I co-founded console.dev back in 2021 because there wasn’t anywhere for experienced developers to find good tools.
There are so many interesting tools for developers, so writing short reviews every week has been a lot of fun. Four years later and the newsletter now goes out to almost 30k engineers each week.
At the same time as writing console.dev I also started to get into security. I learned a lot working through HackTheBox challenges and completing their Certified Bug Bounty Hunter track.
This led me to ask: where are all the security tools for developers?
There are loads of good tools to help you write more secure code. Semgrep. Trunk. Dependabot. TruffleHog. GitHub code scanning.
But when you push to production, you end up using something like Cloudflare. Network level filters serve a purpose, but they aren’t built for developers creating modern applications deployed to modern platforms.
Who is logged in? What pricing plan are they on? Should your application simply block a request or do you want to flag an account for review? Trigger a re-auth? Send a JSON response that matches your API schema?
Looking around, I realized there were no security tools designed to help developers protect their applications in a way that makes sense today.
Try putting Cloudflare in front of Vercel – it doesn’t work well. How do you take advantage of Fly.io’s anycast proxy if you have another proxy in front of it? Do you really only test new security rules in production?
Security through network filtering is always going to be a separate system outside of your code which can’t be tested locally and has no idea about the details of your application. Developers need a set of tools that solve real problems in the way they’re used to – with code.
So I decided to start Arcjet. We’re building native security for Next.js, Node.js, Bun, SvelteKit, Vercel, Netlify, Fly.io and other modern frameworks & platforms to help developers protect their apps in production.
Whether you’re getting spam or fraudulent signups, have unwanted AI bots scraping your content, or need to distinguish API traffic between anonymous free users and paying customers, Arcjet helps developers tackle security challenges directly in code.
And today I’m excited to announce our $3.6 million seed funding led by Andreessen Horowitz. Read the full announcement on the Arcjet blog and sign up to try the product.
Security tooling has been lagging behind, forcing developers to put up with legacy systems detached from their normal coding workflow and with a sub-par developer experience. I’m excited to be working on changing that!