Arcjet

Arcjet is a runtime application-security toolkit that ships inside your Node.js, Next.js, Bun, Deno or Python codebase — bot detection, rate limiting, email validation, prompt-injection guards and a Shield WAF, all driven by a single SDK call. We rate it 87/100: if you build APIs or AI agents in JavaScript or Python and you don’t want to live behind a heavyweight WAF appliance, Arcjet is the most developer-pleasant option on the market today.

What is Arcjet?

Arcjet is a security-as-code platform founded by David Mytton (previously CEO of Server Density) in late 2023. The company emerged from stealth in April 2024 with a $3.6M seed led by Andreessen Horowitz, then closed an additional $8.3M Series A in October 2025 — bringing total funding to about $12M. The flagship JavaScript SDK lives at github.com/arcjet/arcjet-js (Apache 2.0, ~660 stars as of May 6, 2026) with a Python SDK at arcjet-py and a freshly released MCP server for AI coding agents.

Where Cloudflare and AWS WAF sit at the network edge and treat your application as a black box, Arcjet runs as a library imported into your handler. That means rules are code: you can rate-limit per authenticated user, allow Googlebot but block scrapers on a single route, and redact PII before it ever leaves your function. The platform currently classifies more than 600 bots into 25 categories and exposes the same identical API across @arcjet/next, @arcjet/node, @arcjet/bun, @arcjet/sveltekit, @arcjet/nestjs, @arcjet/remix, @arcjet/deno and the new @arcjet/guard for non-HTTP contexts.

Key Features of Arcjet

• Bot protection (600+ bots, 25 categories): A managed signature list distinguishes SEARCH_ENGINE bots like Googlebot from AI_CRAWLER, SCRAPER and AUTOMATED. You allowlist or denylist by category, by name or by user agent regex — all in code, per route.
• Rate limiting (3 algorithms): Fixed window, sliding window and token bucket are first-class. Limits can key on IP, an authenticated user ID, an API key or any custom string. Configuration is dynamic: feed it a different bucket size for free vs. paid users at runtime.
• Shield WAF: A learn-and-block layer that watches request patterns over time and blocks clients exhibiting OWASP Top 10 behavior — SQLi probes, path traversal, common scanner patterns — without an explicit rule from you.
• Email validation: Catches disposable, no-MX and free addresses at signup. Validates the syntax, MX records and disposable status in a single call — useful for cutting trial-abuse signups before they hit your database.
• Sensitive-data & prompt-injection guards: The newer arcjet-guard module redacts PII from prompts and tool calls and detects prompt-injection attempts before they reach an LLM. Aimed at AI agents and MCP servers.
• Drop-in framework adapters: First-class adapters for Next.js (App Router and Pages), Express, Hono, NestJS, SvelteKit, Remix, Bun, Deno, Fastify and Python FastAPI. The same arcjet().protect(req) call works everywhere.
• Local mode & deterministic decisions: Each protect() call returns a decision object with the rule that fired, the reason and the recommended response. You can log it, override it, or run in dry-run mode in development.
• MCP server for AI agents: Released in April 2026, arcjet/mcp lets coding agents like Cursor and Claude implement Arcjet rules through tool calls — agents read your code and propose protect rules.

What Users Say About Arcjet

Sentiment is unusually positive for a security tool. On Hacker News, the launch thread and the Series A announcement both landed near the top of the front page, with developers praising how short the integration path is — commenters repeatedly cite the “five lines and you’re done” Next.js middleware example. On Reddit’s r/nextjs and r/node, Arcjet is the most-recommended drop-in alternative to rolling your own bot detection on top of Cloudflare Turnstile or hCaptcha.

The honest complaints are real: it’s JavaScript-and-Python first — if your stack is Go, Ruby or PHP you’re currently waiting. Some early adopters report that the Shield WAF is more conservative than Cloudflare’s, with fewer false positives but also fewer aggressive blocks out of the box. Pricing visibility is the most-cited friction: the public site lists a Free and a Pro plan but pushes Business / Enterprise to a sales conversation, which lands oddly for an otherwise self-serve developer tool.

Arcjet Pricing

Arcjet is freemium. The free tier is generous enough for hobby projects and small startups; usage scales with monthly requests and which security building blocks you turn on.

Plan	Price	Key Limits
Free	$0/month	Up to 3,000 protected requests/month, all rules, community support, single project.
Pro	From $9/month	Higher request volume, multiple projects, longer log retention, email support. Scales with usage.
Business / Enterprise	Contact sales (typ. $399+/month)	SOC 2 documentation, custom request volume, SSO, SLAs, dedicated support.

Who Should Use Arcjet?

Best for: JavaScript and Python teams shipping APIs, SaaS dashboards or AI agents who want to put bot detection, rate limiting and a basic WAF in front of every route without operating a network edge. Especially strong for Next.js, Hono and Bun apps deployed on Vercel, Netlify, Fly.io or Cloudflare Workers.

Not ideal for: Go, Ruby, PHP or Java backends — the SDK isn’t there yet. Also a hard pass for teams who want a fully managed network-edge WAF with DDoS scrubbing — Arcjet is in-process, not in front of your CDN.

Pros and Cons

Pros:

• Shortest integration path of any application-security tool we’ve tested — one import and one protect() call
• Same API across 8+ frameworks; rules are TypeScript, not a vendor DSL
• Open-source SDKs (Apache 2.0) so you can audit exactly what gets sent to the cloud
• Built-in prompt-injection and PII redaction guards aimed specifically at AI agents
• Backed by a16z, Plural and other top-tier investors — not a one-person side project

Cons:

• JavaScript / Python only today; no Go, Ruby, PHP or Java SDK
• Not a network-edge product — you still need a CDN for L3/L4 DDoS protection
• Business-tier pricing is hidden behind a sales call, which feels off-brand for a dev tool
• Shield WAF rule library is younger and less aggressive than Cloudflare’s decade-old rulesets

Alternatives to Arcjet

The closest direct competitors are Vercel BotID (Next.js-only, narrower in scope, tightly tied to Vercel deployments), Castle (login-flow risk scoring rather than per-route rules) and Cloudflare Bot Management + Rate Limiting (network-edge, far more mature, requires Cloudflare in front of your stack). For application-layer rate limiting on Vercel specifically, Upstash Ratelimit handles the rate-limiting subset but not bot detection or WAF.

Verdict: Is Arcjet Worth It?

Yes — with a clear caveat. If your backend is Node, Next.js, Bun, Deno or Python, and you’re currently building bot detection or rate limiting in-house, Arcjet is the fastest credible upgrade. The free tier is enough to evaluate it on a real production app, the SDKs are open source, and the team has shipped at a steady pace through 2024, 2025 and into 2026. The 87 score reflects a small product surface area with very high polish in what it covers; if your stack is Go or PHP, wait for the SDK or look at edge-WAF alternatives.

Frequently Asked Questions

Is Arcjet free?

Yes — Arcjet has a free plan that includes up to 3,000 protected requests per month, all security rules and community support. Paid plans start at $9/month, with custom Business / Enterprise pricing typically starting around $399/month.

What languages and frameworks does Arcjet support?

Arcjet ships official SDKs for JavaScript / TypeScript and Python. Adapters cover Next.js, Node, Bun, Deno, SvelteKit, Remix, NestJS, Hono, Fastify, Express and FastAPI. Go, Ruby and PHP are not yet supported.

Is Arcjet open source?

The client SDKs are open source under Apache 2.0 (arcjet-js and arcjet-py). The decision engine and bot signature database are managed services hosted by Arcjet.

How does Arcjet compare to Cloudflare Bot Management?

Cloudflare runs at the network edge and protects your entire site from L3/L4 attacks; Arcjet runs inside your application code and lets you write per-route, per-user security rules in TypeScript. They’re complementary, not directly competing — many teams use both.

Does Arcjet protect against AI bots and scrapers?

Yes. Arcjet’s bot library includes a dedicated AI_CRAWLER category covering GPTBot, ClaudeBot, PerplexityBot, Google-Extended and others, and the new arcjet-guard module adds prompt-injection and PII protection for AI agents themselves.