Post
> In this specific instance, the Bot Management system has a limit on the number of machine learning features that can be used at runtime.
> (…)
> When the bad file with more than 200 features was propagated to our servers, this limit was hit — resulting in the system panicking.
https://blog.cloudflare.com/18-november-2025-outage/
So it's "AI" when it's good for business, "machine learning" when it's bad for business, gotcha! 🤡
@rysiek So they don't verify the payload on receipt and this is going to happen again, on purpose next time, now that the vulnerability is revealed.
@gooba42 there was no payload. The data was pulled from their own database. They changed some permissions and unexpectedly that led to duplicated data being pulled from that database, hitting certain limits.
@rysiek That feature file was the payload in question.
They limited what they could send but not what they could receive which left them vulnerable to this disruption when the send limit was exceeded.
I'm no expert and I'm no professional developer ...
but does this mean they "pushed direct to prod" without going via test?
or is that now old school, and rapid fail / rapid fix is now part of the continuous deployment ideology?
@rzeta0 they pushed to prod (the database permissions change) without fully understanding the consequences of that change. Automation did the rest.
@rysiek I probably got my P45 prepared for sharing this on the work slack, but it felt great :)
Literally called it a couple of days ago when quoted in The Guardian article about Anthropic's "AI-driven attack" bullshit:
https://mstdn.social/@rysiek/115566158042786232
@rysiek Can't be tainting the "AI" brand, now! Someone might think the hype is .. just hype! 😉
A space for Bonfire maintainers and contributors to communicate
