Cloudflare 2025 Radar Report: AI Surge, Record DDoS, Post-Quantum Shift

Cloudflare 2025 Radar Year in Review

Cloudflare has released its 2025 Radar Year in Review, reporting 19% global internet traffic growth, surging AI crawler activity, record-setting DDoS attacks, and a jump in post-quantum encryption adoption.

Cloudflare published the 2025 Cloudflare Radar Year in Review on December 15, 2025, summarizing internet trends it observed across traffic, AI, adoption and usage, connectivity, security, and email security. The review covers January 1 to December 2, 2025, and draws on Cloudflare’s global footprint—330 cities in 125+ countries/regions—and data generated by its web and DNS services.

What Cloudflare measured and why it matters?

Cloudflare says its network handles 81+ million HTTP requests per second on average (129+ million at peak) and responds to roughly 67 million DNS queries per second, giving it a wide-angle view of how the internet behaves at scale. The year-in-review format turns those signals into a look-back with charts and country-level comparisons across more than 200 locations where data is sufficient.

That scope matters in 2025 because the report ties several themes together: rising reliance on a small set of platforms, growing automation from bots and AI crawlers, intensifying attack volume, and major changes underway in encryption to prepare for future risks.

Key 2025 findings at a glance

Metric (2025) What Cloudflare reported Why it matters
Global internet traffic +19% for the year, with acceleration starting in mid-August Growth is increasingly “back-half loaded,” stressing networks and services during seasonal peaks. 
Major outages tracked 174 major outages globally; almost half tied to government shutdowns Availability risk is as much political and operational as it is technical. 
Post-quantum encrypted human web traffic Reached 52% share Signals a rapid cryptographic transition happening in real traffic, not just roadmaps. 
Mitigated traffic 6% of global traffic on Cloudflare’s network was mitigated Reflects the scale of filtering needed to keep sites usable amid abuse and policy rules. 
AI user-action crawling Increased by 15x+ Suggests more bots are visiting pages to answer user questions—changing costs and referral dynamics for publishers. 

Internet traffic grew 19%—and growth sped up late in the year

Cloudflare’s traffic trendline (excluding bot traffic) shows relatively modest change through mid-August before accelerating through September, October, and November to peak at 19% growth for the year. Cloudflare notes that the 2025 pace is higher than 2024’s growth and that the late-year acceleration pattern has appeared before, though the timing shifted later in 2025.

The report also highlights how localized events can appear directly in national traffic curves, including rapid drops aligned with shutdowns and infrastructure disruptions. 

The most popular internet services: stability at the top, churn in categories

Cloudflare’s companion “Top Internet Services of 2025” analysis ranks services using anonymized DNS data from its 1.1.1.1 resolver, grouped by service and reported across nine categories. 

Top 10 overall services in 2025 (Cloudflare ranking)

Cloudflare’s overall top 10 list for 2025 was:

  1. Google
  2. Facebook
  3. Apple
  4. Microsoft
  5. Instagram
  6. AWS
  7. YouTube
  8. TikTok
  9. Amazon
  10. WhatsApp

Cloudflare notes that the roster stayed consistent with 2024, but positions shifted in the middle—particularly Microsoft and Instagram moving up and TikTok moving down by year-end. 

Generative AI: ChatGPT still leads, but rivals reshaped the top 10

Cloudflare’s 2025 generative AI category places ChatGPT/OpenAI at #1, with a more crowded field behind it. The top 10 list includes Claude, Perplexity, and Google Gemini, along with tools like GitHub Copilot, Grok, and DeepSeek.

Cloudflare also reports that ChatGPT climbed in overall domain rank during 2025 and that multiple AI services rose in visibility—an indication that “AI as a destination” is increasingly mainstream, not niche. 

AI crawlers changed publisher traffic—and robots.txt became a frontline

Cloudflare’s year-end review separates AI crawling into three purposes: training, search, and user action (bots visiting pages in response to a user’s chatbot request). In 2025, Cloudflare reports user-action crawling grew sharply—over 15x on the year, and 21x from January through early December in the report’s tracked period.

Cloudflare also estimates that AI bots made up 4.2% of HTML requests on average, while Googlebot alone accounted for 4.5%, reflecting its dual role in both search indexing and AI training.

Crawl-to-refer ratios: a measurement publishers are watching

In mid-2025, Cloudflare introduced a “crawl-to-refer ratio” metric designed to show how often a platform crawls compared with how often it sends visitors back to sites. In Cloudflare’s 2025 view, Anthropic reached very high ratios (peaking as high as 500,000:1 in certain periods), while other platforms showed lower or more variable values.

Robots Exclusion Protocol: more “keep out” signs for AI bots

Cloudflare reports that AI crawler user agents were the most frequently fully disallowed in robots.txt files it observed—an indicator that many site owners are actively restricting AI training crawls. The report also points to growing use of partial rules (blocking sections like logins) for major crawlers.

Connectivity: outages rose, and shutdowns remained a major driver

Cloudflare tracked 174 major internet outages around the world in 2025 and reports that almost half were caused by government-directed regional or national shutdowns.

Cloudflare also highlights broader usage patterns, including:

  • More than half of request traffic coming from mobile devices in 117 countries/regions.
  • Global IPv6 adoption remaining uneven: less than a third of dual-stack requests used IPv6 worldwide, while India exceeded two-thirds.

Security: 2025’s DDoS sizes kept climbing into new territory

Cloudflare’s review says hyper-volumetric DDoS attack sizes grew significantly over 2025, with a wave of “record-breaking” incidents—more than 25 in the year-end highlights.

DDoS “size progression” Cloudflare highlighted in 2025

Period (2025) Peak DDoS size Cloudflare highlighted
Late August ~10 Tbps peak reported as the “new normal” in that phase
Early September New record above 10 Tbps 
Late September Another record over 20 Tbps 
October Peak around 29.7 Tbps
November Peak around 31.4 Tbps

Cloudflare also ties part of the 2025 spike to large botnets and repeated hyper-volumetric campaigns described in its quarterly DDoS reporting. 

Post-quantum encryption hit 52%—and mobile OS changes helped

One of the most consequential changes Cloudflare flags is the rise of post-quantum encrypted web traffic—encryption designed to reduce the risk of “harvest now, decrypt later,” where intercepted traffic could be decrypted in the future if quantum computers can break today’s cryptography. Cloudflare reports that the share of human web traffic that is post-quantum encrypted rose from about 29% in early 2025 to 52% by early December in its measured period, with a major increase aligned with broader rollout of iOS 26.

On the standards side, the U.S. government approved three post-quantum cryptography standards—FIPS 203, 204, and 205—in August 2024, covering key establishment and digital signatures designed to resist future quantum attacks. Apple, meanwhile, documented that its 2025–2026 operating systems (including iOS 26) advertise support for a hybrid, quantum-secure key exchange in TLS 1.3, intended to improve resilience while maintaining compatibility with servers that do not yet support it.

What Cloudflare’s November 18 outage shows about modern dependency

Cloudflare’s year-in-review focuses heavily on external internet behavior, but 2025 also highlighted how disruptions inside major infrastructure providers can ripple outward. On November 18, 2025, Cloudflare reported a significant internal outage beginning at 11:20 UTC, describing failures in core traffic delivery that were not caused by a cyberattack.

Cloudflare traced the trigger to a permissions change in a database system that led to an oversized “feature file” used by its bot management system, which exceeded a software size limit and caused failures until the rollout was stopped and rolled back.

What comes next?

Cloudflare’s 2025 Radar Year in Review points to an internet that is growing fast, increasingly automated, and facing heavier security pressure—while simultaneously upgrading foundational cryptography in production traffic. For publishers and site operators, the combination of higher AI crawling (especially user-action bots), shifting referral dynamics, and the rising use of robots.txt controls suggests a continued push toward clearer access rules, enforceable bot policies, and monetization models that account for machine consumption.

For defenders, the DDoS trendline implies that “peak size” is still rising, and resilience planning needs to treat multi-Tbps bursts as an operational reality, not an edge case. And for the broader ecosystem, the quick move to post-quantum encryption indicates that platform and OS changes can shift the security baseline rapidly—often faster than many organizations’ upgrade cycles—making “crypto agility” and compatibility testing increasingly important.


Subscribe to Our Newsletter

Related Articles

Top Trending

is microlearning effective
Why Microlearning Is Popular but Not Always Effective
Core Web Vitals for Publishers performance dashboard.
Core Web Vitals for Publishers: What Actually Matters for SEO, Ads, and Reader Experience
Crunch Culture Coverup featured image. Exhausted game developer working late in a dark studio, showing how the crunch culture coverup hides the human cost behind AAA game production
The Crunch Culture Coverup Is Gaming’s Ugliest Secret
SEO Tactics For Service Businesses
7 SEO Tactics For Service Businesses
environment impact of plant-based diet featured image. Plant based meal with legumes, grains, vegetables, and a globe showing the environmental value of sustainable food choices.
The Environment Impact of Plant-Based Diet Choices

Fintech & Finance

Higher 401k Limits Retirement Savers
What Do Higher 401(k) Limits Mean for Retirement Savers in 2026?
ELSS SIP Calculator
ELSS SIP Calculator: Tax Saving + Wealth Building Explained
Tracking Small-Cap Stocks on Fintechzoom.com Russell 2000
Fintechzoom.com Russell 2000: The Complete Guide to Tracking Small-Cap Stocks in 2026
Organizational Bottlenecks and How to Address Them
10 Organizational Bottlenecks: Here’s How to Address Them
Why more Indians are Taking a Rs 50000 Personal Loan for Emergencies and Short-term Needs
Why more Indians are Taking a Rs 50000 Personal Loan for Emergencies and Short-term Needs

Sustainability & Living

environment impact of plant-based diet featured image. Plant based meal with legumes, grains, vegetables, and a globe showing the environmental value of sustainable food choices.
The Environment Impact of Plant-Based Diet Choices
Swedish supply chain traceability platforms
6 Swedish Supply Chain Traceability Platforms Transforming Global Industries
Local Climate Actions
11 Local Climate Actions That Compound Beyond One Household
Plastic-Free Grocery Swaps
8 Plastic-Free Grocery Shopping Swaps That Actually Work
Sustainable Bathroom Swaps
11 Sustainable Bathroom Swaps for a Waste-Free Routine

GAMING

Crunch Culture Coverup featured image. Exhausted game developer working late in a dark studio, showing how the crunch culture coverup hides the human cost behind AAA game production
The Crunch Culture Coverup Is Gaming’s Ugliest Secret
Mortdog left Riot Games
Mortdog Leaves Riot Games: Is This the End of TFT as We Know It?
Quality Assurance & Game Testing
Top 10 Gaming SMEs Specializing in Quality Assurance & Game Testing in India
$70 Game Deals
Why $70 Game Deals Are Mostly Never Worth It
why AAA games look the same
Why AAA Games Look the Same Even When They Cost More Than Ever

Business & Marketing

Best Founder Resources
23 Best Founder Resources: A Practical Guide for Early-Stage Startups
Best Free Courses Aspiring Founders
The 7 Best Free Courses Aspiring Founders Should Take Before Building
best templates founders
11 Best Templates Founders Need to Build Smarter
Enter a new country without legal entity
The Fastest Way to Enter a New Country Without Establishing a Legal Entity
Promotional talent live events
How Promotional Talent Helps Brands Make an Impact at Live Events

Technology & AI

SEO Tactics For Service Businesses
7 SEO Tactics For Service Businesses
Self-Hosting AI Costs
Self-Hosting AI Looks Cheap Until You Become the Vendor
launch tactics tight budget
7 Launch Tactics on a Tight Budget for Indie SaaS Teams
SEO tactics SaaS
11 SEO Tactics Specific to SaaS Teams That Want Qualified Traffic, Not Empty Visits
best newsletters SaaS founders
11 Best Newsletters SaaS Founders Should Read for Growth

Fitness & Wellness

A Complete Guide on TheLifestyleEdge com
The Lifestyle Edge: Your Complete Guide to Wellness and Modern Living
Stretching Accessories That Make a Difference
7 Stretching Accessories That Make a Difference for Flexibility, Mobility, and Recovery
air quality wellness devices
13 Air Quality and Wellness Devices Worth Considering for a Healthier Home
habits reduce stress
7 Habits That Reduce Stress Long Term and Feel Calmer Daily
habits better focus
11 Habits for Better Focus That Actually Work