As organizations push AI agents from pilots into production, a common problem has surfaced: the networking and access models built for humans do not work for autonomous software.
During its Agents Week event, Cloudflare released multiple services aimed at that problem. Together, they represent the company’s effort to extend its network infrastructure layer to cover autonomous software as a first-class client alongside humans and services. Key announcements include:
- Cloudflare Mesh: A private networking service that gives AI agents, Cloudflare Workers, and devices a shared private IP space.
- Registrar API (beta): A programmatic interface for searching, checking domain availability and registering domains.
- Email Service (public beta): Bidirectional email infrastructure for agents, built on a native Workers binding, with an email MCP server.
- Agent Memory (private beta): A managed service that extracts information from agent conversations and surfaces it when relevant, without consuming context window space.
- AI Search: A hybrid vector and keyword search primitive, formerly AutoRAG, that handles indexing and retrieval without a separate pipeline.
- Artifacts (beta): Git-compatible versioned storage for agents, supporting programmatic repository creation at scale and access from any standard Git client.
- Agent Readiness Index: A scored assessment, built on Cloudflare Radar, that evaluates how well a website supports autonomous agents by checking for robots.txt, llms.txt, structured data and markdown delivery.
“The agent piece matters because agents don’t fit existing access models,” Nikita Cano, senior product manager at Cloudflare, told Network World. “They’re not humans who can do interactive auth, or long-lived services you’d put behind a static tunnel. They’re ephemeral, autonomous processes that need scoped access to private infrastructure – and you need visibility into what they’re doing once they’re connected.”
Why VPNs and SSH tunnels aren’t enough for agents
Private networking has existed for decades with core concepts like VPNs and tunnels. Those approaches work well for humans but aren’t enough for agentic AI.
Cano noted that VPNs require interactive login through human clicks, entering credentials, and maybe completing MFA. “It doesn’t work for a coding agent running autonomously on your laptop that needs to query a staging database at 2am,” Cano said.
Cloudflare Mesh aims to solve private networking issue in three ways:
- Setup: Cano explained that users go from zero to a working private network in under five minutes through a dashboard wizard, with no networking expertise required.
- Bidirectional: This means every device and server gets a private IP and can reach every other device and server, not just client-to-server, but server-to-server, device-to-device, and now Worker-to-anything.
- Developer Platform integration: A Cloudflare Worker or an agent built with the Agents SDK can reach an entire private network through a single binding in its configuration file.
“The core problem hasn’t changed: you need private resources to be reachable without exposing them to the public Internet,” Cano said. “What’s changed is who’s connecting.”
How Mesh works
Cloudflare Mesh builds on the company’s existing WARP infrastructure. The WARP Connector is now being rebranded as a Mesh node. The WARP Client becomes the Cloudflare One Client. Every enrolled endpoint gets a private IP and bidirectional reachability to every other endpoint in the account.
The key integration for agents is the Workers VPC binding. A Cloudflare Worker or an agent built with the Agents SDK gains access to the entire Mesh network through a single line in its configuration file. That binding is account-scoped, meaning a Worker in one account cannot reach Mesh nodes in another.
Cano walked through the request path.
“Worker issues a fetch() through its VPC Network binding, the request hits Cloudflare’s edge,” Cano said. “Cloudflare routes it through the Mesh network to the target private IP. The Mesh node or device at that IP receives the request and responds back through the same path.”
On visibility, Cano said every request passes through Cloudflare’s Gateway and is logged. Gateway network policies can restrict which IPs or ports are reachable, and bindings can be revoked at any time without redeploying the Worker.
Email and domain registration are now agent enabled
Setting up a domain name, or an email, has long been a somewhat manual process involving multiple steps. Cloudflare is now enabling both email and domain registrations to be handled by AI agents.
“We are giving developers access to the same workflows they previously had to click through in the dashboard to their new agent-first workflows,” Rita Kozlov, vice president of product management at Cloudflare, told Network World.
The Registrar API lets developers, or the agents working on their behalf, search for a domain, check whether it is actually available and register it, all without leaving their coding environment. It works through the Cloudflare MCP, so any agent already running in Cursor, Claude Code or a similar tool can use it without additional setup.
The Email Service adds outbound sending to a receiving capability that already existed. Agents can now get an email, spend time working on whatever the request requires, and reply when they are done rather than having to respond immediately. Replies are cryptographically tied to the agent instance that sent the original message, so they cannot be redirected to a different agent.
Giving AI agents the ability to register a domain and then send an email is a powerful and potentially dangerous capability. But it’s one that Cloudflare has tightly scoped. According to Kozlov, the permission model does not change when an agent is the one acting.
“For organizations, this means the same permissions that govern a user’s actions in the dashboard also apply to that user’s agent,” she said. “If a user or token is not authorized to send email, manage a domain, or change account settings manually, an agent acting on their behalf cannot do so either.”