In the spring of 2016, a developer named Alex Crichton pushed a commit to the Servo browser engine that contained roughly 10,000 lines of Rust. Servo was Mozilla's experimental parallel browser engine — a research project designed to prove that you could build a web browser that used multiple CPU cores properly, without the memory safety bugs that make C and C++ codebases so expensive to maintain at scale.
Nobody outside of Mozilla and a small community of programming language enthusiasts cared very much. Rust was three years old. Its syntax was still changing. Its learning curve was infamous. The borrow checker — the part of the compiler that enforces memory safety without a garbage collector — had a reputation for rejecting code that looked obviously correct to anyone coming from Python or Java, and demanding explanations before it would compile.
Ten years later, 48.8% of enterprise organisations are running Rust in production. That is up from 38.7% two years ago. 55.1% of Rust developers use the language daily — the highest rate ever recorded. 56.8% rate themselves as productive Rust writers, up sharply from 42.3% in 2022.
These numbers, from the 10th annual State of Rust Survey published in March 2026, represent something that most technology trend pieces miss when they write about Rust: the language didn't win by fighting. It won by becoming indispensable at the infrastructure layer, often invisibly, often underneath the tools that developers already used.
The Tooling Takeover Nobody Announced
To understand where Rust has actually won in 2026, stop looking at the language adoption charts and start looking at what's been running in your terminal.
In January 2026, Rolldown — a Rust-based JavaScript bundler — hit 1.0 RC and shipped as the default bundler inside Vite 7. It is 10 to 30 times faster than Rollup, the JavaScript bundler it replaces. If you are shipping a frontend application with Vite today, you are running Rust code to do it, whether or not you have ever written a line of Rust.
Biome v2 launched in late 2025 with type-aware linting for TypeScript that doesn't require running the TypeScript compiler. It formats code at roughly 30 times the speed of Prettier. AWS, Google, Microsoft, Canonical, Cloudflare, Coinbase, Discord, Node.js, Slack, Vercel, and Uniswap have all adopted it in production codebases. If you work at any of those companies and your code gets formatted before commit, Rust is doing the formatting.
Rspack reached 1.0 with full webpack API compatibility. It is running in production at TikTok, Discord, Microsoft, and Amazon. If you have a webpack-based build system and you haven't migrated yet, the Rust-based alternative exists, it works, and companies ten times your size are using it.
Cargo — Rust's build system and package manager — ranked as the most admired cloud development and infrastructure tool in the Stack Overflow 2025 survey, at 71%. More admired than any other build tool in the survey. The people closest to infrastructure problems, who use the most build tools, rate Rust's build system highest.
This is not the story of a programming language winning market share from Python or JavaScript. Those languages are not under threat from Rust, at least not in the timescale that matters for any current engineering decision. This is the story of Rust winning the tooling layer — the compilers, the bundlers, the formatters, the linters, the package managers, the runtime utilities that every language ecosystem depends on. And it is doing so without asking anyone to rewrite their existing code.
Why Memory Safety Became a Business Decision
Rust's technical foundation is its ownership and borrowing system — a compile-time mechanism that enforces memory safety without a garbage collector. This eliminates entire categories of bugs: use-after-free errors, null pointer dereferences, buffer overflows, data races. Languages like C and C++ that lack this system have produced these bugs for fifty years, and they continue to produce them in 2026 at roughly the same rate.
This was a theoretical advantage for most of Rust's existence. In 2026, it has become a concrete business and regulatory factor.
The NSA published a guidance document recommending that organisations migrate to memory-safe languages. The White House Office of the National Cyber Director issued a report making the same recommendation, specifically citing C and C++ as languages that produce avoidable vulnerabilities at scale. The EU Cyber Resilience Act, which took full effect in late 2025, includes software composition analysis requirements that make organisations track the provenance and safety characteristics of the components they ship. Insurers covering cyber risk are beginning to ask questions about memory-safe language adoption in software audits.
None of this mandates Rust specifically. But when a senior engineer makes the case internally for migrating a performance-critical component from C++ to Rust, the argument in 2026 includes a regulatory and liability dimension that didn't exist in 2020. "We should do this because it eliminates buffer overflow vulnerabilities" now also means "we should do this because our insurer asked about it and the White House wrote a report about it." That changes the calculus of institutional adoption.
The Plateau Is Real — and Misunderstood
The April 2026 TIOBE Index shows Rust's growth rate decelerating. After the sharp trajectory it maintained through 2025, the month-over-month gains have cooled. Some coverage has interpreted this as a signal that Rust's moment has passed.
That reading misunderstands what a plateau in the TIOBE Index means for a language in Rust's position.
The TIOBE Index primarily measures search query volume — which correlates with people learning about a language, searching for documentation, and debugging problems. A plateau in search volume after a period of explosive growth doesn't indicate declining interest. It indicates that the most curious segment of the developer population has already engaged. The community has grown past the point where every new adopter is searching for "how does the borrow checker work."
A Forrester Research analyst quoted in The New Stack put the most accurate frame on it: Rust is "finding a place as a substitute for C among some developers," particularly in embedded devices and systems programming. That observation is correct and undersells the actual impact. The substitution for C is happening at companies like Microsoft, which has been moving Windows components to Rust. At Google, which has been doing the same in Android. At Amazon, whose Firecracker microVM is Rust. These are not blog posts about plans. They are shipped, running, production code.
The TIOBE plateau is the signal that Rust has passed from hype to normalisation. Companies don't search for things they've already decided to use. They just use them.
What This Means For Engineering Teams in 2026
The practical question for most teams is not whether to adopt Rust for everything. The answer to that question is clearly no, and the developers who have spent years in the Rust community are the most articulate about why. Rust is a language with a real learning curve, and the productivity case for using it on every problem is not there. Python is faster to write for data processing. TypeScript is better for web applications. Go has a smaller cognitive overhead for most backend services.
The question is where Rust fits in a realistic architecture. The answer in 2026 is increasingly clear: it fits where correctness is non-negotiable and where performance at the margins is worth paying for. Core infrastructure components. Network services handling high concurrency. Cryptographic implementations. Parsers. Anything that runs on embedded hardware. Anything that handles untrusted input at scale.
For engineering leaders, there is a more immediate decision: the tooling layer. The Rust-based alternatives to your existing JavaScript build tools are not experimental anymore. Biome is running at Vercel and Google. Rspack is running at Discord and Amazon. Rolldown is the default in Vite 7. The performance improvement is real — 10 to 30 times faster on build operations isn't a benchmark number you can dismiss.
The argument for evaluating these tools is not that you need to learn Rust. You don't. The Rust is already compiled into the binary you download. The argument is that the tools are faster, and faster developer feedback loops compound. The team that ships with a 30-second build cycle accumulates advantages over the team with a 5-minute build cycle that are not captured in any single comparison but become visible over years.
Rust in 2026 is not the language you adopt to be on the right side of a trend. It is the language — and increasingly the toolchain — that the rest of the ecosystem is running on underneath. Whether you write Rust directly is becoming a less interesting question than whether you understand what it's doing inside the tools you already use.
