Every Arcis release closes real bypass vectors found during security audits. Versions ship simultaneously to npm, PyPI, and Go modules.