Cloudflare’s new Dynamic Workers ditch containers to run AI agent code 100x faster
Cloudflare launches Dynamic Workers in open beta, an isolate-based sandbox for AI agent code that starts 100x faster than containers. The security implications for edge WAF providers are significant.
Cloudflare has launched Dynamic Workers in open beta, a new isolate-based sandboxing system designed to run AI agent code. The pitch: 100x faster cold starts and 10-100x better memory efficiency compared to traditional Linux containers.
What Dynamic Workers do
Dynamic Workers allow one Worker to spin up another at runtime with code provided on the fly, typically generated by a language model. Because they run on V8 isolates rather than containers, they start in milliseconds and use only a few megabytes of memory. In many cases they execute on the same machine and thread as the calling Worker.
Cloudflare has been pushing what it calls "Code Mode," the idea that LLMs perform better when given an API and asked to write code against it, rather than chaining tool calls. The company claims converting an MCP server into a TypeScript API can cut token usage by 81%. Dynamic Workers provide the secure execution layer for that approach.
The security angle
Cloudflare does not hide the difficulty here. The company acknowledges that V8 security bugs are more common than hypervisor vulnerabilities, which makes isolate-based sandboxing harder to lock down than hardware VMs. Their response: nearly a decade of hardening experience, automatic V8 security patch rollout within hours, a custom second-layer sandbox, dynamic tenant cordoning based on risk, MPK hardware extensions to the V8 sandbox, and active Spectre side-channel research.
For WAF and security teams, the real question is what happens when millions of AI agents start generating and executing code at the edge. Every Dynamic Worker is an execution context that could process, transform, or route web traffic, making the security of the runtime a first-order concern.
WAFplanet take
This is not a WAF feature, but it matters for WAF strategy. Cloudflare is building the infrastructure layer where AI agents will run, and those agents will eventually sit between users and applications, right where WAFs live today. If your security stack includes Cloudflare Workers, understanding the isolation model is no longer optional.
The competitive angle is interesting too. Fastly has Compute@Edge, AWS has Lambda@Edge, and Akamai has EdgeWorkers. All of them will need to answer the same question: how do you securely sandbox AI-generated code at the edge? Cloudflare is betting that isolates beat containers for this workload. The next year will show whether that bet pays off.
For teams evaluating edge WAF providers, the depth of the sandboxing and isolation model should now be part of the comparison criteria alongside traditional WAF rule engines and bot detection.
