Read more on the docs.
Simulate the attack in your terminal using curl:
curl -v -H "x-arcjet-suspicious: true" https://arcjet-demo.vercel.app/api/shield
After the 5th request, your IP will be blocked for 15 minutes. Suspicious requests must meet a threshold before they are blocked to avoid false positives.