DeepSweep -- Security for AI-Generated Code
64 security patterns. Sub-second validation. Zero setup.
Catch what your AI assistant gets wrong -- hardcoded secrets, prompt injection, rules file backdoors, supply chain risks -- before they ship.
Works with Cursor, GitHub Copilot, Claude Code, Windsurf, and any AI coding tool.
How It Works
- Install -- search "DeepSweep" in Extensions, click Install
- Code -- DeepSweep validates automatically as you type and save
- Ship -- fix findings with one-click copy prompts, paste back to your AI assistant
Everything runs locally in your editor. No code leaves your machine for pattern matching.
What It Detects
| Category |
Examples |
Severity |
| Rules File Backdoors |
Invisible Unicode, bidirectional text overrides, hidden content in .cursorrules |
Critical |
| Credential Exposure |
Hardcoded API keys, AWS secrets, Stripe keys, private keys |
Critical |
| Prompt Injection |
Instruction override, role reassignment in AI config files |
Critical |
| Data Exfiltration |
Code sent to external URLs via rules files |
Critical |
| MCP Security |
Unrestricted tool access, remote server connections |
High |
| Supply Chain |
Hallucinated packages, typosquatted dependencies |
High |
| Injection Flaws |
SQL injection, XSS, command injection, path traversal |
High |
| Misconfigurations |
Insecure crypto, disabled TLS verification, debug mode in production |
Medium |
64 patterns total -- 24 AI-specific (with CVE references) + 40 traditional security patterns.
Key Features
- Live Validation -- validates as you type (800ms debounce)
- Validation Proof -- see exactly what was checked: patterns, files, categories, duration
- 9 UI Surfaces -- status bar, Problems panel, CodeLens, Quick Fix, tree view, webview, decorations, notifications, output channel
- AI Assistant Detection -- identifies which tool generated the code (Cursor, Copilot, Claude, Windsurf)
- Finding Suppression -- suppress findings with reason categories, expiration dates, and audit trails
- Fix All Auto-Correct -- one-click static fixes across your workspace
- Security Badge -- copy a shields.io-style badge for your README
- Config File Monitoring -- auto-validates when
.cursorrules, .env, or mcp.json change
Pricing
|
Free |
Starter |
Pro |
| Validations |
Unlimited |
Unlimited |
Unlimited |
| Patterns |
64 |
64 |
64 |
| Fix hints |
Yes |
Yes |
Yes |
| Full fix prompts |
-- |
Yes |
Yes |
| Finding suppression |
Session only |
Persistent |
Persistent + audit trail |
| Security badge |
-- |
Yes |
Yes |
| Fix All auto-correct |
-- |
Yes |
Yes |
| Price |
$0 |
$9/mo |
$29/mo |
All validation runs locally. No code is sent to external servers for pattern matching.
Requirements
- VS Code 1.74.0+, Cursor, or Windsurf
- Node.js runtime (included with VS Code)
Commands
| Command |
Description |
DeepSweep: Validate Project |
Validate entire workspace |
DeepSweep: Validate Current File |
Validate active file |
DeepSweep: Copy Fix Prompt |
Copy remediation prompt for AI assistant |
DeepSweep: Fix All (Auto-Correct) |
Apply all static fixes |
DeepSweep: Copy Security Badge |
Copy badge markdown for README |
DeepSweep: Sign In with GitHub |
Unlock paid features |
Keyboard shortcut: Cmd+Shift+S (Mac) / Ctrl+Shift+S (Windows/Linux)
Privacy
DeepSweep runs pattern matching locally in your editor. No source code is sent to external servers for validation. Anonymous usage telemetry helps improve detection accuracy and can be disabled in settings.
Privacy Policy
Links
| |
