From preview to proven: Bunny Shield enters general availability

Six months ago, we launched Bunny Shield in Preview with one goal: to make serious, scalable security something anyone could use. No enterprise contracts. No hidden pricing. Just strong protection that was easy to turn on.

It was the next step in a bigger journey, evolving bunny.net from a content delivery network into a global platform that can power and protect your entire website or application. Performance and security, working hand in hand at the edge.

Since that day, Bunny Shield has quietly guarded tens of thousands of websites and APIs around the world. It’s blocked exploits before they reached production and absorbed floods that would have brought whole services down. Most of the time, no one even noticed, and that’s exactly how it should be.

Now, Bunny Shield is ready to move forward. Today, we’re graduating from Preview and officially moving into General Availability. After trillions of requests, months of testing, and continuous tuning, Bunny Shield has matured into a complete, reliable layer of defense built directly into the bunny.net edge.

The journey from preview to proven

When Bunny Shield launched, it started as an idea: security that worked as smoothly as delivery. What followed was six months of learning in production. We saw everything from quiet credential stuffing to coordinated botnets and sudden floods. Each event helped us refine how Shield reacts, adapts, and protects without slowing you down.

It wasn’t about adding features for the sake of it, but about shaping something that felt effortless to use and powerful when it mattered. Today, Bunny Shield stands as a proven part of the stack. Fast, consistent, and built for real traffic.

Built for the real world

Bunny Shield now protects against the full range of threats across the network. DDoS mitigation absorbs attacks at the edge so they never reach your origin. The WAF inspects every request with flexible, customizable rules while staying focused on accuracy. Rate limiting helps you keep abusive traffic in check globally. Bot detection identifies and stops automated traffic that tries to blend in. Access lists give full control over who gets through. Upload scanning keeps malicious files out before they cause harm.

And coming soon, API Guardian will extend that same protection to APIs and AI-driven applications, adding deeper inspection and schema-aware validation. All of it runs natively at the edge, quietly, with almost no latency.

Transparent by design

Transparency has always been at the core of Bunny Shield. Every plan is built to be clear and predictable, with straightforward usage limits and simple overage pricing that scales with you. Whether you’re running a personal project or a global platform, you know exactly what you’re getting and what it costs.

Only clean requests count toward your plan, and our clean-request model makes it easy to understand how traffic is counted, with only legitimate requests billed. Anything blocked by Shield, whether through DDoS mitigation, the WAF, access lists, bot detection, or upload scanning, is excluded from your usage.

The result is a plan structure that grows fairly with your traffic without hidden costs or surprises.

What the numbers show

Six months on, Bunny Shield has quietly processed over 51.9 trillion requests, filtering out 16.4 billion malicious ones before they could cause harm. Across tens of thousands of websites, it’s kept performance steady and traffic secure without missing a beat.

Bunny Shield mitigating a large-scale attack. Challenging more than 142 million abusive requests and blocking nearly 100 million in a single day with zero impact to performance.

Across the edge, Bunny Shield’s layered defenses work in concert. Here’s what that looks like in numbers:

• DDoS Attacks
  • 3.6 billion challenged before reaching origins
  • 42.9 million threat sources blocked
  • 2.1 billion logged for anomaly detection
• Bot Detection
  • 986 million challenges issued
  • 1.16 billion logged for behavioral analysis
• Rule Engine
  • 177 million blocked by custom or managed WAF rules
  • 2.2 billion logged for tuning and insights
• Access Lists
  • 188 million challenged
  • 133 million blocked by access rules
  • 360 million logged for visibility
• Rate Limiting
  • 3.6 billion challenged globally
  • 1.7 billion blocked for exceeding thresholds
  • 37 million logged for visibility and refinement
• Upload Scanning
  • 1.55 million files scanned for malware and unsafe content

Monthly malicious request volume, April–October. A massive DDoS surge in September pushed malicious traffic to 7.9 billion. A vivid example of how unpredictable the threat landscape can be before settling back to normal levels in October.

Behind each of those numbers is a request that stayed online, a user who never saw an error page, and a builder who could keep focusing on what mattered instead of firefighting.

The road ahead

Security never stands still and neither does Bunny Shield. The next stage is all about depth. Smarter detection, better visibility, and even greater trust.

API Guardian leads the way, adding schema-aware inspection, stronger authorization validation, and early AI protections for APIs and intelligent applications. It understands context, not just traffic, helping stop abuse before it reaches your logic layer.

Upload scanning continues to evolve, catching malware, spam, and harmful content continuously before it ever reaches your origin.

Bot detection is growing more intelligent through new behavioral models and anomaly analysis that identify subtle automation patterns while reducing friction for legitimate users.

As the landscape shifts, automated scraping and AI-powered bots are driving up bandwidth costs and putting more pressure on infrastructure. Bunny Shield is evolving to give you greater control over these threats, helping you defend your content, manage costs, and maintain performance without constant intervention.

Observability is expanding across the platform. Soon, Bunny Shield will provide clearer insights into live attacks and overall traffic behavior, making it easier to understand what’s happening at the edge in real time. Richer analytics and deeper visibility will turn defense into something measurable and transparent.

DDoS alerts are also coming soon, giving you instant visibility when large-scale attacks are detected and mitigated. You’ll be able to see when and how Bunny Shield steps in to protect your traffic, with real-time updates and clear summaries that bring peace of mind without adding noise.

Together, these improvements are shaping Bunny Shield into more than a security product. It’s becoming the intelligence layer of the bunny.net platform. A foundation that powers, protects, and accelerates everything built on it.

Ready for whatever comes next

As Bunny Shield moves into General Availability, it carries six months of lessons, testing, and real-world proof. It’s faster, smarter, and easier to use than ever, built for anyone, from first projects to global platforms.

Thank you to everyone who helped shape it during Preview. Your feedback, ideas, and patience made this release what it is.

Bunny Shield is now generally available.

Turn it on. Let it run. Stay protected.

This is just the beginning of what bunny.net is becoming. A platform built to power and protect the internet, one hop at a time.

Explore the Advanced, Business, and Enterprise plans to find your perfect level of protection and hop into stronger security today.