Cloudflare outage exposes risks of AI & payments reliance

Cloudflare's second major outage in three weeks has renewed concerns over the resilience of the internet's underlying infrastructure, with payments specialists and IT leaders warning that service disruptions now need to be treated as routine operational risk rather than rare events.

The content delivery and security company experienced fresh technical issues that affected access to a range of websites and online services, including some artificial intelligence tools and eCommerce platforms. While the precise scope and duration are still being assessed, merchants and enterprises are preparing for weeks of follow-on work caused by failed transactions and service disruption.

Payments risk firm Chargebacks911 and digital employee experience company Nexthink said the incident underlines how dependent businesses have become on a small number of technology providers for both traffic routing and AI-based tools.

Merchant impact

Monica Eaton, Founder and CEO of Chargebacks911 and Fi911, said the immediate downtime is only part of the commercial impact. She pointed to the disruption to transactions that were in progress at the moment services failed.

"Cloudflare, the internet services company that powers a huge number of the world's most popular websites, has gone down again for the second time in three weeks. The outage is still ongoing as of time of writing, so we don't know the extent of this problem, but whether it lasts for minutes or hours it will affect companies around the world.

These outages don't simply delay what internet users want to do, they disrupt in-progress purchases and cause a long tail of confusion and admin burden for merchants. They could be untangling the disputes caused by today's outage several weeks from now - in fact, it's likely that some companies are still dealing with blowback from the last outage.

At this point, companies need to treat disruptions like this as routine operational risk, not freak anomalies. Track your failed and duplicate transactions as they happen. Reach out to customers before they start guessing what went wrong and keep a tight incident log so you're not trying to reconstruct events months later when the chargebacks hit.

This isn't about panic. It's about facing the reality that outages are becoming a normal part of the landscape. Cloudflare went down again today but another provider might stumble next week. The only question is whether businesses adapt to this pattern or keep crossing their fingers and hoping luck will fill the gaps," said Monica Eaton, Founder and CEO, Chargebacks911 and Fi911.

Card payment disputes, or chargebacks, often arise when customers see unfamiliar or duplicate transactions on their statements, or when they believe they have been charged for goods or services that were not delivered. System outages during checkout or payment authorisation can increase the volume of such disputes, as merchants and issuers work from incomplete logs or mixed messages sent to customers during the incident.

Eaton said the operational focus for merchants should be on monitoring failed and duplicate payments in real time and maintaining clear incident records that can be referenced if customers later challenge transactions.

AI dependency

The outage also affected some AI tools that rely on Cloudflare's services. This has raised questions about how enterprises manage the risk of depending on external AI platforms for day-to-day operations and knowledge work.

Tim Flowers, Vice President of DEX Strategy at Nexthink, said the incident should prompt organisations to reassess how central AI has become to their workflows and recovery planning.

"We often say, "AI works 24x7 and doesn't take breaks", but we have now seen time and again that it absolutely can take unscheduled breaks, with no ETA on its return to work. This presents an uncomfortable truth for organisations. As they lean further into AI, workflows and core functions become dependent on models and assistants, while the human knowledge that once helped quick recovery steadily shrinks. Operational and institutional expertise has been replaced with AI-driven tooling. Most days that's fine, until the moment AI suffers an outage. When this happens, it creates a dead-end for enterprises.

If AI is going to sit at the centre of every application and workflow, then we need to start treating AI dependence with the same seriousness as core IT infrastructure. This wasn't just another disruption, it was warning siren for what the next decade of IT resilience needs to prepare for," said Tim Flowers, Vice President of DEX Strategy, Nexthink.

Cloud and AI services are often procured as software subscriptions, but Flowers argued they now play a role closer to power or network connectivity for many enterprises. Outages can halt software development, customer support and internal decision-making processes that have been redesigned around AI assistants.

Operational response

The consecutive Cloudflare incidents are likely to drive renewed scrutiny of vendor concentration and failover arrangements. Some online retailers and service providers route traffic through multiple content delivery and DNS providers, but others depend on a single supplier.

Risk and payments teams are also expected to review their incident playbooks, including how they communicate with customers during outages and how they reconcile logs after systems come back online. Merchants that accept a high volume of card-not-present payments are particularly exposed to errors when transactions are interrupted between authorisation and confirmation.

"This isn't about panic. It's about facing the reality that outages are becoming a normal part of the landscape. Cloudflare went down again today but another provider might stumble next week. The only question is whether businesses adapt to this pattern or keep crossing their fingers and hoping luck will fill the gaps," said Eaton.