Arcjet is a runtime security toolkit that runs inside your code — bot detection, rate limiting, email validation and a Shield WAF, all configured in TypeScript. Free tier, $9/mo Pro, Apache-2.0 SDKs.
Arcjet is a runtime application-security toolkit that ships inside your Node.js, Next.js, Bun, Deno or Python codebase — bot detection, rate limiting, email validation, prompt-injection guards and a Shield WAF, all driven by a single SDK call. We rate it 87/100: if you build APIs or AI agents in JavaScript or Python and you don’t want to live behind a heavyweight WAF appliance, Arcjet is the most developer-pleasant option on the market today.
Arcjet is a security-as-code platform founded by David Mytton (previously CEO of Server Density) in late 2023. The company emerged from stealth in with a $3.6M seed led by Andreessen Horowitz, then closed an additional $8.3M Series A in — bringing total funding to about $12M. The flagship JavaScript SDK lives at github.com/arcjet/arcjet-js (Apache 2.0, ~660 stars as of ) with a Python SDK at arcjet-py and a freshly released MCP server for AI coding agents.
Where Cloudflare and AWS WAF sit at the network edge and treat your application as a black box, Arcjet runs as a library imported into your handler. That means rules are code: you can rate-limit per authenticated user, allow Googlebot but block scrapers on a single route, and redact PII before it ever leaves your function. The platform currently classifies more than 600 bots into 25 categories and exposes the same identical API across @arcjet/next, @arcjet/node, @arcjet/bun, @arcjet/sveltekit, @arcjet/nestjs, @arcjet/remix, @arcjet/deno and the new @arcjet/guard for non-HTTP contexts.
SEARCH_ENGINE bots like Googlebot from AI_CRAWLER, SCRAPER and AUTOMATED. You allowlist or denylist by category, by name or by user agent regex — all in code, per route.arcjet-guard module redacts PII from prompts and tool calls and detects prompt-injection attempts before they reach an LLM. Aimed at AI agents and MCP servers.arcjet().protect(req) call works everywhere.protect() call returns a decision object with the rule that fired, the reason and the recommended response. You can log it, override it, or run in dry-run mode in development.arcjet/mcp lets coding agents like Cursor and Claude implement Arcjet rules through tool calls — agents read your code and propose protect rules.
Sentiment is unusually positive for a security tool. On Hacker News, the launch thread and the Series A announcement both landed near the top of the front page, with developers praising how short the integration path is — commenters repeatedly cite the “five lines and you’re done” Next.js middleware example. On Reddit’s r/nextjs and r/node, Arcjet is the most-recommended drop-in alternative to rolling your own bot detection on top of Cloudflare Turnstile or hCaptcha.
The honest complaints are real: it’s JavaScript-and-Python first — if your stack is Go, Ruby or PHP you’re currently waiting. Some early adopters report that the Shield WAF is more conservative than Cloudflare’s, with fewer false positives but also fewer aggressive blocks out of the box. Pricing visibility is the most-cited friction: the public site lists a Free and a Pro plan but pushes Business / Enterprise to a sales conversation, which lands oddly for an otherwise self-serve developer tool.
Arcjet is freemium. The free tier is generous enough for hobby projects and small startups; usage scales with monthly requests and which security building blocks you turn on.
| Plan | Price | Key Limits |
|---|---|---|
| Free | $0/month | Up to 3,000 protected requests/month, all rules, community support, single project. |
| Pro | From $9/month | Higher request volume, multiple projects, longer log retention, email support. Scales with usage. |
| Business / Enterprise | Contact sales (typ. $399+/month) | SOC 2 documentation, custom request volume, SSO, SLAs, dedicated support. |
Best for: JavaScript and Python teams shipping APIs, SaaS dashboards or AI agents who want to put bot detection, rate limiting and a basic WAF in front of every route without operating a network edge. Especially strong for Next.js, Hono and Bun apps deployed on Vercel, Netlify, Fly.io or Cloudflare Workers.
Not ideal for: Go, Ruby, PHP or Java backends — the SDK isn’t there yet. Also a hard pass for teams who want a fully managed network-edge WAF with DDoS scrubbing — Arcjet is in-process, not in front of your CDN.
Pros:
protect() callCons:
The closest direct competitors are Vercel BotID (Next.js-only, narrower in scope, tightly tied to Vercel deployments), Castle (login-flow risk scoring rather than per-route rules) and Cloudflare Bot Management + Rate Limiting (network-edge, far more mature, requires Cloudflare in front of your stack). For application-layer rate limiting on Vercel specifically, Upstash Ratelimit handles the rate-limiting subset but not bot detection or WAF.
Yes — with a clear caveat. If your backend is Node, Next.js, Bun, Deno or Python, and you’re currently building bot detection or rate limiting in-house, Arcjet is the fastest credible upgrade. The free tier is enough to evaluate it on a real production app, the SDKs are open source, and the team has shipped at a steady pace through 2024, 2025 and into 2026. The 87 score reflects a small product surface area with very high polish in what it covers; if your stack is Go or PHP, wait for the SDK or look at edge-WAF alternatives.
AI_CRAWLER category covering GPTBot, ClaudeBot, PerplexityBot, Google-Extended and others, and the new arcjet-guard module adds prompt-injection and PII protection for AI agents themselves.
SecurityOpen-source password manager — unlimited free vault on every device, AES-256 encryption, audited annually.
SecurityDeveloper-first enterprise identity — SAML SSO, SCIM, audit logs and AuthKit behind OpenAI, Cursor and Vercel
SecurityFree, network-wide ad & tracker blocking DNS server you self-host in five minutes.
SecurityOpen-source auth infrastructure with multi-tenancy, SSO, and RBAC built on OIDC and OAuth 2.1.
ServiceNow and Accenture Launch Forward Deployed Engineering Program to Scale Agentic AI in the Enterprise (May 6, 2026)
At Knowledge 2026, ServiceNow and Accenture announced a joint forward deployed engineering program that drops co-located engineer pods into customer environments to ship agentic AI workflows natively on the ServiceNow AI Platform — with access to 300+ pre-built agent skills and the AI Control Tower as the governance backbone.
May 7, 2026
ReFiBuy Raises $13.6M Seed to Help Brands Get Recommended by AI Shopping Agents (May 5, 2026)
ReFiBuy, the Raleigh-based agentic commerce platform from ChannelAdvisor founder Scot Wingo, closed an oversubscribed $13.6M seed led by NewRoad Capital Partners on May 5, 2026 — betting that the next billion-dollar e-commerce moat is being chosen by ChatGPT, Claude and Perplexity.
May 7, 2026
OpenAI Replaces ChatGPT's Default Model With GPT-5.5 Instant — 52.5% Fewer Hallucinations, 30% Shorter Answers (May 5, 2026)
OpenAI on May 5 swapped GPT-5.3 Instant for the new GPT-5.5 Instant as ChatGPT's default model, claiming 52.5% fewer hallucinated claims on high-stakes prompts and 30% more concise answers. The model also rolls into the API as chat-latest and adds personalization from Gmail and past chats for Plus and Pro web users.
May 7, 2026
Is this product worth it?
Built With
Compare with other tools
Open Comparison Tool →