Deepsec: The security harness for finding vulnerabilities (vercel.com)

Today, Vercel announced the open-source release of Deepsec, a powerful security harness designed to detect vulnerabilities within large codebases. This tool operates on local infrastructure, eliminating the need for cloud services to access privileged source code. It integrates with existing services like Claude and Codex, allowing seamless usage without additional configuration. Deepsec excels in scanning large repositories—typically taking days on a single machine—by utilizing optional fanout to Vercel Sandboxes for running multiple scans in parallel, scaling to over 1,000 concurrent sessions. Deepsec’s architecture leverages advanced models including Claude and Codex to conduct a meticulous process involving static analysis, data flow tracing, and validation of findings. It provides actionable insights complete with severity ratings while maintaining a manageable 10-20% rate of false positives. Customization through a plugin system allows users to tailor the tool to fit their specific codebases. The release of Deepsec is significant for the AI/ML community as it represents a notable advancement in security scanning methodologies, making high-quality vulnerability detection accessible while supporting the ongoing evolution of AI-assisted software development practices.