Introducing deepsec: The security harness for finding vulnerabilities in your codebase

Deepsec is an open-source security tool designed to uncover hard-to-find issues in large codebases by utilizing coding agents and running on a user's own infrastructure without requiring cloud services for source code access. It incorporates Opus 4.7 and GPT 5.5 models for codebase investigation, starting with static analysis to identify security-sensitive files, followed by detailed investigation, validation, enrichment, and export of findings into actionable tickets. The tool supports parallel research execution via Vercel Sandboxes, enabling scalability to over 1,000 concurrent sandboxes, and has proven effective in identifying subtle security issues, such as edge cases in authentication conditions, in Vercel's own monorepos. Deepsec's false positive rate is around 10-20%, and it includes a revalidation step to reduce inaccuracies. It is particularly suited for applications and services, with customization options available through plugins, and is compatible with both specialized and off-the-shelf AI models to perform security tasks. Users can begin using deepsec by initializing it in their repository, with further guidance available on GitHub, where feedback and contributions to its development are encouraged.