EveryDev.ai
Subscribe
Home
Tools

3,020+ AI tools

  • New
  • Trending
  • Featured
  • Compare
  • Arena
Categories
  • Agents2063
  • Coding1441
  • Infrastructure665
  • Marketing524
  • Projects470
  • Research437
  • Design408
  • Analytics371
  • MCP268
  • Security265
  • Testing255
  • Data249
  • Integration183
  • Prompts183
  • Communication172
  • Learning166
  • Extensions163
  • Voice146
  • Commerce132
  • DevOps115
  • Web84
  • Finance24
AI Tools by Topic
  • AI Coding Assistants
  • Agent Frameworks
  • MCP Servers
  • AI Prompt Tools
  • Vibe Coding Tools
  • AI Design Tools
  • AI Database Tools
  • AI Website Builders
  • AI Testing Tools
  • LLM Evaluations
Follow Us
  • X / Twitter
  • LinkedIn
  • Reddit
  • Discord
  • Threads
  • Bluesky
  • Mastodon
  • YouTube
  • GitHub
  • Instagram
Get Started
  • About
  • Editorial Standards
  • Corrections & Disclosures
  • Community Guidelines
  • Advertise
  • Contact Us
  • Newsletter
  • Submit a Tool
  • Start a Discussion
  • Write A Blog
  • Share A Build
  • Terms of Service
  • Privacy Policy
Explore with AI
  • ChatGPT
  • Gemini
  • Claude
  • Grok
  • Perplexity
Agent Experience
  • llms.txt
Theme
With AI, Everyone is a Dev. EveryDev.ai © 2026
    1. Home
    2. Tools
    3. deepsec
    deepsec icon

    deepsec

    Application Security
    Featured

    An open-source, agent-powered vulnerability scanner that runs on your own infrastructure to find hard-to-detect security issues in large codebases.

    Visit Website

    At a Glance

    Pricing
    Open Source

    Free to use under Apache 2.0 license. Run on your own infrastructure with your own AI provider credentials.

    Engagement

    Available On

    Windows
    Web
    API
    CLI

    Resources

    WebsiteDocsGitHubllms.txt

    Topics

    Application SecurityCode SecurityBug Detection

    Alternatives

    Endor LabsAISLESonatype
    Developer
    VercelSan Francisco, CAEst. 2015$863M raised

    Listed Jul 2026

    About deepsec

    deepsec is an open-source security harness built by Vercel Labs that uses coding agents to perform deep vulnerability scanning on large codebases. Released in May 2026 by Vercel CTO Malte Ubl, it runs entirely on your own infrastructure — no cloud service required for source code access — and leverages your existing Claude or Codex subscription for inference.

    What It Is

    deepsec is an agent-powered vulnerability scanner designed to surface hard-to-find security issues that have been lurking in applications for a long time. Unlike traditional static analysis tools, it combines regex-based candidate identification with AI-driven investigation using frontier models at maximum reasoning levels (Claude Opus 4.7 and GPT 5.5). The tool is written in TypeScript, licensed under Apache 2.0, and distributed via npm.

    How the Pipeline Works

    The scan workflow proceeds through distinct stages:

    • Scan: A fast regex-only pass over all files to identify security-sensitive areas as candidates for deeper investigation.
    • Investigate: Coding agents examine each candidate file, tracing data flows, checking for mitigations, and producing findings with severity ratings.
    • Revalidate: A second agent pass validates findings to remove false positives and reclassify severity. The blog post notes a false positive rate of roughly 10–20% before revalidation.
    • Enrich: An agent uses git metadata and optional plugins to identify contributors responsible for fixing each issue.
    • Export: Findings are formatted as actionable instructions that can be turned into tickets for humans or coding agents.

    A process --diff mode supports PR review and CI gating by scanning only files changed in a diff.

    Distributed Execution via Vercel Sandboxes

    For large monorepos, deepsec supports optional fanout to Vercel Sandbox microVMs for parallel remote execution. The blog post states that scans on Vercel's own codebases routinely scale up to 1,000+ concurrent sandboxes. The local working tree is tarballed and uploaded; .git is excluded. Both OIDC tokens (local) and access tokens (CI) are supported. If a run is interrupted, deepsec picks up where it left off, skipping already-analyzed files.

    Plugin System and Customization

    deepsec ships with a plugin system for adapting scans to specific codebases. The most common plugins are custom scanners — regex matchers tuned to an application's auth model, data layer, or team conventions. The documentation recommends using a coding agent to write custom matchers based on findings from an initial scan. The tool works best for applications and services; libraries and frameworks may require custom prompts and scanners.

    Model Access and Refusal Handling

    deepsec ships with a classifier that checks whether a task was refused after each research step. According to the blog post, for the prompts deepsec uses, refusals are a non-issue for both Opus 4.7 and GPT 5.5 with off-the-shelf models. Both Anthropic and OpenAI offer "cyber" fine-tuned model variants for security tasks, and deepsec is compatible with those as well. For real scans, Vercel AI Gateway is recommended — one key covers both Claude and Codex, and the gateway's default quotas are sized for highly concurrent research.

    Update: Open-Sourced May 2026

    deepsec was open-sourced on May 4, 2026, with the repository hosted at vercel-labs/deepsec on GitHub. The project is actively maintained, with the last push recorded in late June 2026. Getting started requires running npx deepsec init at the root of the target repository, which creates a .deepsec/ directory for configuration and investigation catalogs.

    deepsec - 1

    Community Discussions

    Be the first to start a conversation about deepsec

    Share your experience with deepsec, ask questions, or help others learn from your insights.

    Pricing

    OPEN SOURCE

    Open Source

    Free to use under Apache 2.0 license. Run on your own infrastructure with your own AI provider credentials.

    • Agent-powered vulnerability scanning
    • Regex-based candidate identification
    • AI investigation with Claude and Codex
    • Revalidation to reduce false positives
    • Git metadata enrichment

    Capabilities

    Key Features

    • Agent-powered vulnerability scanning
    • Regex-based candidate identification (scan stage)
    • AI investigation with Claude Opus 4.7 and GPT 5.5
    • Revalidation step to reduce false positives
    • Git metadata enrichment for contributor identification
    • Export findings as markdown or JSON
    • PR/diff mode for CI gating
    • Distributed execution via Vercel Sandbox microVMs
    • Plugin system for custom regex matchers
    • Resume interrupted scans automatically
    • Works with existing Claude/Codex subscriptions
    • Vercel AI Gateway integration
    • Custom scanner plugins for auth models and data layers

    Integrations

    Claude (Anthropic)
    Codex (OpenAI)
    Vercel AI Gateway
    Vercel Sandbox
    GitHub (git metadata)
    npm
    API Available
    View Docs

    Ratings & Reviews

    No ratings yet

    Be the first to rate deepsec and help others make informed decisions.

    Developer

    Vercel

    Vercel is a platform for frontend developers that provides the developer experience, tools, and processes to create high-quality web applications.

    Founded 2015
    San Francisco, CA
    $863M raised
    915 employees

    Used by

    Under Armour
    Nintendo
    The Washington Post
    Loom
    +2 more
    Read more about Vercel
    WebsiteGitHubX / Twitter
    16 tools in directory

    Similar Tools

    Endor Labs icon

    Endor Labs

    AI-powered application security platform that pinpoints and fixes critical risks across code, open source dependencies, and container images.

    AISLE icon

    AISLE

    Autonomous AI-powered cybersecurity platform that finds, fixes, and verifies vulnerabilities at superhuman speed and scale.

    Sonatype icon

    Sonatype

    Software supply chain management platform providing open source security, artifact management, and AI governance for development teams.

    Browse all tools

    Related Topics

    Application Security

    AI tools for securing software applications and identifying vulnerabilities.

    93 tools

    Code Security

    Tools that analyze code for security vulnerabilities and issues.

    40 tools

    Bug Detection

    Intelligent tools that leverage AI to identify, classify, and prioritize software defects and vulnerabilities before they reach production environments.

    40 tools
    Browse all topics
    Back to all toolsSuggest an edit
    ratings
    discussions