Cloudflare Leverages AI for Code Review, Finds Critical Security Flaws

May 18, 2026 22:02 /MEDIUM

Written by SCW Threat Desk Threat Intelligence

SCW israelcloud

Cyber News - Erez Dasa highlighted Cloudflare’s recent findings on using AI agents for code review. Over a 30-day period, Cloudflare executed 131,246 code scans across tens of thousands of pull requests (PRs) within thousands of repositories. The average scan time was a mere 3.5 minutes, with an average cost of $1.19 per scan.

From a security perspective, these AI agents identified a substantial 11,985 security findings, of which 484 were categorized as critical. This demonstrates the potential of AI to rapidly surface a high volume of security issues, acting as an effective first-pass filter in the development pipeline.

Despite these successes, Cloudflare emphasizes that AI is not yet a perfect substitute for human review. Cyber News - Erez Dasa noted Cloudflare’s caution that AI agents struggle with understanding broader architectural implications. This limitation underscores the need for human oversight, especially when evaluating complex system interactions and potential design-level vulnerabilities that AI might miss.

What This Means For You

If your organization is considering or already implementing AI for code review, understand its current limitations. While AI can significantly accelerate the identification of low-hanging fruit and common vulnerabilities, it lacks the architectural context and nuanced understanding of a seasoned human reviewer. Do not rely solely on AI for critical security assessments; maintain a robust human-led code review process for high-impact changes and architectural decisions.

What This Means For You

Related coverage on Cloudflare

Lapsus$ Claims Checkmarx Breach, Google Adjusts Bug Bounty, Blackwater Hits Hospitals

Ransomware Costs Spike: VPNs and SonicWall Exploited

Unmanaged Identities Fuel Cloud Breaches; DDoS Services Dismantled