AWS, GitHub, Cloudflare platform updates #43

June 10, 2026 — 3 min read

Today's Letter

AWS published details on Amazon Bedrock cross-Region Inference on June 8, 2026, with a focus on EU data processing and model access.
Cross-Region Inference routes model requests across supported AWS Regions through system-defined inference profiles, aiming for higher capacity use with minimal latency overhead.
AWS separates profiles into global scope and geography-based scope; EU profiles restrict destination Regions to EU Regions for requests originating inside the EU.
Requests from EU source Regions are not routed to non-EU destinations under EU CRIS, and London or Zurich requests are limited to EU Regions plus their respective source Region.
For requests originating outside the EU, EU CRIS considers the source Region together with available EU Regions when selecting inference capacity.
AWS said cross-Region traffic stays on the AWS-operated network, does not traverse the public internet, and is encrypted in transit between Regions.
Developers must opt in explicitly by passing a CRIS profile ID instead of a plain model ID when invoking a model.
The post uses Amazon Nova Lite examples, including `eu.amazon.nova-2-lite-v1:0` and `global.amazon.nova-2-lite-v1:0`, from source Region `eu-south-1`.

Source: aws.amazon.com

GitHub code scanning now supports scheduled scans for repositories with no pushes or pull requests for six months or more.
The feature is aimed at organizations that want continuous security coverage for codebases no longer under active development.
Inactive repositories are scanned automatically every 30 days when the setting is enabled.
The setting applies at the organization level rather than per repository.
It only works for repositories that use code scanning default setup.
The control is available under Settings > Advanced Security > Global Settings.
GitHub labels the option as keeping scheduled scans running every 30 days for inactive repositories.

Source: github.blog

Cloudflare outlined a security architecture aimed at attacks accelerated by frontier cyber models, arguing that containment and detection around a vulnerability matter more than patch speed alone
The company said Cloudforce One threat intelligence can now feed directly into its WAF so high-risk traffic can be blocked without the usual delay between threat reporting and mitigation
Cloudflare said its managed WAF rulesets can be released within hours of a proof of concept becoming known, and deployed network-wide in under 30 seconds once a detection is live
The post highlighted ML-based detection such as WAF Attack Score as a layer ahead of traditional signatures, with the stated goal of catching exploit variants that adapt around static rules
Cloudflare said it sees roughly a fifth of global web traffic, and uses that visibility to track payload mutations, emerging patterns, and shifts in attacker tooling in real time
The company argued that frontier models compress vulnerability discovery, exploit-chain construction, and proof-of-concept generation, while also increasing reconnaissance volume and payload variation
Cloudflare cited React2Shell as an example where a managed WAF rule was deployed before the official advisory, and said some rules may ship before a CVE is publicly disclosed
The post also noted that AI-assisted patching can still introduce regressions, making blast-radius reduction, layered controls, and post-exploit containment central parts of the defensive model

Source: blog.cloudflare.com

Jocoletter curates AI, software, and product trends for developers and builders.

#AWS #Cloudflare #GitHub