OPEN LINK ↗
// 45d agoOPENSOURCE RELEASE
Vercel open-sources deepsec security harness
deepsec is an open-source vulnerability scanner that uses coding agents to investigate large repositories on your own infrastructure. It starts with fast candidate discovery, then sends agents to trace flows, check mitigations, revalidate findings, enrich ownership data, and export actionable reports. Vercel says it can run locally with Claude or Codex subscriptions, or fan out to Vercel Sandboxes for parallel execution on bigger codebases.
// ANALYSIS
The interesting part here is not “AI security scanning” in the abstract, it’s the workflow split: cheap static narrowing first, expensive agentic reasoning second. That is the right shape for finding subtle issues in real repos.
- –Strong fit for large application and service repos where security bugs are buried in business logic, auth paths, and data flow edges.
- –The on-your-own-infrastructure story matters for teams that cannot ship source code to a third-party SaaS scanner.
- –Optional sandbox fanout makes the system more credible for monorepos and long-running research jobs.
- –The tradeoff is expected false positives and matcher tuning, so this still needs security-engineer oversight rather than full autopilot.
- –Best viewed as an internal security research harness that productizes deep review workflows, not a replacement for classic SAST.
// TAGS
securityopen-sourceagentvulnerability-scanningcode-reviewvercelai-coding
DISCOVERED
45d ago
2026-05-04
PUBLISHED
45d ago
2026-05-04
RELEVANCE
9/ 10
AUTHOR
rauchg