A widespread internet disruption on Tuesday left millions of users across the U.S. and beyond unable to access popular platforms including X, ChatGPT, Spotify, YouTube, and Uber. The outage, caused by technical issues at Cloudflare, a leading internet infrastructure and cybersecurity provider, affected websites and apps that rely on the company’s services to stay online. Cloudflare has since released a detailed blog post explaining the cause and timeline of the disruption.
Cloudflare Co-Founder and CEO Matthew Prince acknowledged the disruption in a late Tuesday statement, apologizing to users and calling it the company’s most significant outage since 2019. “[I]n the last 6+ years we’ve not had another outage that has caused the majority of core traffic to stop flowing through our network,” said Prince. “On behalf of the entire team at Cloudflare, I would like to apologize for the pain we caused the Internet today.”
Prince clarified that the disruption stemmed from a malfunction in Cloudflare’s security infrastructure, specifically the system designed to safeguard websites from large-scale DDoS attacks.
READ: Cloudflare outage disrupts major sites including X, ChatGPT and more (
Cloudflare’s Bot Management system is designed to guard websites from automated threats, including harmful bot traffic. It helps block large-scale DDoS attacks that overload servers, prevents unauthorized scraping of website content, and stops credential stuffing attempts where attackers use stolen login details from other breaches to break into accounts.
Cloudflare’s bot detection relies heavily on artificial intelligence to separate legitimate users from harmful automated traffic. The company explained that its Bot Management system uses an AI model to evaluate incoming requests and assign a score indicating whether the activity is likely generated by a human or a bot. To make that determination, the system analyses patterns drawn from different attributes of each request, stored in what it refers to as a “feature file.”
The problem, Cloudflare said, was rooted in that “feature file.” The file is refreshed every five minutes to keep pace with changing bot behavior and is used across the company’s entire security network. But a recent change to the query that builds the file caused it to repeat data multiple times, dramatically increasing its size. That unexpected growth overwhelmed the Bot Management system, leading to the widespread failure.
READ: Google’s new app allows users to download and run AI models locally (
As a result, websites using Cloudflare’s Bot Management system began returning error messages when users tried to access them. According to the company, the first signs of trouble appeared roughly 15 minutes after the updated feature file went live, triggering significant failures across its network.
“The issue was not caused, directly or indirectly, by a cyber attack or malicious activity of any kind,” Prince stressed. “After we initially wrongly suspected the symptoms we were seeing were caused by a hyper-scale DDoS attack, we correctly identified the core issue and were able to stop the propagation of the larger-than-expected feature file and replace it with an earlier version of the file.”
Prior to the blog post, when Mashable sought clarification, a Cloudflare spokesperson stressed that there was “no evidence that [the outage] was the result of an attack or caused by malicious activity.”
Cloudflare said most services were back online within three hours, with full restoration achieved in about five. Prince added that the company is now working on safeguards to prevent a repeat of the incident, including steps to ensure internal error reports don’t spiral and overload the system.