Introducing deepsec, an open source coding security harness. • CLI-first • Sandbox-based scaling • Pluggable coding agents • Designed for large-scale repos • Use AI Gateway or your own subscription After months of successful internal use, we put it to the test on some of
Vercel Releases deepsec to Automate Deep Security Audits With Coding Agents
VercelVercel open-sourced deepsec, a security harness that uses autonomous coding agents to identify and investigate vulnerabilities in large-scale codebases. Unlike traditional scanners that rely on static patterns, this tool uses high-reasoning models to trace data flows and validate findings through a multi-stage pipeline. By moving security audits into an agentic framework, teams can perform deep reviews that were previously too slow or expensive for manual researchers.
scan for candidates, followed by an AI-driven process step where coding agents perform deep investigations.This release follows a surge in agentic security tools like Claude Security and Replit's Security Agent. Unlike managed services, deepsec provides an open orchestration layer for your own infrastructure. It manages high reasoning costs by fanning out tasks across parallel sandboxes, making exhaustive audits of massive repositories economically viable.
Initialize with npx deepsec init to create project-specific configurations. The system is model-agnostic, supporting Anthropic and OpenAI via Vercel’s AI Gateway or direct API keys. For large-scale execution, you can deploy workers to Vercel Sandbox microVMs, which isolate agents to prevent credential exfiltration or unauthorized network access.
Still wondering? A few quick answers below.
Every HeadsUpAI update is written based on its original source and reviewed before it's published. Read our editorial standards →




