The Attack Surface Moved Inside the Agent. So Did Arcjet.
DevOpsCybersecurityAI

The Attack Surface Moved Inside the Agent. So Did Arcjet.

The New Stack
The New StackMay 10, 2026

Companies Mentioned

Salesforce

Salesforce

CRM

Cloudflare

Cloudflare

NET

Why It Matters

By moving enforcement into the agent loop, Guards protects the emerging attack surface that traditional perimeter tools cannot see, helping enterprises secure costly AI‑driven workflows before they incur data breaches or runaway expenses.

Key Takeaways

  • Guards enforces policies inside AI tool handlers and queue consumers
  • Detects prompt injection, blocks PII, and enforces token budgets
  • Integrates via Arcjet SDK, shipping protection with code reviews
  • Supports multi‑agent pipelines by preserving session context across steps
  • Offers prompt‑based install for coding agents like Claude Code

Pulse Analysis

The rapid adoption of AI agents has shifted the security perimeter from the network edge to the code that runs inside applications. Traditional defenses—web‑application firewalls, AI gateways, and reverse proxies—rely on inspecting HTTP requests, a model that assumes a clear front‑door. Agentic systems, however, receive untrusted input directly through function arguments, queue messages, or shared memory, leaving a blind spot for conventional tools. This structural change creates new vectors such as prompt injection hidden in fetched content or images, demanding a runtime approach that can see the data where it is processed.

Arcjet’s Guards answers that need by embedding policy enforcement directly into the developer’s codebase. Using the same SDKs that power Arcjet’s existing protections, developers can declare rules for prompt‑injection detection, personally identifiable information (PII) filtering, and token‑budget caps alongside feature code, ensuring the controls are versioned and reviewed together. Guards also tracks session context across multi‑agent pipelines, giving it the visibility to block malicious instructions both entering and exiting each tool call. The prompt‑based installation path further streamlines adoption for coding agents like Claude Code, allowing AI‑assisted developers to add security without manual SDK integration.

The move toward agent‑first security reshapes the competitive landscape. Cloudflare and Salesforce’s AI gateways continue to focus on request‑level inspection, which leaves them ill‑suited for internal agent workflows. Arcjet positions itself as a runtime‑centric alternative, effectively redefining the perimeter to reside inside the application’s execution environment. As enterprises scale AI‑driven products, the ability to enforce policy where the threat model lives will become a differentiator, driving broader adoption of in‑code security frameworks and prompting other vendors to explore similar inside‑the‑agent solutions.

The attack surface moved inside the agent. So did Arcjet.

Read Original Article

Comments

Want to join the conversation?

Loading comments...