Combined security offerings will uncover hidden risks, assess security posture, and automate defenses for all web-facing assets

Cloudflare, Inc. (NYSE: NET), the leading connectivity cloud company, and Mastercard Incorporated (NYSE: MA) today announced a strategic partnership with the intent to develop tools to help small businesses, critical infrastructure, and governments protect themselves from today’s most pressing cyber threats without putting the brakes on innovation.

Attack surface monitoring capabilities from Mastercard’s Recorded Future and RiskRecon, paired with Cloudflare’s Application Security portfolio, will be designed to allow millions of organizations to defend against the risks posed by an increasingly interconnected digital world. From one unified solution, users will gain the ability to map, prioritize, and automate swift remediation of hidden risks across their internet-facing environments.

Emerging technologies and tools pose opportunities for organizations to innovate at speed and find creative ways to scale their businesses. But as new vendors, outsourced services, shadow IT, and legacy systems are layered into business environments, the attack surface becomes unknown, and security teams are often left in the dark. This presents a potential visibility gap that could allow threat actors to gain the upper hand. Organizations now require cyber defense that allows them to innovate as fast as they want, with the necessary safeguards in place to protect critical information.

"Improving critical infrastructure cybersecurity and reducing cyber risk is an ongoing, challenging mission," said Dan Cimpean, Director of the Romanian National Cyber Security Directorate. “As society and global economies increasingly rely on digital networks, we must combine our efforts across the public and private sectors, across nations and international organizations, to build resilience and prevent cyber incidents. The protection of critical infrastructure is and must be a joint effort."

Cloudflare and Mastercard intend to help protect small businesses, critical infrastructure, and governments by:

• Eliminating blind spots: Users will be able to monitor their digital presence by discovering any internet-facing domains or software stacks running on the web through Recorded Future. When unprotected assets are identified, organizations will be able to immediately extend Cloudflare’s Application Security Portfolio to secure these shadow assets.
• Providing real-time, accurate views of cyber posture: Companies will have access to a comprehensive, continuously updated view of their cyber posture powered by Recorded Future. This includes an “A–F” graded security rating based on several checks for security controls across software vulnerabilities, authentication weaknesses, exposed infrastructure, and third-party risks. These findings will appear in Cloudflare’s Security Insights dashboard, prioritized by the asset’s criticality, with added context on severity.
• Translating risk insights into actionable protection: Organizations will have the ability to enable security controls – such as a web application firewall, encryption, or automated defenses – to mitigate identified risks through the Cloudflare dashboard.

“For small businesses, critical infrastructure, and governments, a cyberattack is more than a technical hurdle. It is an existential threat. Often considered ‘target rich but resource poor,’ these organizations are strategic targets and are often attacked at a greater rate than global enterprise or Fortune 500 organizations,” said Stephanie Cohen, chief strategy officer at Cloudflare. “This partnership brings together the best in cyber defense so that these underserved organizations don’t fall victim to the growing number of cyberattacks.”

“With small businesses accounting for about half of the world’s GDP, closing the resilience gap is critical to securing the foundation of our global economy,” said Johan Gerber, global head of Security Solutions at Mastercard. “Our collaboration with Cloudflare propels our mission to secure the digital ecosystem in partnership with governments and other key players, empowering businesses to focus on what matters most: their productivity and growth.”

To learn more about the Mastercard and Cloudflare offerings, please visit:

• Cloudflare Web Application Security (WAF)
• Mastercard RiskRecon and Recorded Future

About Cloudflare

Cloudflare, Inc. (NYSE: NET) is the leading connectivity cloud company on a mission to help build a better Internet. It empowers organizations to make their employees, applications and networks faster and more secure everywhere, while reducing complexity and cost. Cloudflare’s connectivity cloud delivers the most full-featured, unified platform of cloud-native products and developer tools, so any organization can gain the control they need to work, develop, and accelerate their business.

Powered by one of the world’s largest and most interconnected networks, Cloudflare blocks billions of threats online for its customers every day. It is trusted by millions of organizations—from the largest brands to entrepreneurs and small businesses to nonprofits, humanitarian groups, and governments across the globe.

Learn more about Cloudflare’s connectivity cloud at cloudflare.com/connectivity-cloud. Learn more about the latest Internet trends and insights at https://radar.cloudflare.com.

Follow us: Blog | X | LinkedIn | Facebook | Instagram

About Mastercard

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re building a resilient economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

www.mastercard.com

Forward-Looking Statements

This press release contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended, which statements involve substantial risks and uncertainties. In some cases, you can identify forward-looking statements because they contain words such as “may,” “will,” “should,” “expect,” “explore,” “plan,” “anticipate,” “could,” “intend,” “target,” “project,” “contemplate,” “believe,” “estimate,” “predict,” “potential,” or “continue,” or the negative of these words, or other similar terms or expressions that concern Cloudflare’s expectations, strategy, plans, or intentions. However, not all forward-looking statements contain these identifying words. Forward-looking statements expressed or implied in this press release include, but are not limited to, statements regarding the capabilities and effectiveness of Cloudflare’s Application Security portfolio and Cloudflare’s other products and technology, the benefits to Cloudflare’s customers from using Cloudflare’s Application Security portfolio and Cloudflare’s other products and technology, Cloudflare’s partnership with Mastercard and the potential resulting benefits to Cloudflare customers, the potential opportunity for Cloudflare to attract additional customers and to expand sales to existing customers through Cloudflare’s partnership with Mastercard, Cloudflare’s technological development, future operations, growth, initiatives, or strategies, and comments made by Cloudflare’s Chief Strategy Officer and others. Actual results could differ materially from those stated or implied in forward-looking statements due to a number of factors, including but not limited to, risks detailed in Cloudflare’s filings with the Securities and Exchange Commission (SEC), including Cloudflare’s Quarterly Report on Form 10-Q filed on October 30, 2025, as well as other filings that Cloudflare may make from time to time with the SEC.

The forward-looking statements made in this press release relate only to events as of the date on which the statements are made. Cloudflare undertakes no obligation to update any forward-looking statements made in this press release to reflect events or circumstances after the date of this press release or to reflect new information or the occurrence of unanticipated events, except as required by law. Cloudflare may not actually achieve the plans, intentions, or expectations disclosed in Cloudflare’s forward-looking statements, and you should not place undue reliance on Cloudflare’s forward-looking statements.

©2026 Cloudflare, Inc. All rights reserved. Cloudflare, the Cloudflare logo, and other Cloudflare marks are trademarks and/or registered trademarks of Cloudflare, Inc. in the U.S. and other jurisdictions. All other marks and names referenced herein may be trademarks of their respective owners.

View source version on businesswire.com: https://www.businesswire.com/news/home/20260217906369/en/