deepsec
Deepsec is a security harness for finding vulnerabilities in your codebase powered by coding agents
The Lens
Deepsec is a security scanner that pays AI agents to find vulnerabilities the way a human auditor would. You point it at your repo, the agent reads the codebase, and it reports back with the kind of bugs that pattern-match scanners miss. The scan can cost thousands of dollars on a large codebase because it runs frontier models at maximum thinking depth. Apache 2.0, by Vercel Labs.
Setup is `npx deepsec init` and a coding agent prompt to populate a project info file. From there, scans fan out across worker machines (or Vercel Sandbox microVMs for distributed runs). Jobs are idempotent, so an interrupted scan picks up where it left off. The model bill flows through Vercel AI Gateway or your own provider keys.
Solo developers: probably overkill, and the model bill scares away curiosity scans. Use Snyk's free tier or Semgrep instead. Small teams shipping high-stakes code: a one-time scan of your auth layer or payment flow is in budget and finds real bugs. Large teams with security budgets: this is what you spend $30K on instead of a security consultant.
The catch: the cost. A scan of a 100K-line monorepo with frontier models is real money. Read the FAQ before you launch one.
Get tools like this every Wednesday
One featured tool, three on the radar. No fluff.
Free vs Self-Hosted vs Paid
fully free### Free Tier The deepsec code is Apache 2.0. No license fee, no seat cost. The full feature set is in the open source release.
### Self-Hosted Runs locally with your existing Claude or Codex subscriptions for small scans. Distributed mode uses Vercel Sandbox microVMs and bills your Vercel account.
### Model Tokens (the real cost) Frontier models at maximum thinking levels burn tokens fast. A scan on a 100K-line codebase can run several thousand dollars; a 1M-line monorepo can hit five figures. Recommended path: scan critical paths (auth, payments, RBAC) rather than the whole repo.
### When the math works Companies that would otherwise pay a security consultant $20K-50K for a code audit. Deepsec finds different bugs than humans, often faster, and produces a written report. Below that budget, run Semgrep or Snyk first.
The tool is free. You pay for LLM tokens, which can run thousands of dollars per scan on large codebases.
Similar Tools
License: Apache License 2.0
Use freely. Patent grant included.
Commercial use: ✓ Yes
About
- Owner
- Vercel Labs (Organization)
- Stars
- 2,026
- Forks
- 130
Explore Further
More tools in the directory
openclaw
Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞
370.3k ★claw-code
The repo is finally unlocked. enjoy the party! The fastest repo in history to surpass 100K stars ⭐. Join Discord: https://discord.gg/5TUQKqFWd Built in Rust using oh-my-codex.
190.9k ★n8n
Fair-code workflow automation with native AI capabilities
187.3k ★