State of Rust 2026

Where Rust ranks across all sources

The LangPop composite score draws from seven independent data sources. Rust's positions tell a consistent story: strong in developer community signals, weaker in the job market — a gap that is narrowing but not yet closed:

Full methodology →

Why Rust is rising: memory safety as a government and industry mandate

Rust's core proposition — memory safety without a garbage collector — has moved from a technical preference to a policy mandate. That shift explains why Rust's adoption trajectory changed shape around 2021–2022 and has not slowed since.

1. Government agencies are naming Rust specifically

The US National Security Agency (NSA) published guidance in 2022 explicitly recommending memory-safe languages, naming Rust alongside Go, Swift, and Java. DARPA has funded research into memory-safe systems programming through its SAFEDOCS and later programmes. The White House Office of the National Cyber Director issued a report in early 2024 calling on the software industry to eliminate memory-unsafe languages from critical systems infrastructure.

These are not binding regulations yet — but they signal where procurement requirements for government software are heading. For companies that sell infrastructure software to government agencies, shifting to Rust (or demonstrating a credible roadmap to do so) is becoming a commercial necessity, not just a technical preference.

2. The Linux kernel milestone changed the conversation

In December 2022, Rust was officially merged as the second language of the Linux kernel — the first new language added to Linux in three decades of C dominance. Linus Torvalds, who is not known for welcoming new languages into the kernel, has expressed qualified support. This is not a cosmetic decision: Rust is being used to write new kernel drivers and subsystems where memory safety is a hard requirement.

For the broader industry, the Linux kernel's adoption is a signal that Rust can operate at the lowest levels of the software stack without compromising performance or correctness. It makes the argument against Rust in critical systems much harder to sustain.

3. Android adopted Rust as its second language in 2021

Google announced in 2021 that Rust is Android's second official language alongside Java/Kotlin. New Android Open Source Project (AOSP) code in areas touching memory management, networking, and Bluetooth is being written in Rust. Google has published data showing that the proportion of memory-safety vulnerabilities in Android has declined as the share of Rust code has grown — the most direct empirical evidence to date that Rust delivers on its safety promises at production scale.

Where Rust is winning: the domains it now owns

Rust has carved out clear wins in specific domains. These are not contested spaces where it competes on equal footing — they are areas where Rust has become the default choice for new projects.

WebAssembly

Rust is the dominant language for WebAssembly (Wasm) modules. The combination of no garbage collector (GC pauses are incompatible with deterministic Wasm execution), near-zero runtime overhead, and first-class Wasm tooling via wasm-pack and wasm-bindgen makes Rust the natural fit. Most production Wasm deployments — including Cloudflare Workers (some modules), Fastly Compute@Edge, and browser-based compute workloads — are written in Rust. This is a growing deployment target that no other language has challenged Rust for.

Developer tooling

Some of the most-used developer tools in the JavaScript ecosystem are written in Rust — which is striking given that Rust and JavaScript target entirely different problems. ripgrep (the search tool underlying VS Code's file search) is Rust. fd (a fast find replacement) is Rust. bat (a cat replacement) is Rust. Alacritty (a high-performance terminal) is Rust. The Zed code editor is Rust. Biome (a fast linter and formatter for JavaScript) is Rust. These tools are chosen because Rust's performance profile matches what developer tools need: fast startup, low memory, deterministic latency.

Systems and network infrastructure

AWS has adopted Rust for infrastructure that requires the highest reliability guarantees. Firecracker — the microVM monitor that powers AWS Lambda and Fargate — is written in Rust. Bottlerocket, a Linux-based container OS for running containers on AWS, is primarily Rust. Cloudflare built Pingora, their next-generation HTTP proxy that replaced Nginx for most of their traffic, in Rust. Meta built Buck2, their large-scale build system, in Rust. Microsoft has committed to rewriting core Windows components in Rust, starting with the Windows kernel itself.

Embedded and IoT

Embedded systems programming has historically been C's exclusive domain. Rust is gaining ground here because embedded systems have the same constraints that make Rust attractive elsewhere: no runtime, no GC, deterministic memory, close-to-hardware control. The embedded Rust ecosystem (embassy, RTIC, probe-rs) has matured significantly. For new embedded projects — particularly in IoT devices where security vulnerabilities have real-world consequences — Rust is increasingly the default choice over C.

The adoption barrier: the borrow checker and why it matters

Understanding Rust's ranking — strong in community signals, weaker in job postings — requires understanding what makes Rust hard to adopt at the team level. The answer is almost always the same: the borrow checker.

What the borrow checker actually does

Rust achieves memory safety through a compile-time system called the borrow checker. Every piece of memory in a Rust program has exactly one owner. References (borrows) to that memory must follow strict rules: you can have many immutable references or one mutable reference, but never both simultaneously. The compiler enforces these rules at compile time, before the program runs.

The result: entire classes of memory bugs — use-after-free, dangling pointers, data races — are impossible to compile. This is not a runtime check; it is a mathematical guarantee from the type system. Languages that offer memory safety through garbage collection (Java, Go, Python) instead pay a runtime cost — GC pauses, higher memory overhead, non-deterministic latency. Rust has neither cost. The safety guarantee is free at runtime because the work is done at compile time.

Why it is hard to learn — and why that keeps job numbers low

The borrow checker is famously the steepest part of Rust's learning curve. Code that is correct in C, Go, or Python will often be rejected by the Rust compiler, not because it is wrong in an obvious sense, but because it violates ownership rules in ways that the programmer has never had to think about before. New Rust developers typically spend significant time — weeks to months — "fighting the borrow checker" before their mental model of ownership aligns with Rust's requirements.

This has a direct effect on the job market. Companies that adopt Rust face a smaller pool of qualified candidates, longer ramp-up times for new hires, and a higher bar for code review. These are real costs. Many teams that would benefit technically from Rust choose Go instead because Go's learning curve is shallow by comparison and the hiring pool is much larger. Rust's job postings ranking at #10–12 while its GitHub and Reddit presence sits at #6–7 reflects exactly this dynamic: developers love Rust, but companies adopt it selectively.

Who is actually using Rust: enterprise vs individual developers

The Rust user base has a distinctive two-tier structure that is worth understanding, because the two tiers have different implications for job market growth.

Tier 1: Elite infrastructure teams

Amazon Web Services, Meta, Microsoft, Google, Cloudflare, Mozilla (Rust's original sponsor), Dropbox, and a growing number of other large technology companies have made significant bets on Rust for infrastructure work. These are not small experiments — they are production systems at scale, maintained by teams of experienced Rust engineers. These organisations made the investment because the risk profile of their infrastructure (scale, uptime requirements, security surface) justified the slower adoption and higher hiring bar.

Tier 2: Individual developers and open-source contributors

The second tier is individual developers who learn Rust out of genuine enthusiasm for the language's design — the type safety, the ownership model, the performance characteristics, and the compiler's famously helpful error messages. These developers produce the CLI tools, the open-source crates, and the community resources (The Book, Rustlings, the r/rust community) that make Rust highly visible despite its relatively small production footprint. They are also the reason Rust tops the "most loved" surveys — they chose Rust because they wanted to, not because their employer required it.

The missing tier: mainstream enterprise adoption

What Rust currently lacks is the middle tier: medium-sized companies, non-infrastructure teams, and general application development. Go succeeded in this middle tier because it is learnable in days and productive in weeks. Java succeeded because of decades of tooling, frameworks, and talent supply. Rust's path into this middle tier runs through tooling improvement (cargo is already excellent), language ergonomics improvements (the async story has improved substantially with async/await stabilisation), and the accumulation of Rust engineers as the first-wave enterprise adopters train a generation of practitioners.

Rust vs Go: when each language wins

Rust and Go are frequently compared because both target systems programming, both were designed as C/C++ alternatives, and both are first-class languages at major technology companies. They are not in the same category. The choice between them is usually clear when you understand what each optimises for.

The practical rule is straightforward: if you need C-level performance or memory-safety guarantees that a garbage collector cannot provide, Rust. If you need fast development velocity, a large hiring pool, and strong backend performance, Go. These are not substitutes — teams building the same kind of product will often use both: Go for the API layer and business logic, Rust for the performance-critical or safety-critical subsystems.

The 12-month outlook: will Rust break the top 5?

Breaking into the LangPop top 5 would require Rust to pass TypeScript (#3), Java (#4), and C/C++ (#5 and #6) — languages with substantially larger job markets, much larger Stack Overflow question volumes, and decades of accumulated code. That is not the trajectory for 12 months.

What is the trajectory for the next 12 months: Rust continues moving up within the #7–9 band, with job postings as the metric to watch most closely. The enterprise adoption wave that started with AWS, Meta, and Cloudflare is still in its early innings — most of those companies have more Rust planned than deployed. As those codebases grow, they generate hiring demand. Rust job postings could realistically move from #10–12 to #8–10 within 18 months if the enterprise pipeline converts.

Three factors to watch specifically:

The longer-range outlook is more interesting. If the regulatory and government pressure on memory-safe software intensifies — and the direction of travel suggests it will — the total addressable market for Rust engineers expands significantly. Defence contractors, critical infrastructure operators, and government software vendors face a different calculus from commercial SaaS companies. For those buyers, "demonstrates memory safety" may become a procurement checkbox within three to five years. Rust is the only language that can check that box at systems programming performance levels.

The bottom line: Rust will not break the top 5 in 12 months. It will consolidate its position in the top 10, continue gaining on the job market metric that currently drags its composite score down, and emerge from the next 12 months better positioned for a top-7 ranking than it enters them.