Cloudflare lays off 1,100 workers as Anthropic’s Mythos AI shakes cybersecurity industry

Cloudflare just delivered one of the clearest signs yet that the AI boom is starting to reshape the cybersecurity workforce itself.

The cloud and cybersecurity company said Thursday it is cutting more than 1,100 employees, roughly 20% of its workforce, after an internal shift to what CEO Matthew Prince described as an “agentic AI-first operating model.”

The announcement landed just weeks after Anthropic unveiled Claude Mythos, a high-risk AI cybersecurity model that sent shockwaves across the cyber industry and triggered a sharp sell-off in security stocks, including Cloudflare.

“We are writing to let you know directly that we’ve made the decision to reduce Cloudflare’s workforce by more than 1,100 employees globally,” Cloudflare said in a blog post.

Investors had already been nervous. Mythos was introduced in April as a frontier AI system capable of independently identifying and exploiting software vulnerabilities faster than human researchers. The model was never publicly released, largely out of concern that it could be weaponized. That did little to calm markets.

Cloudflare shares fell more than 13% after the Mythos announcement in April, CNBC reported. The stock dropped another 16% Friday after the company reported earnings and confirmed the layoffs.

The timing matters.

Claude Mythos exposed a new fear inside cybersecurity: AI can now find vulnerabilities faster than humans can fix them

For years, cybersecurity firms sold protection built around human expertise, threat intelligence, and reactive patch management. Mythos introduced a different fear: AI systems finding vulnerabilities at machine speed, potentially faster than companies can defend against them.

That shift is forcing cybersecurity companies to rethink how they operate internally and what kind of workforce they need.

Cloudflare made that point directly in a memo sent to employees.

“The way we work at Cloudflare has fundamentally changed,” the company wrote. “Cloudflare’s usage of AI has increased by more than 600% in the last three months alone.”

The company said employees across engineering, finance, HR, and marketing now run “thousands of AI agent sessions each day” as part of daily operations.

“This decision is not a reflection of the individual work or talent of those leaving us,” the memo said. “Instead, we are reimagining every internal process, team, and role across the company.”

Matthew Prince echoed that message during the earnings call, telling investors there are positions inside Cloudflare “that just aren’t the roles that we need for the future.”

The layoffs came alongside quarterly results that actually beat Wall Street expectations.

Cloudflare reported first-quarter revenue of $640 million, up 34% from a year earlier and ahead of analyst estimates of $622 million, according to LSEG. Earnings came in at 25 cents per share, beating expectations of 23 cents.

The company posted a net loss of $22.9 million, or 7 cents per share, compared with a loss of $38.4 million a year earlier.

Cloudflare projected second-quarter revenue between $664 million and $665 million, roughly in line with analyst expectations. Full-year guidance slightly topped Wall Street estimates.

Prince described AI as the company’s “biggest tailwind in history.”

That optimism sits alongside a growing anxiety spreading across the cybersecurity sector.

Part of the market panic surrounding Mythos centered on reports that Cloudflare was not initially included in Anthropic’s “Project Glasswing,” a partnership with select companies to test defenses against the new AI model. Investors worried that firms with early access to Mythos-driven defensive tools could gain a major advantage in securing software systems against AI-generated attacks.

The concern quickly grew into a broader debate about the future of cybersecurity itself.

If AI systems can automatically discover zero-day vulnerabilities, traditional security workflows built around human analysts may no longer be able to move fast enough. Security firms now face pressure to build machine-speed defensive systems capable of detecting and patching threats before AI-powered attackers can exploit them.

Some analysts see the disruption as existential for parts of the industry. Others see it as the beginning of a massive new spending cycle.

ARK Invest analysts recently argued that AI-driven cyber threats could become a long-term tailwind for firms like Cloudflare, pushing enterprises and governments to spend more aggressively on automated defense systems.

Cloudflare appears to be betting on that future already.

In its memo to staff, the company said the restructuring was intended to happen once, not through repeated waves of layoffs over multiple quarters.

“We are making these changes now because making smaller, repeated cuts or dragging a reorganization out over multiple quarters creates prolonged emotional uncertainty for employees and stalls our ability to build,” the company wrote.

Departing employees will continue receiving base pay through the end of 2026, according to the memo. U.S. healthcare coverage will remain active through year-end, and Cloudflare said it would vest equity through August 15, including prorated equity for workers who had not yet reached their one-year cliff.

The message carried an unusually direct tone for a Silicon Valley layoff announcement.

“It’s not an easy day, but it’s the right decision,” the company wrote.

For the cybersecurity industry, the bigger question is whether this becomes an isolated workforce reset or the beginning of something much larger.

Mythos may have been introduced as an experimental AI model. The reaction across cybersecurity suggests many companies already see it as the start of a new era.