp|Model Context Protocol (MCP), which now requires RFC 9728 support for secure tool-use. By enabling this on all Cloudflare Access applications, thousands of legacy internal apps—from wikis to HR portals—become "agent-ready" instantly without code changes.

Compute: Dynamic Workers and the GA of Sandboxes Agents that can only talk are limited; agents that can act are transformative. However, giving an AI model the ability to write and run code is a security nightmare. Cloudflare solved this by moving Sandboxes to General Availability and introducing Dynamic Workers [2].

Dynamic Workers allow developers to spawn lightweight, short-lived compute instances on the fly. Unlike traditional Workers that require a deployment step, Dynamic Workers can be created from a string of code generated by an LLM. When combined with Sandboxes, these agents can execute untrusted code—such as data analysis scripts or API integrations—within a hardened environment that has no access to the host's sensitive data.

Storage: Memory that speaks Git One of the hardest parts of building agents is state management. How does an agent remember its progress across sessions? Cloudflare’s answer is Artifacts, a versioned storage system that speaks the Git protocol [3].

Artifacts allows agents to create tens of millions of repositories for code, data, and state. Because it is Git-compatible, any standard Git client (or another agent) can fork, pull, or push to these repositories. This provides a clear "handoff" mechanism between human developers and AI collaborators. Combined with the new AI Search primitive [4], which provides RAG-as-a-service for dynamic file indexing, agents now have a sophisticated long-term memory stack.

Communication: Markdown and Multi-channel Cloudflare also introduced Markdown for Agents, a content negotiation standard where servers can return text/markdown when they detect an agent [5]. This significantly reduces the token cost of "scraping" by delivering clean, structured data instead of messy HTML.

Agents are also becoming multi-channel. The launch of Email for Agents in public beta allows AI agents to send, receive, and process email natively. Whether it's Agent Lee managing your Cloudflare dashboard via prompt or Browser Run giving agents a "human-in-the-loop" interface to complex web apps, the interface for interacting with the web is shifting from clicks to outcomes — a shift Cloudflare frames as Project Think, its umbrella vision for an agent SDK that spans these surfaces [6].

The Contrarian Angle: The End of "Bot Management"? The non-obvious bet Cloudflare is making is that Bot Management as we know it is dead. Historically, Cloudflare’s value was in blocking non-human traffic. By launching isitagentready.com and promoting agent standards, they are now encouraging the opposite: making your site easier for the "right" bots to crawl and interact with.

The risk is that by lowering the friction for agents, Cloudflare might inadvertently accelerate the "scraping wars." However, their architectural through-line suggests they believe that accountability, not blocking, is the solution. If an agent presents a valid RFC 9728 token, it isn't an "unwanted bot"—it's a customer's authorized representative.

Runnable Example: The Agent-Ready Worker Here is how you can use the new Dynamic Workers and AI Gateway to build an agent that executes code safely.

▶ Interactive prompt cell (full demo on lesson pages)

```typescript // wrangler.toml bindings required: // ai_gateway binding = "GATEWAY" id = "my-agent-gateway" // worker_loader binding = "LOADER" // Docs: https://developers.cloudflare.com/workers/runtime-apis/bindings/worker-loader/

interface Env { GATEWAY: Fetcher; // AI Gateway binding — unified multi-provider access LOADER: WorkerLoader; // Dynamic Worker Loader — V8 isolate sandbox, ~ms cold-start ACCOUNT_ID: string; }

export default { async fetch(request: Request, env: Env): Promise<Response> { const url = new URL(request.url); const userPrompt = url.searchParams.get("prompt") ?? "Revenue is $120/unit, 847 units sold, COGS is 38%. Return gross profit.";

// 1. AI Gateway: route through the unified inference layer (14+ providers, one URL) // Swap "anthropic" for "openai", "google-ai-studio", etc. with no other changes. const gatewayRes = await fetch( https://gateway.ai.cloudflare.com/v1/${env.ACCOUNT_ID}/my-agent-gateway/anthropic/v1/messages, { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ model: "claude-sonnet-4-6", max_tokens: 512, messages: [ { role: "user", content: Return ONLY valid JavaScript — no markdown, no prose. + Export an async function named run() that computes: ${userPrompt}. + The function must return the numeric result as a string., }, ], }), } ); const { content } = (await gatewayRes.json()) as { content: { text: string }[] }; const generatedCode = content[0].text;

// 2. Dynamic Worker Loader: execute LLM-generated code in an isolated V8 sandbox. // globalOutbound: null blocks all egress — the sandbox cannot reach the internet. const sandbox = env.LOADER.load({ compatibilityDate: "2026-04-01", mainModule: "task.js", modules: { "task.js": [ generatedCode, export default {, async fetch() { return new Response(String(await run())); }, };, ].join("\n"), }, globalOutbound: null, });

const sandboxRes = await sandbox .getEntrypoint() .fetch(new Request("https://internal/run")); const result = await sandboxRes.text();

return Response.json({ prompt: userPrompt, result, model: "claude-sonnet-4-6" }); }, }; ```

✓ Knowledge check (interactive on lesson pages)

Related content [[course/claude-tool-use-from-zero/07-creative-connectors|Claude Tool Use: Creative Connectors]] blog/2026-04-30-anthropic-creative-connectors|Anthropic ships Creative Connectors for Agent SDK * glossary/mcp|Glossary: Model Context Protocol

Further Reading [1] Managed OAuth for Access — https://blog.cloudflare.com/managed-oauth-for-access/ · retrieved 2026-04-30 [2] Dynamic Workers & Sandboxes — https://blog.cloudflare.com/dynamic-workers/ · retrieved 2026-04-30 [3] Artifacts: Git for Agents — https://blog.cloudflare.com/artifacts-git-for-agents-beta/ · retrieved 2026-04-30 [4] AI Search Primitive — https://blog.cloudflare.com/ai-search-agent-primitive/ · retrieved 2026-04-30 [5] Agent Readiness & Markdown — https://blog.cloudflare.com/agent-readiness/ · retrieved 2026-04-30 [6] Project Think: The Agent SDK — https://blog.cloudflare.com/project-think/ · retrieved 2026-04-30 [7] AI Platform: 14+ providers — https://blog.cloudflare.com/ai-platform/ · retrieved 2026-04-30

References

  1. Managed OAuth for Access — Cloudflare Blog· retrieved 2026-04-30
  2. Project Think: The Agent SDK — Cloudflare Blog· retrieved 2026-04-30
  3. Dynamic Workers — Cloudflare Blog· retrieved 2026-04-30
  4. Agent Readiness — Cloudflare Blog· retrieved 2026-04-30
  5. Artifacts: Git for Agents Beta — Cloudflare Blog· retrieved 2026-04-30
  6. AI Search Agent Primitive — Cloudflare Blog· retrieved 2026-04-30
  7. AI Platform — Cloudflare Blog· retrieved 2026-04-30