The Foundation for
What’s Next

A Proposal for Dollar General Technology Leadership

A Tuesday Morning

Nearly 20,000 locations. Millions of decisions. One foundation.

It’s early. A cold front is moving through. SNAP disbursements hit accounts overnight, and this store — one of nearly 20,000 — will see its heaviest traffic of the month before noon. A truck that was supposed to arrive yesterday is running late. A promotion goes live at 6am across every location in the region.

None of this is unusual. Dollar General runs at this pace every day, across every time zone, in communities where it is often the only option for miles.

What makes the difference between a morning that works and one that doesn’t isn’t luck — it’s the infrastructure underneath the operation. The AI agents that saw the demand pattern two weeks ago and made sure the shelf was ready. The systems that held steady through the card terminal rush without flinching. The foundation that let the price stay where it needed to be, because the cost structure running underneath it wasn’t carrying dead weight.

The customer at the register doesn’t see any of that. They see a store that was ready for them. They see the shelf stocked, the price right, the transaction through.

That’s the outcome. Everything in this proposal is about the foundation that makes it possible — and what happens to that outcome when the foundation isn’t ready for what the business is becoming.

DG’s Inflection Point

Using AI to change the way work gets done

That shows up in three places.

01
Build capability everywhere

You’re trying to put AI-building capability into the hands of every employee, not just a centralized team. The goal is a workforce that can build with AI as a normal part of doing the job, not just use what’s handed to them.

Shopping cart
02
Give agents the ability to act

You’re trying to let AI agents actually act inside the business — executing workflows, touching applications, APIs, and data — not just answering questions about them. That’s automation with the ability to take action.

03
Fund it without bloating the cost structure

You’re doing all of this while every dollar spent has to prove operational efficiency. You’ve put a 6% to 7% operating margin target in front of investors and signaled you’re willing to let operating costs grow faster than sales this year to fund the AI build-out.

Those three things — build capability everywhere, give agents the ability to act, and fund it without bloating the cost structure — are the lens for this entire conversation.
01
Why Now — Pillar 1

Build Capability Everywhere

The Gap

This is the governance layer that makes “everyone builds” a capability the business can trust, not a risk it has to manage.

Putting AI-building capability in the hands of every employee only works if there’s a layer underneath them governing what gets built — what tools an employee’s AI can reach, what data it can touch, what gets logged when it acts. That layer doesn’t exist today. Without it, “everyone builds” turns into hundreds of ungoverned experiments instead of one capability the business can trust and scale.

Why Cloudflare

One governed foundation for everyone to build on.

Cloudflare doesn’t just sell AI products. It rebuilt its own internal operations so every employee could build with AI, and the same foundation that made that possible is what we’re putting in front of you. MCP Server Portals give you a single, centralized point where every AI tool and agent connection gets authenticated, scoped to least-privilege access, and logged automatically. Unapproved AI tools get caught before they become the thing nobody knew was running.

What This Looks Like at Dollar General

A merchandising analyst, a finance team member, an HR business partner — each one building an internal AI workflow on top of Data Engineering’s foundation, using only pre-approved tools exposed through MCP Server Portals, with authentication, scoping, and logging already in place. No IT ticket. No waiting for a central team. No ungoverned experiment running somewhere nobody can see.

That’s what “every employee builds” looks like when the governance layer exists underneath it. The recent move to bring Data Engineering under the same leadership as AI strategy is exactly what positions the organization to enable this — and what needs governance in place before it scales. The same network underneath every capability in this document — one foundation, not a different one for every use case.

02
Why Now — Pillar 2

Give Agents the Ability to Act

Dollar General is not just asking AI to answer questions. You are giving agents the ability to act inside the business — executing workflows, touching applications, calling APIs, and reaching into data.

The Gap

This is where AI goes from answering questions to taking action — and where the controls that make that safe have to live.

You’re giving agents the ability to act. You have no way to see or control what they do once they’re acting. The moment AI moves from answering questions to taking action — touching applications, calling APIs, reaching into data — the risk profile changes completely. There’s no inspection of what an agent is sending or receiving, no way to catch an unapproved AI tool connecting to something it shouldn’t, no firewall built for AI-to-application or AI-to-API traffic anywhere in the stack today. You’re extending trust to agents you can’t fully see.

Why Cloudflare

A control layer built for agents that act, not just AI that answers.

AI Security for Applications sits in front of your AI-powered applications and APIs, inspecting prompts and responses for injection attempts, data leakage, and abuse. It’s the layer that doesn’t exist in your stack today, purpose-built for the moment AI stops answering questions and starts taking action. AI Gateway sits underneath it as the control plane for every model your agents call, governing what gets used and how. As commerce itself starts to go agentic — AI making purchasing decisions on a customer’s behalf — this is the same layer that keeps those interactions trustworthy.

03
Why Now — Pillar 3

Fund It Without Bloating the Cost Structure

You’re funding the future. You’re still paying a premium for the past.

The Gap

This is how you fund what’s next without letting the cost structure become the next thing that needs fixing.

The starting point isn’t just one vendor or one contract. It’s the fact that security across your environment, whether an application lives in the cloud, in multiple clouds, or on-prem, is being managed through separate solutions that don’t share a policy, a signal, or a single point of control. Different tools, different teams keeping each one tuned, different management interfaces depending on where the workload happens to live. That’s not a security strategy. It’s accumulation. And on top of that, you’re carrying a premium contract with a legacy provider whose architecture wasn’t built for what your business is becoming.

You’ve told investors the AI operating model is meant to lower SG&A per unit of work over time: a productivity goal, not just a cost-cutting one. A security footprint that takes more people and more tooling to run the same way it did five years ago works against that goal directly.

Why Cloudflare

One policy engine, every environment — and protection that starts before traffic ever reaches you.

Cloudflare is cloud-agnostic by design: the same WAF, the same bot management, the same rule enforcement whether the origin sits in Azure, GCP, or your own data center. A single policy change is enforced everywhere in seconds, not re-tuned three separate times by three separate teams. As you move toward a regional colo model, always-on network DDoS protections defend the network layer before traffic ever reaches your infrastructure.

A First, Worth Noting

SG&A (selling, general and administrative expenses — the cost of running the business day to day) has grown nearly every year for years. That part isn’t new. What is new: on your Q1 2026 call, leadership named AI specifically as a reason operating costs will grow faster than sales this year, distinct from the usual drivers like labor, remodels, and incentive comp. That’s the first time AI has been called out by name as the reason for that trade-off in recent disclosure history.

Naming it changes the bar. If AI investment is the reason margin gives a little, every dollar tied to that investment, including what’s spent securing it, needs to actually earn that trade-off.

The Comparison
Question Fragmented Today Cloudflare Foundation
How many tools to manage? Several, by environment One policy engine across all
How many teams to keep it current? Multiple, each tuning separately One team, common rules everywhere
How does it scale with AI? More complexity, more overhead Same network, more workloads
What does each extra dollar buy? Maintaining yesterday’s architecture Freeing budget for the AI operating model
You’re not just choosing a vendor. You’re choosing the foundation your AI operating model will sit on for the next decade.

None of this hands you a check that pays for your AI roadmap outright. What it does is remove a layer of cost and complexity working against the efficiency goals you’ve already set — savings you can choose to redirect toward the initiatives that matter most.

Akamai: Built for a Different Era

Akamai built its foundation for a different era of the internet — one defined by websites, not ecosystems. Adding capabilities on top of that foundation doesn’t change what’s underneath it. Maintaining it today means paying a premium to protect yesterday’s architecture across multiple disconnected environments, at the exact moment every dollar is being asked to prove it’s earning its place. The cost isn’t just the contract. It’s the opportunity sitting behind it.

Before Q4 2026, you’ll be making a renewal decision on your Akamai contract. That’s not just a procurement moment — it’s a chance to ask whether what you’re renewing is the right foundation for where DG is going.

And the Same Discipline Applies to What’s Next

Consolidating the fragmented security footprint is only half of the cost story. The AI build-out itself needs the same discipline. If 4,500 corporate employees are calling different models through different tools with no spend visibility, AI costs don’t behave like a controllable operating expense. They behave like cloud sprawl.

AI Gateway is what changes that. Spend limits set in actual dollars, not tokens, scoped by team, model, or application, so the AI build-out stays on the right side of the SG&A equation rather than quietly working against it.

Worth noting: AI Gateway can be deployed independently of any other decision in this proposal — you don’t have to consolidate your security footprint or replace any existing vendor to start governing AI spend. It stands on its own.

DG sets AI spend limits per team — finance, merchandising, supply chain, HR — in actual dollars, so AI costs behave like a controllable operating expense rather than an unpredictable line item. Each team’s AI budget is visible, bounded, and reportable. That’s what “lower SG&A per unit of work” requires as a prerequisite: not just more AI capability, but governed AI spend that finance can see and leadership can trust.
A Different Question

Cloudflare’s Architecture Is Built for
What Comes Next

Every other security provider has answered the same question the same way: take infrastructure that already exists, and layer security products on top of it. A box here, a proxy there, a service that traffic gets routed to so it can be inspected before continuing on its way.

Cloudflare started somewhere else entirely. Cloudflare asked a different question: can the internet itself be the security layer?

For DG, the question becomes: can the same network that protects roughly a quarter of the internet become the foundation for your AI operating model? The answer matters because DG doesn’t need to build a global, AI-ready network from scratch. Cloudflare is the already-built part of the foundation underneath the AI operating model — the part that handles security, governance, cost control, and connectivity while your teams focus on building what’s on top of it.

That’s not a tagline, it’s an architecture. Traffic doesn’t detour to Cloudflare — it already runs through it. The network sits in the direct path between every user and every application, in 330+ cities, carrying roughly a quarter of the world’s internet traffic by design, not by routing exception. That’s why support for agentic AI, AI Gateway, MCP, and everything DG is building toward isn’t a feature bolt-on. It’s the same network, doing what it’s always done.

We don’t live on a detour. We don’t live at a separate inspection point. We live in the path.
What’s at Stake

Protecting the Return on What You’ve Already Committed To

Leadership has accepted higher near-term operating costs specifically to fund the AI build-out — a deliberate trade-off named publicly, separate from the routine capital going toward new stores and remodels. That’s not a budget line. That’s a bet. And every bet needs a foundation that holds.

Every dollar in that investment is only worth what it can safely produce. An AI operating model is only valuable if what gets built on top of it can be trusted, governed, and kept running. The risk isn’t a dramatic incident — it’s that the foundation quietly doesn’t hold, and the investment doesn’t deliver what you told investors it would.
Protecting the Investment, Not Just the Network

Cloudflare’s value here isn’t preventing a hypothetical bad day. It’s making sure the capital already committed to the AI operating model gets to do what it was designed to do — on the timeline you’ve already set with the Street.

The Cost of Getting This Wrong — Annual Business Value at Risk

DG has established a 6% to 7% operating margin target as part of its long-term financial framework while continuing to invest in AI, technology modernization, data engineering, and the systems required to change the way work gets done.

The question is no longer whether AI is worth the investment. DG already made that decision. The question is whether those investments deliver the business outcomes they’re intended to. The ROI.

The larger financial risk is failing to realize the expected business value, not merely the cost of recovering from a security incident.

Business Outcome Estimated Annual Value
Productivity gains from AI ~$28M/year
If operating margin improves by just 0.10% (10 bps) ~$43M/year
If operating margin improves by 0.25% (25 bps) ~$107M/year
If operating margin improves by 0.50% (50 bps) ~$215M/year
Cost of delay — every quarter the AI rollout slips ~$7M/quarter

*Assumptions: ~4,500 AI users, 20 minutes/day, 250 workdays/year, $75/hour loaded labor cost. **1 basis point = 0.01%.

These figures illustrate the financial value dependent on successful AI execution. Delays postpone the return on investments DG has already made. If AI is adopted by approximately 4,500 corporate employees and saves 20 minutes per employee per day, DG stands to recover roughly 375,000 productive hours annually.

Cloudflare’s Value

Cloudflare’s value to DG goes beyond protecting AI applications and infrastructure. It protects the business outcomes and ROI those investments are intended to deliver. By reducing the financial risk of delays and disruptions associated with security, networking, application delivery, and AI execution, Cloudflare protects the productivity gains, operating efficiencies, and ROI DG expects from the investments it has already made.

The Goal Behind the Numbers

On the Q1 2026 earnings call, leadership described the purpose of the AI operating model in explicit terms: lowering SG&A per unit of work over time. That’s a productivity goal, not just a cost-cutting one — getting more output, more workflows completed, more tasks handled, without growing administrative overhead at the same rate.

The $28M productivity figure isn’t a hypothetical. It’s the SG&A-per-unit-of-work goal expressed in dollars — the same objective named publicly, priced out.

You’ve put a 6% to 7% operating margin target in front of investors and accepted operating costs growing faster than sales this year specifically to fund this build-out. Every quarter the AI rollout is slowed by an unstable or ungoverned foundation is a quarter further from both the productivity outcome and the margin target — a direct delay against numbers already shared with the Street.

Cloudflare is not simply securing infrastructure. It is providing the architectural foundation that protects the return on DG’s AI investment and enables the future operating model described throughout this proposal.
Background

Cloudflare’s Origin Story

From shield — to development environment — to AI infrastructure

Cloudflare started with a question. In 2004, its founders built Project Honey Pot, a free tool that let website owners track the spammers and fraudsters abusing their sites. Tens of thousands of sites joined. Then one participant asked the question that changed everything: don’t just track the bad guys. Stop them.

Stopping them — for any site, of any size, anywhere on earth — required something nobody had built: a single global network that could inspect and protect traffic in hundreds of cities at once, with every location running the same services. The founders chose the hardest possible path: build that network in software instead of selling hardware boxes into data centers, which is how every networking company of that era made money.

In 2017, Cloudflare opened that network to developers — its most important decision yet. Anyone, including enterprises like DG, could now run code directly on the same servers, in the same cities, behind the same protections. The network stopped being only a shield. It became a place where applications live.

Then AI arrived. AI agents need compute that is globally distributed, millisecond-fast, secure by default, and instantly available — no servers to provision, no regions to choose. That’s not a description of what the hyperscalers built. It’s a description of what Cloudflare had spent fifteen years building. Not for AI. For the hardest problems on the internet. And then AI arrived.

~25%
of world’s internet traffic
330+
cities worldwide
500 Tbps
network capacity
Appendix

More Resources & Listening

Selected podcasts, analysis, and primary sources on Cloudflare, AI infrastructure, quantum readiness, and the current threat landscape.

Podcasts

Decoder with Nilay Patel — Why Cloudflare’s CEO Is the Internet’s Unlikely Defender

Useful overview of what Cloudflare is and why its role in internet infrastructure is unusual.

podcasts.apple.com → Decoder
AI and Architecture

Cloudflare and the New Internet Architecture

Independent essay on network-layer convergence.

nikhs.substack.com
AI and Architecture

Cloudflare Investor Day — June 9th, 2026

Official earnings calls, investor days, and presentations.

cloudflare.net/events-and-presentations
Quantum Readiness

Cloudflare Becomes the First and Only SASE to Support Modern Post-Quantum Encryption

February 2026 milestone.

finance.yahoo.com
Threat Landscape and Scale

Cloudflare — 2026 Threat Report

How attacks are changing across the network.

blog.cloudflare.com/2026-threat-report
Threat Landscape and Scale

Cloudflare — Famous DDoS Attacks: The Largest Attacks of All Time

The largest attacks mitigated on the network.

cloudflare.com/learning/ddos/famous-ddos-attacks
AI Cost Management

Your AI Bill Is Out of Control. Cloudflare Can Fix It Now.

Introducing dollar-denominated spend limits in AI Gateway — budgets in dollars, not tokens, scoped by team, model, or application.

blog.cloudflare.com/ai-gateway-spend-limits