Why Rust.
A forty-year-old problem in computing finally has a credible answer. The industry noticed. So did the Linux kernel, AWS, Microsoft, Google, Meta, Cloudflare, and Discord. This page is the short version of why.
Every programming language has to make a trade between speed and safety. C and C++ chose speed: blazingly fast, but riddled with a class of memory bugs (use-after-free, buffer overflows, data races) that cause an estimated 70% of all critical security vulnerabilities at companies like Microsoft, Google, and Mozilla. Java, Go, Python, and friends chose safety: prevent those bugs with a garbage collector, but pay the runtime cost and the unpredictable pauses.
Rust refused the trade. It catches memory bugs at compile time, then runs as fast as C with no garbage collector at all. That combination, safe and fast without a runtime, did not exist before. The famous strict borrow checker is the price you pay. The payoff is a class of software that was previously only achievable in C, written instead with the kind of safety guarantees previously only achievable in higher-level languages.
That capability has reshaped which language gets reached for in databases, AI inference, web infrastructure, operating systems, developer tooling, and embedded work. Every major tech company now uses Rust in production. The Linux kernel accepted Rust as its second language in 2022, the first time in three decades. The Stack Overflow Developer Survey has named Rust the most loved language for eight years running.
Rust started as a side project at Mozilla in 2006, by an engineer named Graydon Hoare. Mozilla saw a real problem in front of them. Firefox was written in C++. Every quarter, the security team filed bug after bug for the same root cause: a pointer dereferenced after free, a buffer indexed past its end, a thread that read while another thread wrote. These bugs were not caused by bad engineers. They were the cost of doing business in C++. Mozilla wanted out.
Rust hit version 1.0 in 2015 with a single, almost outrageous claim: a language that catches all of those memory bugs at compile time, with no garbage collector, and performance comparable to C++. For about five years after that, most people outside Mozilla treated it as a curiosity. Then the gravity shifted.
In 2020, AWS launched Bottlerocket, an operating system written in Rust to host container workloads. Firecracker, the microVM that runs every AWS Lambda call, is also Rust. Cloudflare published Pingora, a Rust HTTP proxy that replaced their entire NGINX fleet and now serves over a trillion requests per day. Discord rewrote their Read States service from Go to Rust and watched their tail latency cliff disappear. Microsoft began rewriting parts of the Windows kernel. Google shipped Android with Rust components and measured a sharp drop in memory-safety vulnerabilities. In 2022, the Linux kernel accepted Rust as its second language after C, the first such addition in thirty years.
The technical case.
The borrow checker enforces ownership rules before your code runs. Use-after-free, double-free, data races: none of them compile. They never make it to production because they never even build.
Memory is freed deterministically when its owner goes out of scope. No GC pauses, no unpredictable latency spikes. Critical for low-latency services, embedded systems, and games.
High-level constructs (iterators, traits, generics) compile to the same machine code as hand-written low-level code. You pay nothing for the abstraction.
The same rules that prevent memory bugs prevent data races. You can parallelize aggressively. Misuse simply does not compile. This was a forty-year holy grail in C++.
Sum types (enums), exhaustive matching, Option and Result. Whole categories of bugs from other languages (null pointer exceptions, unchecked errors) cannot exist.
Cargo (build + test + package), rustfmt, clippy, rust-analyzer, crates.io. New users get a setup most languages spend a decade building.
Who's using it in production.
A short, partial list. Each entry is verified shipped infrastructure, not aspiration.
| Company | Where Rust runs |
|---|---|
| AWS | Firecracker (Lambda microVM), Bottlerocket OS, internal services |
| Microsoft | Windows kernel components, Azure infrastructure, security tooling |
| Android system components, Chromium subsystems, Fuchsia OS | |
| Cloudflare | Pingora (HTTP proxy, replaced NGINX), Workers runtime, edge infra |
| Meta | Sapling source control, build tooling, parts of WhatsApp |
| Discord | Read States service (the famous Go-to-Rust rewrite) |
| Linux kernel | Accepted as second language in 2022. Drivers, increasingly subsystems. |
| Dropbox | Storage layer (Magic Pocket) |
| Figma | Multiplayer server |
| 1Password | Core cross-platform engine |
| npm Inc. | Registry CPU-bound work |
| Hugging Face | Tokenizers, Candle (inference framework) |
| Astral | uv (Python package manager), ruff (linter, 100x faster than predecessors) |
| LakeHQ (Sail) | Spark-compatible distributed query engine |
What Rust is good at.
The domains where Rust is now a default choice, not an experiment.
Throughput, predictable latency, columnar memory layouts, no GC pauses on critical paths.
Inference is throughput- and latency-sensitive. Python serves training; Rust is taking inference.
Async runtime (Tokio) is best-in-class. Tail latency wins on long-tail HTTP workloads.
Fast cold start, single binary distribution, easy cross-compilation. The 'modern Unix tools' wave is almost entirely Rust.
The natural successor to C for situations where C's memory model is the wrong default.
Smallest wasm output among mainstream languages. Best-in-class tooling for the wasm target.
Memory safety eliminates whole CVE categories. The cryptography community is moving aggressively.
Performance, control over allocation, modern type system make Rust competitive with C++ engines.
Most languages pick a tradeoff between speed and safety and live with the consequences for the next forty years. Java picked managed memory and a runtime that watches the program improve over time. C and C++ picked manual lifetime and decades of ecosystem maturity. Rust picked compile-time memory safety with a thin runtime, and the rest of the design followed.
That choice has a name. The substrate is the answer to a question: what does the runtime carry, and what is the compiler responsible for? The JVM substrate carries a JIT compiler, a garbage collector, escape analysis, and a warmup period. The C++ substrate carries almost nothing; the program is on its own from the first instruction. The Rust substrate carries a panic unwinder and whatever async runtime you opted into, and not much else.
Most performance arguments are substrate arguments in disguise. “Java is slow” usually means “the JVM has a cold start.” “Rust is fast” usually means “the Rust binary skips the warmup.” “C++ is faster but unsafe” usually means “C++'s substrate is thinner than Rust's and pays for that thinness in human time spent chasing pointer bugs.” The honest version of each lives in the lexicon, with What the JIT knows as the anchor essay.
The comparison table below reads as substrate tradeoffs, not feature tradeoffs.
Compared to other languages.
| Versus | Rust wins on | The other side wins on |
|---|---|---|
| C / C++ | Memory safety. Modern type system. Cargo. Concurrency that compiles. | Existing codebases and decades of libraries. Lower learning curve for the basics. |
| Go | Predictable tail latency (no GC). Expressive types. Performance on CPU-heavy work. | Simpler to write fast. Faster compile times. Easier to onboard. |
| Java / Kotlin / C# | No JVM / CLR runtime. Lower memory footprint. Embedded and edge friendly. | Enterprise tooling. Mature frameworks. Easier hiring at scale. |
| Python | 10-1000x faster. Type safety. Single-binary deploys. | The fastest prototyping language ever made. The data science ecosystem. |
| JavaScript / TypeScript | Anywhere performance matters. Single binary. WebAssembly target. | The browser. The Node ecosystem. Rapid iteration on UIs. |
| Swift | Cross-platform. Open governance. Faster on non-Apple targets. | iOS and macOS app development. |
What Rust isn't great at.
Being honest is the only way to keep your trust. Rust is the right tool for many jobs. It is the wrong tool for some.
The borrow checker pushes back early and often. For a 50-line experiment, Python or Go finishes before Rust compiles. Use Python for that.
First language? Pick Python or JavaScript. Rust's strictness is brilliant pedagogy for someone who already programs and bad pedagogy for someone who does not.
Tauri, Slint, egui, Iced are real and improving fast, but Swift, Kotlin, and Flutter are more mature ecosystems.
Technically possible. Practically, you reach for Kotlin or Swift first.
Bash or Python wins. Rust's compile step is not worth it for ten lines that run once.
Polars is closing the gap fast, but pandas plus the entire NumPy and Jupyter ecosystem still wins for interactive exploration.
Why this matters when an agent writes the code.
Here is the part that almost nobody talks about yet. Rust's strict compile-time checks are exactly the guardrails you want when an AI agent is writing the code instead of a human. The agent cannot smuggle a memory bug past the compiler. The agent cannot accidentally introduce a data race that lurks for six months. The agent cannot ship code that "mostly works" until the load test fails at 3am. The compiler stops all of that, in seconds, on every diff.
Most languages put the safety check at runtime, in tests, in observability, in production incidents. Rust puts it at the compile step. When an agent produces ten times the volume of code a human used to write, you need the safety net at the earliest possible step. Otherwise you spend your day reviewing volume you cannot keep up with.
The orchestrator's job in 2026 is to write contracts, gate them with Cargo, and steer the agent specifically when it drifts. Rust makes that job possible at scale in a way no other systems language does. That is, in the end, the reason this site exists.