Arcjet provides a developer-first security platform that integrates directly into application code. The company offers security features including bot detection, rate limiting, email validation, attack protection, and PII redaction through SDKs for JavaScript/TypeScript frameworks like Next.js, SvelteKit, NestJS, and Hono, as well as Python. The platform operates on a local-first architecture using WebAssembly (Wasm) for native performance, allowing security rules to execute within the application runtime rather than relying on external agents or cloud-based processing. This approach enables developers to define security rules as code, version them alongside application code, and test them in development environments before deployment. Arcjet Shield provides web application firewall (WAF) capabilities to protect against common attacks including those in the OWASP Top 10, such as SQL injection, XSS, and CSRF. The platform includes IP geolocation data, VPN and proxy detection, traffic filtering based on request characteristics, and dynamic quota controls for AI applications based on token counts. The security context from Arcjet decisions is accessible within application logic, allowing developers to adjust behavior based on why a request was allowed or denied. The platform supports dry-run modes for testing rules without blocking traffic and sampling capabilities for gradual rollout. Arcjet integrates with platforms including Vercel, Netlify, Fly.io, and authentication providers like Clerk and Auth.js, as well as AI frameworks like LangChain and OpenAI.