Arcjet’s Python SDK Embeds Security in Code

Security platform provider Arcjet has launched a Python SDK to bring application-layer security directly into code.

The SDK, now in beta, extends Arcjet’s security platform to Python-based services and APIs to meet customer demand and AI-driven Python growth, said Arcjet Founder and CEO David Mytton.

“We started with the JavaScript ecosystem, because that’s where most new applications are being built with full stack development,” he told The New Stack. The company started with support for both JavaScript and TypeScript applications.

However, “With the Python SDK, we’re extending Arcjet’s application-layer approach to one of the largest developer ecosystems in the world,” Mytton said in a statement. “Teams rely on Python for critical services, from public APIs to internal systems. This release gives developers a clear way to apply meaningful security controls directly in code without introducing operational overhead.”

Arcjet received a lot of requests for support for additional languages, with Python being the most popular.

The Django Python framework “is a particular driver of this, given its popularity for web applications and APIs, but AI use cases have accelerated Python’s popularity,” Mytton wrote.

Python Security Needs

Indeed, Python security is increasingly relevant as AI development drives Python adoption.

Earlier this week, Anthropic, a leading AI research and products company, invested $1.5 million in the Python Software Foundation (PSF). The investment will support the foundation overall, with a particular focus on Python ecosystem security.

Anthropic’s funds will enable the PSF to make progress on its security roadmap, including work designed to protect millions of PyPI users from attempted supply chain attacks, the foundation said.

Python is widely used for backend services and APIs — especially for AI applications — but most security tools operate at the network or edge layer, Mytton said. Arcjet brings security decisions into application code where developers have full access to request context and business logic, making protections more accurate and easier to manage, he explained.

Overall, the Arcjet Python SDK supports application-layer protections, including rate limiting, bot detection, email validation and signup spam prevention, Mytton said in the blog. These protections are evaluated using Arcjet’s contextual decision engine and applied as part of normal request handling, allowing teams to tailor behavior based on user activity, request patterns and application-specific signals.

The Arcjet SDK provides building blocks so security becomes just another feature, regardless of the deployment environment.

WebAssembly Component

Arcjet’s approach involves embedding a WebAssembly (Wasm) module in its SDK, allowing for local analysis of incoming requests at near-native speed.

The Wasm module is compiled from Rust and provides a secure sandbox for analysis, which is cross-platform and has now been extended to another language beyond JavaScript, Mytton said.

“The first version of the Python SDK is framework-ready for us to insert the WebAssembly bits into it so that we can do all the local analysis that we’ve been doing on the JavaScript side of things,” he said.

Furthermore, “Wasmtime allows us to execute WebAssembly inside Python,” Mytton explained. Wasmtime is an open source WebAssembly runtime hosted by the Bytecode Alliance and designed for use either as part of a larger stack or as a standalone runtime.

Just like Arcjet’s JavaScript SDK, the Python SDK uses WebAssembly for local security analysis. This is currently in test/beta phase, but it enables them to run their security analysis locally rather than just using an API client.

In addition, the Python SDK supports both FastAPI-style (asynchronous) and Flask-style (synchronous) APIs. Arcjet has example applications for both FastAPI and Flask.

The post Arcjet’s Python SDK Embeds Security in Code appeared first on The New Stack.