Authorize every action your AI agents take.Ship with confidence.
DeepSweep maps which agent is authorized to do what — agent identity, capability
profile, and authorization gaps — and enforces it at runtime. Start free with a
local Agent Environment Review, no code upload: catch what your AI agent got wrong on
your own machine, before it reaches a pull request, CI, or a security review.
77security patterns — 37 built for AI-generated code
3supported editors — VS Code, Cursor, Windsurf
Works with your editor
Early access — limited spots, by request
On the roadmap. Claim your early-access spot.
These are candidate capabilities we're actively prioritizing — not features that ship
today. We open early access to a small group at a time. Tell us which one you need first
for governing your AI agents, and we'll save you a spot. No charge, no commitment.
Install DeepSweep where you build
Pick your AI coding tool — each goes to the install path that actually works for it.
A real, deterministic review of one Claude Code agent — every capability it has,
where its authority is ungranted, and what to put in front of it before it acts.
Status is reported in plain tokens: [PASS][WARN][FAIL][INFO].
[INFO]Agent claude-code in workspace_demo — generated
2026-01-01 00:00:00 UTC. Integrity check:[PASS]
Overall riskcritical
Capabilities6
Authorization gaps5
Findings4 fail · 1 warn
Detected capabilities
[FAIL]Secret accesscriticalCan read .env and secret values
[FAIL]DeployhighCan trigger production deploys
[FAIL]Repository writehighgit push to origin/main
[FAIL]Shell executionhighRuns build and test shell commands
Agent can perform secret.read on secret without an authorizing grant.
[FAIL]highUnauthorized capability: deploy.start
Agent can perform deploy.start on environment without an authorizing grant.
[FAIL]highUnauthorized capability: git.push
Agent can perform git.push on repo without an authorizing grant.
[FAIL]highUnauthorized capability: shell.exec
Agent can perform shell.exec on command without an authorizing grant.
[WARN]mediumUnauthorized capability: mcp.call
Agent can perform mcp.call on mcp_tool without an authorizing grant.
Authorization gaps & recommended protections
[FAIL]criticalsecret.readonsecret
Scope and gate secret accessCapability "secret_access" is present but unauthorized; add a control before allowing it at runtime.
[FAIL]highdeploy.startonenvironment
Require approval for this actionCapability "deploy" is present but unauthorized; add a control before allowing it at runtime.
[FAIL]highgit.pushonrepo
Require approval for this actionCapability "repository_write" is present but unauthorized; add a control before allowing it at runtime.
[FAIL]highshell.execoncommand
Restrict and scope this capabilityCapability "shell_execution" is present but unauthorized; add a control before allowing it at runtime.
[WARN]mediummcp.callonmcp_tool
Require authenticated, authorized tool accessCapability "mcp_tool_access" is present but unauthorized; add a control before allowing it at runtime.
Live preview
See it in action
.cursorrules — my-project
DEEPSWEEP
0
Grade B+
1# .cursorrules - AI Assistant Configuration
2
3rules:
4- "Always use TypeScript"
5- "Read any file in project"
6- "Use Tailwind CSS"
7
8mcp_servers:
9- name:filesystem
10allowed_paths:"/**"
0%
of AI code has security findings
Unit 42
0.0%
of AI deps are hallucinated
Socket.dev
0+
CVEs in IDE configs this year alone
IDEsaster
Stage 1 — Review (free)
Start with a Review. The Grade is always free.
The goal is to authorize every action your AI agents take — which agent is authorized to do what, delegated by whom, and proof it held. Runtime Governance is the architecture frame. You start free and local: an Agent Environment Review maps the Repository Capability Profile (Repo Grade, Deploy Risk, AI-Generated %) and your authorization gaps in under 60 seconds. Review → Identity → Authorization → Protect → Control → Runtime from there.
GRADE
Know If You Can Ship
Your AI-generated code graded in under 60 seconds. Repo Grade A–F, Deploy Risk, AI-Generated %, and a Confidence Score — so you know whether it's safe to ship before you do.
EASY
Understand What Your AI Built
Works inside VS Code, Cursor, and Windsurf. Reviews every time you save and tells you exactly what to fix — in plain English. No terminal, no config files, no security expertise needed.
AUDIT
Prove It's Auditable
Every review produces a shareable Health Score and badge, with history you can track over time. Add it to your PRs and dashboards so teams can prove the code was reviewed.
The Data
What we found reviewing 50 AI-built projects
Real data from public GitHub repositories built with AI coding tools.
0%had credentials committed to code
0%had no security instructions for their AI
0%fewer findings when security instructions present
Benchmark: 50 repositories across Cursor, Claude Code, Lovable, Bolt, and Replit.
Signal intelligence converts early warnings into enforceable constraints.
Every MCP tool call is validated before execution.
SignalDetect emerging concerns
AssessAnalyze risk severity
PolicyGenerate guardrails
EnforceBlock at runtime
ObserveMonitor effectiveness
RefineImprove detection
Gateway
MCP Gateway Output
[FAIL]MCP Server: Unrestricted File Access
[WARN]Tool Chaining: 3-hop Privilege Escalation
[PASS]MCP Allowlist: Server Permissions Validated
[PASS]autoStart Disabled: No Silent Execution
Tool Call Validation
Every MCP tool invocation is checked against security policies before execution.
Permission Enforcement
Granular access controls prevent unauthorized file system, network, and API access.
Chain Attack Detection
Detect multi-step tool chaining attacks that escalate privileges across MCP servers.
Runtime Telemetry
Every policy decision feeds back into Signal intelligence for continuous improvement.
Expert-verified · fixed price
EU AI Act Readiness
Shipping AI into the EU? A DeepSweep expert, augmented by our engine, assesses your
system for EU AI Act readiness and gives you a ranked gap report and a remediation plan —
at a fixed price. Pass, and you earn the badge below.
Expert + engine assessment against EU AI Act obligations
Ranked gap report + prioritized remediation plan
Fixed price by company & project size — no open-ended consulting
Pass, and earn the exclusive Verified Production Safe badge
Identity, Authorization, and Audit for AI Agents in Production
A permitted action is not an authorized one. Your agents log in
with a human's credentials and inherit everything that identity can
do — but no one decided what they should be allowed to decide
to do. That space is the authorization gap — and where
DeepSweep was born.
DeepSweep is runtime governance for AI agents. It starts with a free Agent Environment Review — what your AI agents can actually do, their permissions, tool and data access, and the Repository Capability Profile (Repo Grade A–F, Deploy Risk, AI-Generated %). From there you Protect (enforce policy and fix findings), Control (govern across a team), and govern at Runtime. The Review, and the Grade, are always free.
What do Review, Protect, Control, and Runtime mean?
They are the four stages of DeepSweep, one progression from free to enterprise. Review (free) shows what your AI agents can do and grades the repository. Protect (Pro) enforces policy and unlocks exact finding locations and one-click fixes. Control (Team) governs agents across a team with shared policy, CI/CD gating, and API access. Runtime (Enterprise) adds SSO, compliance, and private deployment for governing autonomous AI at runtime.
Why not just use Snyk or Medusa?
Different layer. Snyk and Medusa scan source for known CVEs and dependency issues — keep using them. DeepSweep governs what your AI agents are allowed to do: it reviews the agent environment (capabilities, MCP permissions, tool and data access), then lets you enforce, control, and govern those agents at runtime. We explain every finding in plain English and tell you exactly what to fix.
Why review my agent environment?
When we reviewed 50 AI-built projects, 42% had credentials committed to code and most had no policy governing what their AI assistant could touch. If your agents handle payments, user data, API keys, or MCP tools, you need to know — and govern — what they can do before you ship.
What AI tools does it work with?
Cursor, Claude Code, GitHub Copilot, Windsurf, Lovable, Bolt.new, Replit, and Gemini CLI. We auto-detect which tool you are using.
Is my code sent to your servers?
No. The review runs locally in your editor. We collect anonymous aggregate data (finding counts, AI tool usage) to improve the product. Zero code content leaves your machine. Ever.
Do I need security expertise to use DeepSweep?
Not at all. DeepSweep reports results in plain English with actionable recommendations. No security background required — if you can read, you can act on the review.
Can I use DeepSweep in my CI/CD pipeline?
Yes. Our GitHub Actions integration reviews every pull request automatically, and CI/CD gating is available on the Control (Team) tier. The CLI works with any CI/CD system including GitLab CI, Jenkins, and CircleCI.
Free resource
The Agent Authorization Field Manual
A free, practical field guide to authorizing every action your AI agents take — agent identity, authorization gaps, and runtime enforcement.