Arcjet, a security platform that embeds directly into application code, has raised $8.3 million in Series A funding, bringing its total to $12 million. The round was led by Plural and Ott Kaukver (former CTO of Twilio and Checkout.com), with backing from Andreessen Horowitz, Seedcamp, Jeff Lawson (ex-CEO of Twilio), and Feross Aboukhadijeh (CEO of Socket). The money is aimed squarely at scaling Arcjet’s developer-first security model, a fresh take on how to protect modern apps against AI-driven attacks.
The company’s timing feels sharp. Bots already outnumber humans online, with 37% of traffic coming from malicious sources. AI isn’t just accelerating the problem; it’s mutating it, spawning adaptive, automated attack patterns that slip through perimeter defenses. From fake sign-ups and scraping to API floods, the damage is real: businesses lost an estimated $116 billion to bot-driven attacks last year, with the largest enterprises carrying a disproportionate share of the burden. Arcjet is positioning itself as the shield developers can wield without slowing down their ship cycles.
Unlike legacy tools that live at the edge and see only packets, Arcjet’s new local AI detection model embeds directly inside the request handler, where it inspects requests in real time against both user behavior and business context. This lets developers block scraping bots, fraudulent signups, and abuse traffic in milliseconds without bolting on agents, proxies, or external appliances. Essentially, Arcjet is making security a feature of the code itself—deployable, testable, and adaptable alongside the rest of the application.
The traction numbers are already notable: more than 1,000 developers are using Arcjet across 500 live production apps, many in AI and e-commerce. One early adopter reported cutting serverless costs by two-thirds after Arcjet blunted a wave of malicious scraping; another passed a critical security audit in time for a finance platform launch. These anecdotes underline why Arcjet’s approach matters—security as developer-native, not an afterthought.
David Mytton, Arcjet’s founder and CEO, comes with serious credibility—having built Server Density (acquired by StackPath) and published Console.dev, he knows the developer mindset. Investors clearly buy into his thesis. Sten Tamkivi at Plural praised Mytton’s execution and traction, Ott Kaukver framed Arcjet as necessary for edge-era development, and a16z’s Zane Lackey highlighted its ability to keep pace with AI-accelerated software lifecycles. Even Seedcamp leaned into the idea that “shipping security with code” represents a foundational shift.
The broader backdrop here is the AI-driven transformation of both attackers and defenders. As AI agents, AI coding assistants, and edge-native frameworks redefine how software is built, security must be refactored too. Arcjet is betting that the only way forward is to treat security like any other piece of code—checked in, versioned, tested, and shipped. And given the size of the problem ($116 billion in bot damage isn’t pocket change), the market may be more than ready for this pivot.
Leave a Reply