Vercel's deepsec Brings AI-Powered Security Scanning Into the Development Workflow - DevOps.com

Vercel's deepsec Brings AI-Powered Security Scanning Into the Development Workflow - DevOps.com

Briefly

"Security has long been the last item on the checklist. Code gets written, reviewed, merged-and then, somewhere down the line, a security team takes a look. That model worked when development moved at a human pace. It doesn't work as well when AI writes and refactors code faster than any team can keep up with."

"Deepsec uses Claude and Codex to conduct a tailored investigation of a codebase, starting with static analysis to identify security-sensitive files. From there, coding agents investigate each candidate, tracing data flows, checking for mitigations, and producing actionable findings with severity ratings."

"The process runs in five stages: scan, investigate, revalidate, enrich, and export. The scan stage runs roughly 110 regex matchers across the codebase with no AI calls involved. On a 2,000-file project, it takes about 15 seconds. From there, agents investigate each flagged file, a second agent filters out false positives, git metadata is used to identify the contributors best positioned to fix each issue, and findings are exported in a format that can feed directly into ticketing systems-for both humans and coding agents."

"For teams with large repos, deepsec supports fanout to Vercel Sandboxes for remote parallel execution. Scans on Vercel's own codebases routinely scale up to 1,000 or more concurrent sandboxes. Built for the AI Development Era, AI-accelerated coding increases the volume of code changes, reduces developer familiarity with generated patterns, makes refactors constant, and causes security debt to quietly compound."