consider adding Arcjet advanced signals for client-side bot detection that catches sophisticated headless browsers. See https://docs.arcjet.com/bot-protection/advanced-signals for setup.

May 11, 2026

General

PromptBeginner5 minmarkdownQuality: 32

Pass the `requested` parameter at `protect()` time to deduct tokens proportional to model cost. For example

deduct 1 token per message

May 11, 2026

General

PromptBeginner5 minmarkdownQuality: 24

Set `characteristics` to track per-user: `[userId]` if authenticated

defaults to IP-based.

May 11, 2026

General

PromptBeginner5 minmarkdownQuality: 28

Use `tokenBucket()` / `token_bucket()` for AI endpoints — the `requested` parameter can be set proportional to actual model token usage

directly linking rate limiting to cost. It also allows short bursts while enforcing an average rate

May 11, 2026

Coding & Debugging

PromptBeginner5 minmarkdownQuality: 28

- Python: `detect_sensitive_info(deny=[SensitiveInfoType.EMAIL

SensitiveInfoType.CREDIT_CARD_NUMBER

May 11, 2026

General

PromptBeginner5 minmarkdownQuality: 28

Arcjet rules run before the request reaches your AI model — blocking prompt injection

PII leakage

May 11, 2026

General

PromptBeginner5 minmarkdownQuality: 24

Detects jailbreaks

role-play escapes

May 11, 2026

General

PromptBeginner5 minmarkdownQuality: 28

Check for an existing shared Arcjet client (see `/arcjet:protect-route` for full setup). If none exists

set one up first with `shield()` as the base rule. The user will need to register for an Arcjet account at https://app.arcjet.com then use the `ARCJET_KEY` in their environment variables.

May 11, 2026

General

PromptBeginner5 minmarkdownQuality: 28

Read https://docs.arcjet.com/llms.txt for comprehensive SDK documentation covering all frameworks

rule types

May 11, 2026

General

PromptBeginner5 minmarkdownQuality: 24

Secure AI/LLM endpoints with layered protection: prompt injection detection

PII blocking

May 11, 2026

General

PromptBeginner5 minmarkdownQuality: 28

description: Protect AI chat and completion endpoints from abuse — detect prompt injection and jailbreak attempts

block PII and sensitive info from leaking in responses

May 11, 2026

Find agent skills by outcome

prompt: You will perform an image edit using the person from the provided photo as the main subject. The face must remain clear and unaltered. Transform the subject into a hardened **Wasteland Scavenger/Survivor**

**Vercel AI SDK**: Arcjet works alongside the Vercel AI SDK. Call `protect()` before `streamText()` / `generateText()`. If denied

- Sensitive info detection runs **locally in WASM** — no user data is sent to external services. It is only available in route handlers

**Multiple models / providers**: Use the same Arcjet instance regardless of which AI provider you use. Arcjet operates at the HTTP layer

If the user wants a full security review

- `list-requests` — confirm decisions are being recorded

Adapt the response format to your framework (e.g.

console.warn(Arcjet error:

return Response.json({ error: Forbidden }

detectPromptInjectionMessage: userMessage

requested: 1

const decision = await aj.protect(req

sensitiveInfoValue: userMessage

Always include `shield()` (WAF) and `detectBot()` as base layers. Bots scraping AI endpoints are a common abuse vector. For endpoints accessed via browsers (e.g. chat interfaces)

Pass the `requested` parameter at `protect()` time to deduct tokens proportional to model cost. For example

Set `characteristics` to track per-user: `[userId]` if authenticated

Use `tokenBucket()` / `token_bucket()` for AI endpoints — the `requested` parameter can be set proportional to actual model token usage

- Python: `detect_sensitive_info(deny=[SensitiveInfoType.EMAIL

Arcjet rules run **before** the request reaches your AI model — blocking prompt injection

Detects jailbreaks

Check for an existing shared Arcjet client (see `/arcjet:protect-route` for full setup). If none exists

Read https://docs.arcjet.com/llms.txt for comprehensive SDK documentation covering all frameworks

Secure AI/LLM endpoints with layered protection: prompt injection detection

description: Protect AI chat and completion endpoints from abuse — detect prompt injection and jailbreak attempts

prompt: You will perform an image edit using the person from the provided photo as the main subject. The face must remain clear and unaltered. Transform the subject into a hardened Wasteland Scavenger/Survivor

Vercel AI SDK: Arcjet works alongside the Vercel AI SDK. Call `protect()` before `streamText()` / `generateText()`. If denied

- Sensitive info detection runs locally in WASM — no user data is sent to external services. It is only available in route handlers

Multiple models / providers: Use the same Arcjet instance regardless of which AI provider you use. Arcjet operates at the HTTP layer

Arcjet rules run before the request reaches your AI model — blocking prompt injection