Cloudflare disclosed a record breaking 31.4 terabits per second DDoS attack in its 2026 threat report, marking the largest volumetric attack publicly reported to date. The incident reflects a continued escalation in large scale denial-of-service capabilities targeting internet infrastructure providers.
The attack significantly exceeded previous known records, highlighting the growing availability of large botnets and distributed attack resources. Cloudflare stated the traffic was directed at its network infrastructure but was successfully mitigated without disruption to customer services.
Attack scale and multi-vector design
The 31.4 Tbps attack involved a multi-vector approach, combining volumetric traffic flooding with protocol-level and application-layer techniques. This type of attack is designed to strain mitigation systems by forcing defenders to respond to multiple forms of traffic simultaneously rather than a single, predictable pattern.
Attacks at this scale typically rely on a combination of compromised devices, cloud-hosted systems, and traffic amplification methods to generate large volumes of requests from distributed sources.
Infrastructure demands behind high-volume attacks
Generating traffic at this magnitude requires access to extensive distributed resources. While attribution was not disclosed, operations of this scale generally involve large botnets or coordinated infrastructure capable of sustaining high throughput over short periods.
The continued increase in attack size reflects broader trends in the commoditization of DDoS capabilities, where tools and infrastructure required to launch large-scale attacks are becoming more accessible.
Implications for organizations without mitigation capacity
Record-setting attacks of this size highlight the gap between organizations with dedicated DDoS protection and those without. Without specialized mitigation services, high-volume attacks can overwhelm network capacity, resulting in service outages and downstream operational impact.
Cloudflare noted that the attack was absorbed within its network, underscoring the importance of scalable mitigation infrastructure as attack volumes continue to increase. The company stated it continues to expand its defensive capacity in response to evolving threat levels.
