Summary
Vercel open-sourced deepsec, a security harness that uses coding agents to scan large repositories for hard-to-find vulnerabilities on infrastructure the user controls. The project combines local execution, optional fanout to Vercel Sandboxes, and support for existing Claude or Codex credentials, pushing agentic security review closer to a practical product surface.
What changed
Vercel released deepsec as an open-source vulnerability scanner powered by coding agents, with optional parallel execution through Vercel Sandboxes.
Why it matters
This is a meaningful shift from agent-assisted coding into agent-assisted security operations. deepsec matters because it treats vulnerability research as a repeatable agent workflow, not just a chat prompt, and it gives teams a way to run security investigations on their own code and infrastructure without handing privileged source access to a third-party SaaS scanner.
Evidence excerpt
Vercel says deepsec is an agent-powered vulnerability scanner that runs on your own infrastructure, supports optional fanout to Vercel Sandboxes for parallel execution, and can use existing Claude or Codex subscriptions for inference.