Skip to content
Arcjet Docs

AI Runtime Protection

The riskiest parts of an AI application revolve around the prompt and any tools it can invoke. Arcjet helps protect AI applications by providing guardrails across the entire AI lifecycle, using real application context (identity, route, session, cost budgets), not just prompt content.

Production AI failures follow three patterns:

  • Cost explosion. Automated traffic, user abuse, and prompt attacks inflate token and tool spend. Risky for providers and users.
  • Unauthorized side-effects. Agents invoke tools in ways they shouldn’t - issuing refunds, accessing data, escalating privileges. The prompt can be benign; the tool call is catastrophic.
  • Data exfiltration. Sensitive data leaks into logs, third-party contexts, or model memory through tool outputs and unguarded responses.

Arcjet’s core features map directly onto these problems. These guides cover HTTP middleware for web frameworks. If you’re building agentic pipelines or need security inside tool handlers — where there’s no Request object — see Arcjet Guards.

AI abuse protection

Section titled “AI abuse protection”

Building blocks: Bot detection, prompt injection detection

Block automated clients and detect prompt injection attacks before they reach your AI. Arcjet lets you deny all automated traffic - or selectively allow trusted clients - and evaluates incoming messages for injection patterns like jailbreaks, role-play escapes, and instruction overrides.

AI Abuse Protection Block automated clients from your AI applications.
Prompt Injection Detection Detect and block prompt injection attacks before they reach your AI model.

Prompt injection and bot detection compose with budget control and data loss prevention into a single layered policy for a production chat endpoint:

import arcjet, {
  detectBot,
  detectPromptInjection,
  sensitiveInfo,
  shield,
} from "@arcjet/next";


const aj = arcjet({
  key: process.env.ARCJET_KEY!,
  rules: [
    shield({ mode: "LIVE" }),
    detectBot({ mode: "LIVE", allow: [] }),
    detectPromptInjection({ mode: "LIVE" }),
    sensitiveInfo({
      mode: "LIVE",
      deny: ["CREDIT_CARD_NUMBER", "EMAIL"],
    }),
  ],
});

AI budget control

Section titled “AI budget control”

Building block: Token bucket rate limiting

Enforce per-user token quotas to prevent cost explosions. Dynamically link user quotas to rate limits tracked by tokens.

AI Budget Control Enforce per-user token budgets

AI data loss prevention

Section titled “AI data loss prevention”

Building blocks: Sensitive information detection

Prevent PII and sensitive data from leaking into AI model context, logs, or third-party tool calls. Arcjet detects card numbers, email addresses, phone numbers, and custom patterns in request bodies - entirely locally, with no data leaving your infrastructure.

AI Data Loss Prevention Detect and block PII before it enters AI model context.

Agentic protection (no HTTP request)

Section titled “Agentic protection (no HTTP request)”

The pages above protect HTTP route handlers — the boundary where user input enters your application. Agentic workflows often have a second boundary: tool calls, MCP server handlers, queue consumers, and pipelines that fan out across services. There’s no Request object at those sites, so the request-based SDKs don’t apply.

Arcjet Guards runs the same rate limiting, prompt injection detection, sensitive information detection, and custom rules inside those code paths — pass inputs directly to guard() and get a decision back. Most AI applications combine both: request-based protection on the API route, plus guards at every tool / task call site.

Arcjet Guards Security for AI agent tool calls, MCP servers, queue workers, and background jobs.

Quick start

Section titled “Quick start”

The fastest way to get started is the get started guide, which walks through protecting an AI chat application with bot detection and per-user token budgets.