Arcjet

Good security doesn’t have to mean expensive tools or a complex setup. For most teams, the real challenge is choosing tools that fit their workflow and provide meaningful protection without becoming another system to manage. What security tools have delivered the most value for your team relative to their cost?

Arcjet JS SDK v1.0 is out of beta. Stable API, production-ready, built for predictable upgrades. Security shouldn’t add maintenance work. v1.0 is our long-term commitment. hubs.li/Q041jjh90

Every new security system in healthcare creates another place sensitive data can live. See what happens when security runs inside your app. hubs.li/Q040qF_b0

2025 was a defining year for Arcjet. We shipped major platform updates, expanded framework support, and saw adoption grow to nearly 1,000 production deployments, all focused on security developers actually use. Here's what we built and what’s next: hubs.li/Q03_PbXW0

Arcjet now offers a Python SDK. Add rate limiting, bot detection, email validation, and signup protection directly to FastAPI and Flask apps, right in your code. Read here: hubs.li/Q03--l490

Framework security guides stop where production abuse begins. Bots, API misuse, and valid requests that cost money don’t appear until real traffic hits. We wrote about what actually breaks in production. hubs.li/Q03-F8XY0

Good reminder that AI works best once you understand the system. This PERN walkthrough builds the app manually first, then brings in AI, with Arcjet handling app-layer security where it belongs. hubs.li/Q03-F73n0

Running WebAssembly on the JVM isn’t trivial. We break down the current runtime options, trade-offs, and gaps in the Java + Wasm ecosystem. hubs.li/Q03-s-_90

We wrote up how Arcjet actually works under the hood. SDKs written in native languages, local-first decisions via WebAssembly, a Go + gRPC backend, and infra designed for low-latency security at scale. If you like understanding systems, this is for you. hubs.li/Q03-2LgC0

Detecting the real client IP on Firebase is harder than it should be. We broke down why it’s tricky, what Firebase actually sends, and how to get it right if you rely on IP-based security like rate limiting or bot protection. hubs.li/Q03ZTMDl0

Security shouldn’t be a time sink, it should be stability you can count on. Imagine shipping with confidence, not reacting to attacks. hubs.li/Q03ZxLjK0

Implemented @arcjet in one of my project today to lock down API abuse with rate limiting. Loving how it drops straight into the middleware with just a few lines of code.

React2Shell wasn’t just another React bug. Arcjet CEO David Mytton @davidmytton joins @PodRocketpod to explain how React 19’s server features expanded the attack surface. If you’re building with React or Next.js, this is worth watching. hubs.li/Q03YtKx80

Developers often think Firebase hides the real client IP. Our research shows it doesn’t, there’s a consistent internal header with the true IP. This changes how rate limiting and abuse prevention should be done on managed platforms. Deep dive: hubs.li/Q03WWw2v0

Last week we shared @davidmytton’s chat with @monkchips at @redmonk on why security tooling feels out of step with modern development. This week we’ve published a deeper look at why we think security should be local, fast, and part of your codebase. hubs.li/Q03VTscZ0

Hear @davidmytton, CEO of @arcjet, chat security & #DevX with @monkchips. They discuss the importance of integrating security as a feature in developer workflows and the challenges developers face with traditional security tools. redmonk.com/blog/2025/11/1…

Arcjet is live from New York. We’ve opened our first office in Flatiron to connect our distributed team across North America and Europe. Read more about why we chose NYC: blog.arcjet.com/live-from-new-…

My first article in a while – a cohesive look Nuxt's data fetching tools, within the context of Nuxt's render lifecycle; not just the "how" but the "where", "when" and "why" – mainly for my benefit! davestewart.co.uk/blog/nuxt-data… cc @nuxt_js

Setting up the essentials for the @arcjet NYC office: 🍵 green tea, kettle, snacks, neon sign, 🌿 plants...

📦 I just published the Registry Directory: a list of code registries you can browse and pull code and components from. ui.shadcn.com/docs/directory Built into the CLI. No config required.