Open-source security middleware for Node, Python, and Go. Same API across three SDKs. Zero runtime deps in Node and Python, stdlib-only core in Go. MIT licensed. Built by one person over eleven weeks. This post is the introduction.
What it is #
Arcis is a security layer that runs inside your web application, alongside your handler. Drop it into your Express, Fastify, FastAPI, Django, Gin, Echo, or one of fourteen other framework adapters, and it blocks more than 30 attack vectors at the request boundary before they reach your code.
npm install @arcis/node
pip install arcis
go get github.com/GagancM/arcis
In your server:
import { arcis } from '@arcis/node';
app.use(arcis({ block: true }));
That's it. XSS, SQL injection, NoSQL operators, path traversal, command injection, SSTI, XXE, SSRF (including DNS rebinding), prototype pollution, CSRF, mass assignment, prompt injection, agent toolcall injection — all blocked by default.
What it actually does #
34 attack vectors detected and blocked.Full list in the docs.Three SDKs at full parity. The Python SDK isn't a port — it's a peer. Same tests, same input vectors, same output behavior.Zero runtime deps in Node and Python. Go core is stdlib-only with optional Gin/Echo adapters.3,500+ tests across the three SDKs. Cross-SDK conformance harness enforces identical behavior on every commit.Three CLI tools in one Rust binary.arcis audit
for SAST,arcis scan
for dynamic endpoint testing,arcis sca
for supply-chain. Sub-second on most repos.Self-hosted control plane(Fastify + SQLite) for telemetry, plus a dashboard. No cloud required.@arcis/mcp on npm. First MCP server in this category. Exposes Arcis as four tools any agent can call.
The inside-the-app argument #
Most web apps in 2026 sit behind a WAF — Cloudflare, AWS WAF, NGINX with ModSecurity. WAFs work, but they sit at the network edge and see only raw HTTP bytes. By the time the request reaches your handler, the bytes have been parsed into JSON, normalized, type-coerced. The WAF and your handler see the same request differently. Modern bypasses live in that seam.
Arcis runs inside your application. It has access to the parsed request, the framework's route context, the user's session. That makes it possible to enforce per-route rules, per-field validation, framework-aware checks — things a WAF cannot do because it doesn't know which JSON field is your privileged isAdmin
flag.
This is the argument behind Aikido Zen and Arcjet too. Same category, different shapes.
What it does NOT do #
Honest limits, before you ask:
Not a WAF replacement. A WAF still drops obvious garbage at the edge. Run both. Arcis is the second layer.Not RASP. We don't hook into the language runtime or instrumentpg.query
. The protection sits at the request boundary, not at every function call.Not authentication. Arcis protects auth flows (CSRF tokens, secure cookies, signup brute-force) but doesn't implement auth itself.Not a parameterized-query substitute. SQL sanitization is defense in depth. Parameterized queries are still the real fix.Detection is signature-based. NFKC normalization + multi-decode + mutation tester closes a lot of bypass classes, but it's not parser-based. If an attacker writes a payload that doesn't match any pattern, the request goes through.
Built by one person #
I'm Gagan, a Master's student at Northeastern University. I started Arcis in late March 2026 and have been building nights and weekends alongside my degree. Eleven weeks in:
-
3 SDKs across Node, Python, Go
-
17 framework adapters
-
3,500+ tests, all cross-SDK enforced
-
34 attack vectors
-
3 CLI tools in a single Rust binary
-
@arcis/mcp MCP server (first publish 2026-05-24)
-
7 runnable example repos under
github.com/getarcis/ -
The self-hosted dashboard
-
This website
Twelve releases (v1.0 through v1.6.3). Two pilot deployments. Zero paying customers yet — the open-source core is free forever, the hosted Cloud version is in development for design partners.
I graduate August 2026 and will be full-time on Arcis from then. If accepted by YC, relocating to SF for the batch.
Try it #
npm install @arcis/node
pip install arcis
go get github.com/GagancM/arcis
Getting startedAttack vectors coveredComparison vs Arcjet·vs Aikido Zen·vs SnykSource on GitHub
If you're building something AI-heavy, the agent toolcall defense piece is the most interesting starting point. @arcis/mcp
is on npm, and getarcis/arcis-example-mcp
is a runnable demo that fires seven prompt-injection payloads at the MCP server on every CI run and fails the build if any get through.
Happy to answer questions about the runtime layer argument, the cross-SDK parity work, the agent-security wedge, or anything else under the hood.