Cloudflare Blocks Lawfare: The AI Law Site That Predicted It

As of March 31, 2026, one of the internet's most important sources for AI law and national security analysis is offline. Anyone visiting Lawfare — a legal and policy analysis platform that has spent over a decade documenting the collision between AI, government power, and the courts — now encounters a Cloudflare security block. That's an access-denied error from the very infrastructure provider the site has written about extensively.

The timing has an uncomfortable symmetry: Lawfare isn't blocked for hosting illegal content. It's blocked by an automated security system — the same kind of opaque, platform-level gatekeeping that Lawfare's own contributors spent years arguing should be far more transparent.

The Site That Maps Where AI Law and Regulation Are Heading

Lawfare launched around the concept of "lawfare" itself (the use of legal systems as instruments of geopolitical conflict — think sanctions enforcement, international tribunal proceedings, or patent disputes between governments). It evolved into a comprehensive research and analysis platform covering:

• AI regulation — how courts and legislatures are keeping up with large language models, autonomous systems, and algorithmic decision-making
• Content moderation law — Section 230 (the U.S. law that shields platforms from liability for user-posted content), platform accountability, and AI-generated harm
• National security technology — surveillance tools, autonomous weapons policy, and cybersecurity law affecting government agencies
• Platform responsibility — when infrastructure providers, including Cloudflare itself, should intervene in what content gets served online

For legal professionals, AI company policy teams, and government advisors, Lawfare occupies a specific niche: technically precise analysis written for working practitioners, not just academics. That makes it practically irreplaceable for tracking where AI regulation is heading — and as of March 2026, it is inaccessible to ordinary readers and automated research tools alike.

A Target Since 2018: The DDoS History Behind the Cloudflare Blocks

This is not the first time someone tried to take Lawfare offline. In October 2018, the site endured a series of persistent distributed denial-of-service attacks (DDoS — a cyberattack that floods a server with fake traffic until it becomes unavailable to real users). The attacks were sustained enough that editor Sean Lyngaas addressed them publicly, telling readers with deliberate understatement: "We wish they'd knock it off."

That Lawfare attracted a DDoS campaign at all is telling. Sites that publish dry academic legal analysis rarely become cyberattack targets. The 2018 attack was significant enough to generate coverage at CyberScoop (a cybersecurity news outlet that covers major institutional incidents), indicating the campaign went well beyond routine internet background noise.

Cloudflare's security service — the same infrastructure now blocking access in 2026 — is precisely what news and analysis platforms deploy to survive DDoS campaigns. The tool built to keep Lawfare online in 2018 appears to be what's keeping readers out in 2026. Whether that's a misconfiguration, an escalated attack triggering over-broad security rules, or something else remains unspecified in Cloudflare's access-denied response.

The Kiwi Farms Precedent — Lawfare's Own Warning From 2022

The sharpest irony of Lawfare's current inaccessibility lies in a September 2022 analysis by contributor Paul A. Rosenzweig. The piece examined what became known as the Kiwi Farms decision — Cloudflare's choice to terminate services to a notorious online harassment forum after sustained public pressure and documented evidence connecting the forum to real-world physical harm against individuals.

Rosenzweig's analysis, published under the title "The Lack of Content Moderation Transparency: The Cloudflare and Kiwi Farms Example," raised a foundational question that Cloudflare had long been deflecting: what rules govern when a company whose infrastructure touches roughly one-fifth of all internet traffic decides who gets to be online — and who doesn't?

The core argument Lawfare made:

• Cloudflare had positioned itself as neutral internet infrastructure — like electricity or telephone lines — not a content moderator
• The Kiwi Farms decision in 2022 broke from that positioning under public pressure, establishing a precedent of content-based service termination
• If Cloudflare is making content decisions, those decisions carry enormous power and require stated criteria, transparent appeals processes, and public accountability
• Unilateral, opaque infrastructure-level decisions set a precedent that could, in principle, affect any website — including the ones doing the critiquing

That last point has now been validated in a different form. As of March 31, 2026, Cloudflare's security service is making an access decision affecting Lawfare — blocking traffic without public explanation of what triggered it, how long it will last, or what appeal mechanism exists. The analysis written about Cloudflare's power is now experiencing that power directly.

How to Read Lawfare While Access Is Blocked

If you need Lawfare's archived analysis — the AI policy, content moderation law, and platform responsibility coverage — the widely-used workaround is Archive.today (a web archival service that stores independent cached snapshots of pages, hosted separately from the original site):

https://archive.today/lawfaremedia.org

Articles published before the Cloudflare block became active remain accessible through cached versions. You won't get real-time content, but the historical analysis — including Rosenzweig's 2022 Kiwi Farms piece and Lawfare's multi-year AI law coverage — should be reachable.

For ongoing AI regulation coverage while Lawfare is unavailable, the Brookings Institution's technology policy section and the CSIS Strategic Technologies Program publish peer-reviewed analysis on AI policy. For plain-English breakdowns of where AI law is heading — without the legal jargon — explore AI for Automation's AI regulation and policy guides, written in terms that non-lawyers can act on immediately.

Watch for whether Lawfare restores access. Cloudflare security blocks triggered by automated heuristics (pattern-matching rules that flag suspicious traffic based on request volume, headers, or known attack signatures) can be temporary — site operators can request configuration review, or an active underlying attack may simply subside. Either way, Lawfare's absence from the accessible web makes a quiet argument for the exact thesis it spent years developing: infrastructure platforms hold the power to silence legal discourse, and that power operates without visible rules, transparent criteria, or meaningful recourse for the blocked. You can try the archive workaround now, and check back in a few days to see if direct access has returned.

Related Content — Get Started | Guides | More News