Vercel open-sources deepsec security harness

// 45d agoOPENSOURCE RELEASE

Vercel open-sources deepsec security harness

DeepSec is Vercel’s open-source security harness for large codebases, invoked with `npx deepsec`. It combines a fast regex-based scan with agentic investigation, revalidation, enrichment, and export so teams can surface actionable vulnerabilities with severity ratings rather than raw findings. The tool runs on your own infrastructure, can use existing Claude or Codex access for inference, and optionally fans out to Vercel Sandboxes for large-scale scans. Vercel says it is still early, but it was already effective on their monorepos and selected customer/open-source repos.

// ANALYSIS

This is a credible step beyond traditional SAST: it uses agents to reason about data flow and mitigations instead of just pattern matching.

–Strong fit for large apps and services where shallow scanners produce too much noise.
–The `scan -> investigate -> revalidate -> enrich -> export` pipeline is the right shape for security triage.
–The reported 10-20% false-positive rate is acceptable if the findings are materially more actionable than baseline scanners.
–The optional sandbox fanout makes it more practical for very large repos, but also signals operational complexity.
–Best viewed as an agentic security auditor, not a replacement for dedicated AppSec review.

// TAGS

securitystatic-analysisagentvercelcodexclaudecodebase-scanningvulnerability-detection

DISCOVERED

45d ago

2026-05-06

PUBLISHED

45d ago

2026-05-06

RELEVANCE

9/ 10

AUTHOR

rauchg

// KEEP READING

More AI developer news from the feed

EXPLORE FULL FEED

MODEL1h ago

Gemma 4 12B Fable 5 Composer 2.5 drops

Gemma 4 12B Agentic Fable 5 Composer 2.5 is a community-developed fine-tune of Google's Gemma 4 12B instruct model, optimized for local coding, tool use, and multi-step agentic workflows. Leveraging distilled reasoning traces, the model claims a 3.5x improvement over the base model on local telecom benchmarks, bringing high-fidelity reasoning capabilities to local developer setups.

NEWS2h ago

Givros asks if GPT-5.6 hits OpenAI Codex

AI creator Givros publicly asked OpenAI's Head of Codex Thibault Sottiaux whether the rumored GPT-5.6 model will be integrated into the Codex coding agent platform immediately upon its release. The question underscores the intense community interest in how quickly OpenAI will roll out new model capabilities to its developer tools amidst rumors of GPT-5.6's testing and impending launch.

NEWS3h ago

Google, Meta models land on Huawei Ascend

The Chinese AI ecosystem is focusing on porting Western open-source models, such as Google's T5-Efficient-Tiny and Meta's V-JEPA 2, to Huawei's Ascend NPU. This trend highlights a shift toward building out software support and compatibility for domestic silicon during a quiet cycle for novel local releases.