Cloudflare came to RSAC 2026 as a Platinum sponsor, one tier below the headline names. That positioning understates what the company is actually doing in the security market. The announcements Cloudflare made around the conference, taken individually, look like incremental product updates. Read together against the company's five-year trajectory, they are something else: a methodical expansion of a single platform into territory that used to belong to a long list of independent vendors.
What Cloudflare Actually Announced
The two substantive product moves timed around RSAC are worth examining on their own terms before zooming out. First, AI Security for Apps reached general availability on March 11. The product sits in front of AI-powered applications as a reverse proxy layer, regardless of which model or hosting provider the application uses. It automatically identifies large language model-powered endpoints across web properties, including applications that do not have a chat interface, such as product search tools, recommendation engines, and property valuation tools. The detection system analyzes how endpoints behave rather than what they are named, which matters because most AI-powered applications in production do not follow predictable URL patterns. Cloudflare also made AI endpoint discovery free for every customer on all plan tiers, including Free, Pro, and Business. That pricing move deserves attention: removing the cost barrier for discovery is how a platform establishes itself as the default starting point for a new security category.
Second, Cloudflare One is now positioned as what the company describes as the first Secure Access Service Edge platform to secure connections to Model Context Protocol servers. The MCP Server Portal centralizes all MCP request logs, enforces least-privilege access by authenticating every user and agent connection by identity, and aggregates all MCP servers behind a single unified endpoint. That last point has real operational weight. Organizations deploying agentic workflows are currently managing individual MCP server configurations as a manual process. Centralizing that into an existing Zero Trust control plane changes the operational burden significantly.
Cloudflare also joined the Cloud Security Alliance's new CSAI Foundation launch at RSAC, alongside IBM and Wiz partnerships that extend AI Security for Apps into their cloud ecosystems. These are distribution moves as much as technology moves.
The Turf Expansion Pattern
Understanding what Cloudflare is doing at RSAC requires stepping back to where the company started. Cloudflare began as a content delivery network and distributed denial-of-service protection provider. That is still the infrastructure foundation. But look at what now lives inside Cloudflare One: Zero Trust Network Access, Secure Web Gateway, Cloud Access Security Broker, Network-as-a-Service, Firewall-as-a-Service, Remote Browser Isolation, Data Loss Prevention, email security, and digital experience monitoring. AI security and post-quantum cryptography are composable additions to that same platform. Each of those categories was once a standalone market with dedicated vendors.
2020 — Zero Trust network access via Cloudflare Access
2022 — Email security via Area 1 acquisition
2023 — Remote Browser Isolation, DLP, CASB unified into Cloudflare One
2025 — MCP Server Portals added to SASE platform
2026 — AI Security for Apps GA; MCP governance at RSAC
The critical distinction in how Cloudflare built this platform is that most of these capabilities were developed natively on the same network rather than assembled through acquisitions that were later integrated. Every security function runs on every point of presence across the global network. That architecture means the platform does not have the consistency gaps that typically appear when a security vendor stitches together acquired products under a unified dashboard. An existing Cloudflare customer adding AI Security for Apps or MCP governance does not encounter a different control plane, a different identity layer, or a different policy engine. It is the same system they already manage.
What This Means for Existing Customers
For a chief information officer or chief technology officer already running Cloudflare for content delivery, DDoS protection, or Zero Trust access, the calculus around new security categories has changed. The question is no longer only which best-of-breed vendor to evaluate for email security, or browser isolation, or AI prompt inspection, or MCP governance. The question is whether the Cloudflare platform already covers it at sufficient depth, and whether the integration value of staying on one control plane outweighs the marginal capability advantage of a specialist tool.
This is good news for Cloudflare's existing customer base. The cost and complexity of evaluating, procuring, and managing a separate point solution disappears when an adequate version of that capability is already inside a platform they trust and have already deployed. The consolidation benefit is real. Managing one control plane instead of eight is not a minor convenience. It is a meaningful reduction in operational overhead, and for security specifically, it reduces the policy gaps that appear at the seams between disconnected tools.
What This Means for Niche Vendors
The harder story belongs to vendors operating in categories Cloudflare has entered or is entering. Standalone Remote Browser Isolation specialists, standalone email security vendors competing primarily on phishing detection, standalone Cloud Access Security Broker tools, standalone AI prompt inspection startups, and now the emerging class of MCP security point solutions are all exposed to the same competitive dynamic. Cloudflare does not need to be better than the specialist on every dimension. It needs to be good enough that a buyer who already runs Cloudflare infrastructure sees no reason to add another vendor relationship.
The vendors most immediately at risk from the RSAC announcements are the ones building standalone MCP security products. Cloudflare just made MCP governance a native feature of an established Secure Access Service Edge platform with an existing enterprise customer base. A startup whose entire product does what MCP Server Portals now do inside Cloudflare One faces a structural problem that no amount of feature development solves cleanly. The same logic applied to Remote Browser Isolation vendors when Cloudflare added that capability, and to standalone Cloud Access Security Brokers before that.
Cloudflare does not need to win on every dimension. It needs to be present enough that buyers already on the platform never reach the stage of evaluating an alternative.
The Constraint Worth Watching
Cloudflare's platform breadth creates its own risk. A platform that covers many categories at depth requires enterprise buyers to trust it at depth. Email security, DLP, and browser isolation carry significant operational dependencies. A misconfiguration or outage in a unified platform affects more of the security stack simultaneously than a point solution failure would. Cloudflare experienced two global outages in the 2024 to 2025 period and declared an internal program called Code Orange to address the underlying causes. For buyers considering consolidation onto a single platform, that history matters. The integration benefit is real, but so is the concentration risk.
The second constraint is enterprise sales maturity. Cloudflare built its customer base through developer adoption and self-serve growth. Selling platform consolidation to a large enterprise requires different conversations, different relationships, and different support structures. The company has been building out its enterprise motion, but the organizations most likely to consolidate onto a unified security platform are also the ones that require the most rigorous evaluation of vendor depth, support quality, and long-term roadmap credibility.
The question a technology leader needs to answer about Cloudflare is not whether the platform is technically capable. The announcements at RSAC 2026 confirm that it is moving credibly into AI and agentic security, categories that are now central to enterprise security strategy.
The question is whether Cloudflare's platform breadth has reached the point where it is the correct first evaluation for a new security requirement, rather than a secondary consolidation consideration. For organizations already running Cloudflare One at scale, that threshold may already be crossed. For organizations evaluating their first Zero Trust or Secure Access Service Edge deployment in 2026, Cloudflare's platform scope means a buying decision that once looked like a narrow point solution choice now determines the security control plane for the agentic enterprise.
That is a significantly larger bet than buying a content delivery network.
