What's new in Arcjet (2026-06-12). New versions for each of our JS, Python, and Go SDKs to improve performance and detect proxies.

Reducing WebAssembly bundle size: how Arcjet shrank its Rust bot detector 27% with Aho-Corasick, keeping per-request memory isolation and using Wizer snapshots.

How we defend Arcjet’s MCP tool outputs from prompt injection by separating trusted guidance from untrusted evidence in structured responses.

Arcjet Guards runs security rules inside agent tool handlers, queue consumers, and workflow steps - where proxies and WAFs can't see.

How we built Arcjet’s production MCP server in Go: integrating with an existing API, reusing auth and middleware, designing agent tools, and supporting OAuth discovery.

How we replaced a single devcontainer with isolated OrbStack VMs to run multiple parallel development environments for AI agent workflows — architecture, CLI, and tradeoffs.

The expertise required to apply security correctly can now live inside the agent, not inside the developer's head or a separate team's backlog.

Arcjet today added an ability to detect and block risky prompts before they are shared with a large language model (LLM) embedded within an application. The Arcjet AI prompt injection protection capability is based on an LLM that the company has been specifically training to detect patterns indicative of risky prompts that can then be […]

Introducing Arcjet prompt injection detection. Catch hostile instructions before inference. Works with Next.js, Node.js, Flask, FastAPI, and any JavaScript / TypeScript or Python application.

Arcjet this week made available a software development kit (SDK) that makes it simpler for JavaScript developers to embed capabilities such as bot detection, rate limiting, email validation, attack protection and data redaction directly within their applications. Company CEO David Mytton said the release of v1.0 of its Arcjet JavaScript SDK makes it possible for […]

The Arcjet Python SDK allows you to implement rate limiting, bot detection, email validation, and signup spam prevention in FastAPI and Flask style applications.