Home »  Editorial Desk »  DeepSource-releases-fully-autonomous-AI-agents-to-automate-code-security-across-unified-platform

DeepSource releases fully autonomous AI agents to automate code security across unified platform

  • The AI agents will be fully autonomous as they observe code and execute fixes.
  • DeepSource is also launching its Software Composition Analysis (SCA) solution to secure codebases’ open-source code.
  • This makes DeepSource the all-in-one solution for SAST, SCA, and code quality, with an autonomous agentic layer - a novel offering in the DevSecOps space.

05/25/2025, San Francisco, CA - DeepSource, the unified DevSecOps platform for securing code, is today launching a series of fully autonomous AI agents that can scan and fix code security vulnerabilities.

DeepSource’s AI Agents observe key events, such as commits made to the code base, apply reasoning to optimize for their security goals, and autonomously take action to proactively keep the organization’s code base secure.

The 3 agents being released today are the following:

1.    False-positive Triage Agent - Based on the repository’s context, its own memory, and the real-world threat intelligence, the agent will decide if security issues found in the code are valid or not. If they are invalid, it will automatically suppress them with proper reasoning.

2.    Common Vulnerabilities and Exposures (CVE) Prioritization Agent - This agent triages open-source vulnerabilities based on the repository’s context and re-prioritizes them autonomously - currently a manual task that AppSec teams spend a lot of time on that can be fully replaced by AI.

3.    Autofix™ AI Autopilot - This agent puts DeepSource's existing Autofix™ AI feature on autopilot by learning developer behavior and autonomously creating pull-requests with security fixes in the code.

Some key elements of the agents - and their competitive differentiators - are the following:

  • These agents run 100% autonomously, in the background for each organization. This is an industry first - all other companies building agents are building human-triggered agentic loops.
  • The agents save ~5 hours every week per developer in manual triaging, false-positive elimination, creating new tickets, and executing fixes.
  • DeepSource will charge companies per agent, rather than the more common “per consumption” or “per outcome.”
  • The agents understand the context of the software projects, and reason about their observations based on their memories and their team’s goals. Teams can add to the long-term memory of these agents to align their behaviour better with the goals.

“Code is no longer being written just by humans. The surge of AI-generated code means 10x more code can now be developed in the same amount of time, and by less experienced developers. But we’re not speeding up our code security practices by that same factor,” says Sanket Saurav, co-founder and CEO of DeepSource. “Real end users will be impacted if companies don’t evolve their tooling to ensure they’re securing this exponentially higher volume of code.”

Can AI fix what AI breaks?

AI-generated code is becoming a huge component in software development, with 1 in 4 Y Combinator startups using AI for 95% of their code. Yet research has found that almost half of the AI-generated code being studied had bugs that could lead to harmful exploitation.

It may be counterintuitive to suggest that AI-driven tools can solve an AI-generated problem; however, the nature of LLM-based AI being used by code generators and the AI used in this SCA tooling is very different.

“We built our AI Agents to be goal-based, and work with hundreds of signals and observations, so we are able to align these agents to act autonomously - rather than follow simple code generation loops,” says Jai Pradeesh, co-founder of DeepSource. “All the  traces of our AI Agents are visible to users, so they can see how the agents reason. This can be used by companies to align how the agents behave. Doing this is not possible for generalist AI tools since they lack the code’s context that we see with static analysis.”

DeepSource SCA launch

DeepSource is simultaneously launching a Software Composition Analysis (SCA) solution to secure codebases against unsafe open-source elements, which represent up to 90% of applications’ code. This launch takes SCA out of private beta and completes DeepSource’s all-in-one platform for developing secure code.

Today’s applications easily run on thousands of open-source elements. DeepSource’s new SCA product continuously monitors and fixes the open-source supply chain’s vulnerabilities, eliminating countless hours of manual work for AppSec teams.

With these additions, DeepSource is now the all-in-one solution in a fragmented AppSec landscape. The new features complete a suite of existing products: Static Application Security Testing (SAST), Autofix™ AI, and code quality and code coverage solutions.

In February 2025, DeepSource released Globstar, an open-source project bringing the most cutting-edge code security tooling to the AppSec community, with no restrictions on commercial usage.

About DeepSource

DeepSource secures businesses’ entire development lifecycle with static code analysis and AI. Trusted by thousands of companies, from startups to Fortune 500s, DeepSource is the only DevSecOps platform with a complete offering: code quality, SAST, secrets scanning, code coverage, and SCA. They are also the creators of the open-source static analysis toolkit, Globstar.