vercel-labs / deepsec

Public

Deepsec is a security harness for finding vulnerabilities in your codebase powered by coding agents

vercel.comblogintroducing-deepsec-find-and-fix-vulnerabilities-in-your-code-base

285

100% credibility

Found May 05, 2026 at 288 stars -- GitGems finds repos before they trend. Get early access to the next one.

AI Analysis

TypeScript

AI Summary

Deepsec is an AI-powered security scanner that finds subtle vulnerabilities in large codebases using advanced language models.

How It Works

🔍 Discover Deepsec

You learn about a helpful tool that uncovers hidden security weaknesses in your project's code.

🚀 Set up in your project

Place the scanner folder inside your codebase with a quick start command.

🤖 Prepare with your AI helper

Have your coding assistant review your project and create short summaries of key parts.

📊 Launch the first scan

Run the quick check to highlight spots in your files that need a closer look.

🧠 AI dives deep

Smart AI models carefully examine each flagged area and reveal real problems with clear explanations.

📋 Review findings and reports

Get easy-to-read lists of issues, suggested fixes, and shareable summaries.

🛡️ Stronger, safer code

Your project now has fewer hidden risks, making it much more secure for everyone.

Sign up to see the full architecture

5 more

Star Growth

See how this repo grew from 288 to 285 stars Sign Up Free

Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose

AI-Generated Review

What is deepsec?

Deepsec is a TypeScript CLI security harness that scans codebases for vulnerabilities using AI coding agents. It starts with fast regex matchers to flag candidate sites like auth bypasses or SSRF patterns, then deploys agents powered by models like Claude Opus for in-depth analysis, generating findings with severity, recommendations, and revalidation verdicts. Users get structured exports in JSON or Markdown, with support for custom matchers and deep security checks on large repos.

Why is it gaining traction?

Unlike traditional SAST tools stuck on shallow patterns, deepsec leverages agents for contextual reasoning on complex code, catching subtle issues in monorepos that evade rules-based scanners. Distributed runs on Vercel Sandbox handle scale without local bottlenecks, and idempotent commands fit CI/CD for ongoing deepsec security conference-style audits. At 285 stars, it's pulling devs seeking agent-powered vuln hunting beyond basic linters.

Who should use this?

Security engineers auditing legacy enterprise codebases for hidden flaws, platform teams enforcing deep security in Next.js or multi-language stacks, and release managers needing prioritized findings with ownership data before deploys. Ideal for orgs with AI budgets chasing high-impact bugs in sprawling agents and services.

Verdict

Promising harness for deepsec in depth security conference-grade scans on codebases, but 1.0% credibility score and modest stars signal early maturity—docs are solid, tests thorough, yet expect iteration. Try for agent-driven vuln finding if static tools fall short; skip for quick PR checks.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.

285

Stars

Forks

6,159

Followers

Base stars: 285 stars

Bonus: AI verified quality (100%)

Account age: 1,403 days

Repo age: 4 days

License: Apache-2.0

Updated: May 05, 2026