Deepsec: The security harness for finding vulnerabilities in your codebase
Deepsec is an open-source security harness designed to identify vulnerabilities in codebases. It operates on local infrastructure and can utilize existing subscriptions for inference, allowing for efficient scanning of large repositories. The tool has received positive feedback for its thoroughness and actionable findings, particularly in open-source projects.
- ▪Deepsec runs on local infrastructure and can scan large codebases without requiring cloud access.
- ▪It uses coding agents to perform tailored investigations and produces actionable findings with severity ratings.
- ▪The tool has been praised for its thoroughness and good true-positive rate in identifying security issues.
Opening excerpt (first ~120 words) tap to expand
3 min readCopy URLMay 4, 2026Today we’re open sourcing deepsec: a security harness powered by coding agents. It runs on your own infrastructure and surfaces hard-to-find issues in large codebases. You can run deepsec on your laptop without setting up a cloud service for privileged source code access. For inference, you can use your existing Claude or Codex subscription without any additional setup. Scanning large repos can take multiple days on a single machine. To run research jobs in parallel, deepsec supports optional fanout to Vercel Sandboxes for remote execution.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Vercel.
Discussion
0 commentsMore from Vercel
