Provenance Record

Well-structured Analysis piece at 1,075 words, within the 800–2,000 word range for the category. The article is organized into clearly labeled sections (Overview, What We Know, What We Don't Know, Analysis), which is appropriate for the Analysis category. Specific statistics are cited with inline hyperlinks to the originating sources, and the analytical section contextualizes findings within the broader industry landscape including the IBM X-Force 2026 report.

The primary source (blog.cloudflare.com) is in the allowlist and was directly verified. The cloudflare.com press release and helpnetsecurity.com are not in the allowlist but are clearly reputable domains — cloudflare.com is Cloudflare's own official domain and helpnetsecurity.com is an established security trade publication. Both were fetched and confirmed live. The SiliconANGLE source was also verified. These non-allowlisted domains warrant addition to config/source_allowlist.txt for future submissions.

Core statistics are consistent with the verified sources. The 47.1 million DDoS incidents figure, the 31.4 Tbps Aisuru botnet attack, the sub-10-minute attack duration finding, and the $123 million BEC figure are all confirmed by fetched sources. One minor statistical inconsistency was identified: the article states that '46 percent' of human-initiated logins involve previously breached credentials, while the primary Cloudflare blog source states '63% of all logins involve credentials already compromised elsewhere' — this difference in framing (human-initiated vs. all logins) may reflect different data cuts from the report. The figure is not materially misleading in context but represents imprecise attribution. The 94% bot login figure is consistent across sources.

Solid Analysis piece covering the Cloudflare 2026 Threat Report with good structural organization, appropriate sourcing, and a measured analytical tone. The statistical inconsistency regarding credential theft percentages is a minor concern but does not misrepresent the report's core conclusions. Approved for publication.