How to run Wasm in Java - how does Wasm interact with the JVM and what options are there for Java Wasm runtimes?
How Arcjet detects the real client IP in Firebase deployments, bypassing X-Forwarded-For issues by utilizing a custom Firebase header.
I recently joined James Governor at RedMonk to talk about why security tooling still feels years behind the rest of the developer ecosystem and what it would take to treat security as just another feature that developers build rather than a bolt-on afterthought. You can listen to the full conversation
Arcjet has opened its first physical office in New York City a central hub connecting our distributed team.
Arcjet’s mission is to help developers and security teams build with confidence, no matter where they work or what frameworks they choose. As the web evolves, you need tools that fit the way you already develop. That’s why we’re building native integrations into common web frameworks to
Announcing Arcjet’s local AI security model, an opt-in AI security layer that runs expert security analysis for every request entirely in your environment, alongside our Series A funding.
Arcjet filters let you block requests using expressions over HTTP headers, IP addresses, and other request fields.
How to verify AI agent identity using HTTP message signatures with TypeScript.
Google AI Overviews are causing fewer clicks for some site owners. If this is a fundamental shift in the web's traffic economy, how can site owners control where their content appears?
How we think about open source licensing, releasing open source projects, forks, and contributing upstream.
How do you design a security product for developers when they allegedly don't care about security?
How we implement different layers to secure our developer laptops & environments: Devcontainers, outbound firewall, macOS Transparency Consent and Control framework, and SSH agent for Git keys.
Tips and tools for running a devtools startup remotely in 2025. Document everything. Async workflows. Periodic in-person.
Bots now make up nearly half of all internet traffic - and many aren’t playing fair. Learn how to detect malicious crawlers, distinguish between AI agents, and defend your app using layered bot protection strategies like user-agent verification, fingerprinting, and rate limiting.
How Arcjet uses AWS Global Accelerator to route API requests via low-latency private networking to meet our end-to-end p50 latency SLA of 20–30ms.
How to detect Next.js middleware bypass exploits (CVE-2025-29927 & CVE‑2024‑51479) in request logs and using Arcjet for incident forensics.