Introducing deepsec: The security harness for finding vulnerabilities in your codebase
TL;DR · AI Summary
Vercel open-sources deepsec, an AI-powered security scanner that runs locally using coding agents like Claude and Codex to detect hard-to-find vulnerabilities in large codebases, with automated remediation guidance and distributed scaling via Sandboxes.
Key Takeaways
- deepsec uses AI agents (Claude/Codex) for context-aware code analysis, dramatica
- Supports local execution and distributed scanning via Vercel Sandboxes, balancin
- Automatically ties findings to Git contributors and outputs actionable tickets,
Outline
Jump quickly between sections.
Vercel 开源 deepsec,一个无需云端部署、基于 AI 代理的本地代码安全扫描工具。
采用四步流程:扫描→调查→复核→增强,结合静态分析与 AI 代理进行深度漏洞挖掘。
先用正则定位敏感文件,再由 AI 代理追踪数据流、检查缓解措施并生成初步发现。
二次代理验证减少误报,结合 Git 元数据识别责任人,提升修复效率。
已在 Vercel 自有代码库及多个客户项目中验证,获得高真阳性率与可操作性认可。
支持扩展至 Vercel Sandboxes,单次扫描可并行启动超千个沙箱,适用于超大代码库。
Mindmap
See how the topics connect at a glance.
查看大纲文本(无障碍 / 无 JS 友好)
- deepsec:AI驱动的代码安全扫描
- 核心机制
- AI代理(Claude/Codex)
- 四步工作流:扫描→调查→复核→增强
- 部署与扩展
- 本地运行,无需云服务
- 支持 Vercel Sandboxes 并行扩展
- 价值输出
- 高真阳性率发现
- 自动关联 Git 责任人
- 生成可转工单的修复指令
Highlights
Key sentences worth saving and sharing.
deepsec runs on your own infrastructure and surfaces hard-to-find issues in large codebases.
Scans start with static analysis to identify security-sensitive files, then coding agents investigate each candidate, tracing data flows, checking for mitigations...
deepsec is the first tool that's surfaced the kind of issues we'd actually want a security engineer to flag, and it runs on infrastructure we control.
The export command formats the findings as instructions so that they can be turned into tickets for humans and coding agents.
Scans on Vercel’s codebases routinely scale up to 1,000+ concurrent sandboxes.
3 min read
May 4, 2026
Today we’re open sourcing `deepsec`: a security harness powered by coding agents. It runs on your own infrastructure and surfaces hard-to-find issues in large codebases.
You can run deepsec on your laptop without setting up a cloud service for privileged source code access. For inference, you can use your existing Claude or Codex subscription without any additional setup.
Scanning large repos can take multiple days on a single machine. To run research jobs in parallel, deepsec supports optional fanout to Vercel Sandboxes for remote execution. Scans on Vercel’s codebases routinely scale up to 1,000+ concurrent sandboxes.
[Link to heading](http://vercel.com/blog/introducing-deepsec-find-and-fix-vulnerabilities-in-your-code-base#architecture)Architecture
At its core, deepsec uses claude and codex to perform tailored investigation of a codebase using Opus 4.7 at max effort and GPT 5.5 at xhigh reasoning.
Scans start with static analysis to identify security-sensitive files, then coding agents investigate each candidate, tracing data flows, checking for mitigations, and producing actionable findings with severity ratings. Here is the workflow:
- Scan: It starts by performing a regex-only scan of all files for security-sensitive areas that subsequent steps will focus on.
- Investigate: Agents investigate each file identified in the scan.
- Revalidate: A second agent run validates investigation findings to remove false positives and reclassify severity.
- Enrich: Once investigation is complete, an agent uses git metadata and other optional services to identify the contributors responsible for fixing each issue.
- Export: The
exportcommand formats the findings as instructions so that they can be turned into tickets for humans and coding agents.
[Link to heading](http://vercel.com/blog/introducing-deepsec-find-and-fix-vulnerabilities-in-your-code-base#running-deepsec-on-production-code)Running `deepsec` on production code
deepsec has been highly useful on our own monorepos and for our customers' codebases. During development, we ran deepsec on several open source repositories of Vercel customers and partners.
We’ve been on a lookout for a tool to do security scans on our open source repositories. deepsec’s scan have been the most thorough, with most findings, and good true-positive rate.
James Perkins, Co-founder and CEO @ Unkey
For example, deepsec scanned the open source version of dub.co. Dub is a marketing attribution platform for affiliate programs and short links that is also available as SaaS. It features authenticated access, interacts with a database, and runs several backend services, creating a large security surface. When we shared our deepsec findings with founder Steven Tey, he replied:
We get a lot of automated security reports, but most of them aren't actionable. deepsec is the first tool that's surfaced the kind of issues we'd actually want a security engineer to flag, and it runs on infrastructure we control.
Steven Tey, Founder and CEO @ dub.co
Running against Vercel’s own monorepos, deepsec identified subtle edge cases in auth conditions, leading us to develop a custom scanner plugin that covers every authentication path in our code.
[Link to heading](http://vercel.com/blog/introducing-deepsec-find-and-fix-vulnerabilities-in-your-code-base#false-positives-and-best-uses)False positives and best uses
Some of deepsec's findings will be false positives. In our experience the false positive rate is roughly 10-20%. Given the impact of true positive findings in our own research, we’ve been happy with this outcome, and we built the revalidate step to have the agent further verify its findings to reduce false positives.
deepsec works best for applications and services. It may be usable for libraries and frameworks, but those would likely require custom prompts and scanners.
[Link to heading](http://vercel.com/blog/introducing-deepsec-find-and-fix-vulnerabilities-in-your-code-base#customization-and-plugins)Customization and plugins
deepsec ships with a plugin system for adapting it to your codebase. The most common plugins are custom scanners: regex matchers tuned to your auth model, data layer, or team conventions. We recommend using deepsec with your coding agent and asking it to write those matchers based on findings from an initial scan:
Inspect previous runs against ./my-app.Are there custom deepsec matchers we should add to find more candidates for vulnerabilities?
[Link to heading](http://vercel.com/blog/introducing-deepsec-find-and-fix-vulnerabilities-in-your-code-base#do-i-need-access-to-a-special-%E2%80%9Ccyber-model%E2%80%9D)Do I need access to a special “cyber model”?
Both Anthropic and OpenAI offer “cyber” versions of their most capable models, fine-tuned to accept security tasks the base models won’t. deepsec works with these, but is also fully functional with off-the-shelf models.
deepsec ships with a classifier that checks whether the task was refused after each research step. In our experience, for the prompt that deepsec is using, refusals are a non-issue for both Opus 4.7 and GPT 5.5.
[Link to heading](http://vercel.com/blog/introducing-deepsec-find-and-fix-vulnerabilities-in-your-code-base#getting-started)Getting started
To get started, run npx deepsec init at the root of your repository. This will create a directory called ./.deepsec, which is used to configure the system and store a catalog of your deepsec investigations. From there, follow the output of the command. Read the full documentation on Github.
[Link to heading](http://vercel.com/blog/introducing-deepsec-find-and-fix-vulnerabilities-in-your-code-base#feedback-welcome)Feedback welcome
While we’ve used deepsec extensively, it is still early in its development. Feedback and contributions on GitHub are welcome.