Shows
EasyVibeCoding Podcast@vercel_dev:Vercel 開源 deepsec 程式碼安全 harness,專為大型程式庫設計的 Agent 驅動漏洞掃描工具。
Vercel 開源「deepsec」…Vercel 開源 deepsec 程式碼安全 harness,專為大型程式庫設計的 Agent 驅動漏洞掃描工具。
Vercel 開源「deepsec」,這款以程式撰寫 Agent 為核心的安全 harness,能在使用者自家基礎設施上運行,專門挖掘大型程式庫中難以察覺的漏洞。它支援 CLI 優先操作、沙盒擴展、plugin 相容的程式撰寫 Agent,並可搭配 AI Gateway 或自有訂閱進行推論,無需雲端服務暴露敏感原始碼。
架構與工作流程
deepsec 核心利用 Claude 和 Codex 模型,最高規格啟用 Opus 4.7 全力調查及 GPT 5.5 xhigh 推理模式,對程式庫進行客製化剖析。掃描流程分為五階段:
Scan:純 regex 掃描所有檔案,標記安全敏感區域作為後續焦點。
Investigate:Agent 逐一調查標記檔案,追蹤資料流、檢查緩解措施,並產生帶嚴重度評級的可行動發現。
Revalidate:第二輪 Agent 驗證調查結果,移除假陽性並重新分類嚴重度。
Enrich:調查完成後,Agent 利用 git 元資料及其他選用服務,識別負責修復各問題的貢獻者。
Export:匯出指令將發現格式化為指示,便於轉換成人類或程式撰寫 Agent 的工單。
擴展與效能
單機掃描大型程式庫可能耗時數天,deepsec 支援選用 fanout 至 Vercel 沙盒進行遠端並行執行,Vercel 自身程式庫掃描常擴展至 1,000+ 並行沙盒。內部使用數月後,他們測試於多個大型開源程式庫,證實其在大規模 monorepo 的實用性;使用者可在筆電上運行,無需額外雲端設定,僅需既有 Claude 或 Codex 訂閱即可推論。
生產環境應用案例
deepsec 已應用於 Vercel 自身 monorepo 及客戶程式庫,發現 auth 條件中的細微邊緣案例,促使開發自訂掃描器 plugin 涵蓋所有認證路徑。
Unkey 共同創辦人兼 CEO James Perkins 表示:「我們一直尋找開源程式庫的安全掃描工具,deepsec 掃描最徹底、發現最多,且真陽性率良好。」
dub.co(行銷歸因平台,具認證存取、資料庫互動及多後端服務)開源版經 deepsec 掃描,創辦人 Steven Tey 回饋:「我們收到許多自動化安全報告,多數不可行動;deepsec 是首款浮現我們希望安全工程師標記問題的工具,且在我們控制的基礎設施運行。」
假陽性與最佳適用
deepsec 發現中假陽性率約 10-20%,作者認為真陽性影響重大,故透過 revalidate 步驟讓 Agent 進一步驗證以降低假陽性。他們對此結果滿意,但強調 deepsec 最適用於應用程式與服務;對程式庫或框架,需自訂提示與掃描器才具實用性。
自訂與 plugin 系統
deepsec 內建 plugin 系統,適應特定程式庫,常見為自訂掃描器:針對 auth 模型、資料層或團隊慣例調校的 regex 匹配器。建議先運行初始掃描,然後讓程式撰寫 Agent 依據先前結果生成匹配器,例如詢問「檢視 ./my-app 先前運行,是否需新增自訂 deepsec 匹配器以發現更多漏洞候選?」此方法強化工具對專案的適配性。
模型相容性
無需特殊「cyber model」,deepsec 相容 Anthropic 與 OpenAI 的 cyber 微調模型(專為安全任務設計,基模拒絕的任務也能處理),但 off-the-shelf 模型如 Opus 4.7 與 GPT 5.5 即足夠。內建分類器檢查每步研究後是否被拒絕,實測中拒絕非問題。
起步與回饋
起步簡單:在程式庫根目錄執行 npx deepsec init,產生 ./.deepsec 目錄用於系統設定與調查目錄;依指令輸出跟進,完整文件在 GitHub。雖然已廣泛內部使用,但仍處開發早期,歡迎 GitHub 回饋與貢獻。Vercel CTO Malte Ubl 於 2026 年 5 月 4 日發布此公告,強調其在內部與客戶測試的成功,凸顯開源工具對大型程式庫安全的實戰價值。
2026-05-0405 min
ReSayGenome modelling and design across all domains of life with Evo 2This article "Genome modelling and design across all domains of life with Evo 2" is published in NATURE.Author: Garyk Brixi Journal: NATURE Year: 2026 Podcast type: ShortThe authors are:Garyk BrixiMatthew G. DurrantJerome KuMohsen NaghipourfarMichael PoliGwanggyu SunGreg BrockmanDaniel ChangAlison FantonGabriel A. GonzalezSamuel H. KingDavid B. LiAditi T. MerchantEric NguyenChiara Ricci-TamDavid W. RomeroJonathan C. SchmokAli TaghibakhshiAnton VorontsovBrandon YangMyra DengLiv GortonNam NguyenNicholas K. WangMichael T. PearceElana SimonEtowah AdamsZachary J. AmadorEuan A. AshleyStephen A. BaccusHaoyu DaiSteven DillmannStefano ErmonDaniel GuoMichael H. HerschlRajesh IlangoKen JanikAmy X. LuReshma MehtaMohammad R. K. MofradMadelena Y. NgJaspreet PannuChristopher RéJohn St. JohnJeremy SullivanJoseph T...
2026-04-2322 min
Reel BritanniaEpisode 164 - Hammer Britannia 017 - Paranoiac (1963)Reel Britannia - a very British podcast about very British movies...with just a hint of professionalism This week...more from the great Hammer studios as they craft a chilling tale of deceit and madness. A presumed-dead heir resurfaces, unraveling sinister family secrets. Gothic suspense intertwines with psychological twists, as greed, guilt, and identity collide in a haunting inheritance drama. Starring Oliver Reed and Janette Scott. Paranoiac (1963) Where secrets fester and madness reigns—welcome to the Ashby estate, where paranoia is just the beginning Paranoiac (1963), directed by Freddie Francis and produced by Hammer Films, is a gripping psychological thriller that del...
2025-04-1255 min
Release notes, with robbie_burkev20150111This podcast episode provides a roundup of the latest software releases for the 11th Jan, 2025. It covers a range of projects, from development tools to end-user applications, highlighting new features, bug fixes, and breaking changes. This episode will keep you informed about the rapidly changing tech landscape.
Software Releases
dotnet
Version: 1.33.0-nightly-250110.1 [1]
Contributors: Not specified in the sources.
v2rayN
Version: 7.6.0 [1]
Contributors: github-actions[bot] [1]
pnpm
Version: v0.0.1001 [2]
Contributors: zkochan [2]
babel
Version: v8.0.0-alpha.15 [3]
Contributors: Babel Bot, Huáng Jùnliàng, Nicolò Ribaudo, @liuxingbaoyu, fisk...
2025-01-1110 min
Open Source Startup PodcastE152: Taking on Bitly with Dub.co - an Open Source Alternative for Link ManagementSteven Tey is Founder & CEO of Dub.co, the open source link management infrastructure platform for modern marketing teams. Their open source project, also called dub, has almost 18K stars on GitHub and is used by teams at companies like Vercel, Raycast, and Perplexity.
In this episode, we dig into starting Dub.co as a side project and how it ultimately turned into a company, their initial positioning as a Bitly alternative, their focus on great design and how that shows up in all parts of their product and marketing, how analytics unlocked much higher ACVs and...
2024-10-0331 min
Commanding the NarrativeParis Olympics Opening Ceremony & Private Property Rights - With Victor Tey - XC125PARIS OLYMPICS OPENING CEREMONY & PRIVATE PROPERTY RIGHTS
WITH VICTOR TEY
The XCandidates EPISODE 125
Steven Tripp and Adam Zahra are joined by Pastor and the NSW Libertarian Campaign Director, Victor Tey.
Victor entered the political realm during the COVID lockdowns, when he began ‘Exercising My Rights’, where he would exercise in public places with protest material and signage. This lead to Victor being arrested on multiple occasions, but he was able to avoid any fines or criminal conviction in court.
This led...
2024-07-291h 38
The Jason Levin Show#53: Steven Tey - #1 Product of the Month, Product Hunt Launch Tips, and Twitter Growth HacksSteven Tey is the founder of Dub.co, an open-source 10x better version of Bit.ly.
(00:39) How Steven hit #1 on Product Hunt
(07:22) Founding Dub.co
(09:47) Product Hunt launch hacks
(15:32) Steven's Twitter hacks
(20:04) Future of Dub.co
Jason Levin is a viral marketer and Head of Growth at Product Hunt. Read Jason's weekly advice column on organic social media growth for startups.
Follow Jason on Twitter.
Subscribe to Jason on YouTube.
Past guests of The Jason Levin Show include: Eric Jorgenson, Greg Isenberg, Joshua S...
2024-05-0823 min
Latent Space: The AI Engineer PodcastThe Busy Person's Intro to Finetuning & Open Source AI - Wing Lian, AxolotlThe Latent Space crew will be at NeurIPS on Tuesday! Reach out with any parties and papers of interest. We have also been incubating a smol daily AI Newsletter and Latent Space University is making progress.Good open models like Llama 2 and Mistral 7B (which has just released an 8x7B MoE model) have enabled their own sub-industry of finetuned variants for a myriad of reasons:* Ownership & Control - you take responsibility for serving the models* Privacy - not having to send data to a third party vendor* Customization - Improving...
2023-12-081h 04
The Dock with Omar WaseemVercel Employee Shares the Secret to Building Viral Projects | Steven Tey | EP35Omar (@omarwasm) and Vishal (@vishalkolr) sit down with Steven Tey (@steventey) from Vercel to talk about why he joined the company, his secret for making projects go viral on Twitter, how Vercel got its name, the problem with conferences for devs, the importance of company branding, and more....
The Dock is a Founders, Inc. show. Learn more about Founders, Inc. at:
https://f.inc
Links:
· Steven's Twitter
· The Dock
Timestamps:
0:00 - Intro
2:02 - His Background
5:23 - Why Vercel is winning
6:13 - How Vercel got its name
9:37 - His secret to virality
18:33 - Austin vs SF
20:12 - His Day in the life
22:44 - Vercel's branding
23:49 - Are
2023-10-1457 min
Latent Space: The AI Engineer PodcastRWKV: Reinventing RNNs for the Transformer Era — with Eugene Cheah of UIliciousThe AI Engineer Summit Expo has been announced, presented by AutoGPT (and future guest Toran Bruce-Richards!) Stay tuned for more updates on the Summit livestream and Latent Space University.This post was on HN for 10 hours.What comes after the Transformer? This is one of the Top 10 Open Challenges in LLM Research that has been the talk of the AI community this month. Jon Frankle (friend of the show!) has an ongoing bet with Sasha Rush on whether Attention is All You Need, and the most significant challenger to emerge this year has been RWKV...
2023-08-301h 12
Star Wars Chit-Chat (Formerly Comics In Canon)Hidden Empire 4 & Zuckuss’ Backstory: The Fermata Cage Opens & The Edgehawk Among Asteroids (Hidden Empire 4 & Bounty Hunters 32) – Ep 127HIDDEN EMPIRE NEARS IT’S END, AS THE FERMATA CAGE OPENS AGAIN… For ep 127, Mike delves into the penultimate issue of the Hidden Empire, where the Archivist activates the Fermata Cage on Amaxine Station, as Vader & Palpatine see to it personally! Meanwhile, the Bounty Hunter crew is pursued by Inferno Squad through an asteroid field while Zuckuss is trapped in a vision of his past, meaning we get his backstory! Mike also gives more information on the Gand, Amaxine Station and more!
This episode was first released on the feed of Comics In Motion, in May 2023.
Hi...
2023-08-2927 min
Comics In MotionSWCIC: Hidden Empire 4 & Zuckuss’ Backstory: The Fermata Cage Opens & The Edgehawk Among Asteroids (Hidden Empire 4 & Bounty Hunters 32) – Ep 127HIDDEN EMPIRE NEARS IT’S END, AS THE FERMATA CAGE OPENS AGAIN… For ep 127, Mike delves into the penultimate issue of the Hidden Empire, where the Archivist activates the Fermata Cage on Amaxine Station, as Vader & Palpatine see to it personally! Meanwhile, the Bounty Hunter crew is pursued by Inferno Squad through an asteroid field while Zuckuss is trapped in a vision of his past, meaning we get his backstory! Mike also gives more information on the Gand, Amaxine Station and more!
Hidden Empire 4 was released March 1st 2023, was written by Charles Soule, with Steven Cummings as penc...
2023-05-2027 min
PodKast de K Fund#181 - Steven Tey (Vercel): understanding the role of developer relationsIn this week’s episode we chat with Steven Tey, senior developer advocate at Vercel.
Steven has been at Vercel for almost two years to help the company build and scale its developer relations function. In this conversation, you’ll be able to learn:
What Vercel is and why its relationship with developers is important
Steven’s journey into developer relations, and what led him to become a senior developer advocate at Vercel
What is developer relations, and why is it important for companies that build developer tools and platforms?
How does developer advocacy differ from tradit...
2023-03-3152 min
PodRocketVercel and Platforms Starter Kit with Steven TeyDevRel at Vercel, Steven Tey, joins us to talk about Platforms Starter Kit, a new template for site builders. We talk about Vercel, multi-tenant platforms, and low-code tools.
Links
https://twitter.com/steventey
https://oneword.domains
https://dub.sh
https://podrocket.logrocket.com/next-13
https://demo.vercel.pub/platforms-starter-kit
https://vercel.com/templates
https://nextjs.org/conf
https://precedent.dev
https://vercel.com/docs/concepts/edge-network/edge-config
Tell us what you think of PodRocket
We want to hear from you! We want to...
2023-01-1836 min
Kickstart Commerce Podcast - Domain Investing & Development StrategiesFrom OneWord.Domains to Elegance.ai with Steven TeyWelcome to the Kickstart Commerce podcast where we share search marketing and domain investing strategies to help grow your business.
In today's episode, our guest is Steven Tey — a developer and founder of Elegance.ai, formerly known as OneWord.Domains.
Today Steven and I discuss:
How pursuing education in Malaysia landed him in the United States, having recently graduated a double major in branding and data science from Minerva.
We then discuss how a simple prototype to take the top 10,000 most commonly used English words and pair them with popular non .com domain extensions led...
2021-06-251h 03
Josh.co - Digital Fortune PodcastDigital Fortune #13 - Steven TeySteven Tey is a Data Science student and founder of OneWord.Domains & Recurrence.App.
2020-11-3046 min
Domain Name Wire PodcastOne Word Domains – DNW Podcast #287A tool to find one-word domains and thoughts about the state of the domain business. This week I have a guest interview and some thoughts about the domain industry. For the guest segment, I speak with Steven Tey, a student who created OneWord.Domains to help people discover one-word domains that are available for registration. In […]
Post link: One Word Domains – DNW Podcast #287
© DomainNameWire.com 2026. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this...
2020-05-2634 min
Domain Name Wire PodcastOne Word Domains - DNW PodcastI talk to Steven Tey on this week's show. Steven is a student who created OneWord.Domains to help people discover one word domains that are available for registration. In addition to speaking with Steven, I also give my take on the current state of the domain market, discuss domain name liquidation platforms, and share my frustrations with GoDaddy. Also: Patents, reverse domain name hijacking, domain name surge Sponsor: Donuts
2020-05-2634 min
In This Episode: Everybody Dies22: The Boys - Review (part 2)In this Episode: Our Heroes shoot themselves up with Compound V and partake in part 2 review of The Boys. We take a deep dive on tartan Chuck Taylor shoes and the discography of the Spice Girls (not really). Tune in for the best bits from the Amazon Studios show. Links: Note - if the below links don't work in your podcast player please visit the show page at: ebd.fm/episodes/22 Last Jedi Trailer The Joker The Watchmen (show) Umbrella Academy episode Jeremy Irons Regina King Part 1 episode Ozymandias The Comic Snake Eyes Yo Joe vs...
2019-09-261h 24
thebunkernyThe Bunker NY on Red Bull Radio: Løt.te 05/20/2019The Bunker NY label artist and polymath of noise, industrial techno and ambient music stops by for a mix and interview.
Mehmet Irdel is the musician and designer behind the name Løt.te (pronounced Loat-tey). Living in New York via Turkey, the artist has two releases on the Bunker NY (“Pressure Chant” in 2014 and “History of Discipline” in 2015), both summoning a nuanced strain of gritty warehouse techno in the ilk of Sandwell District. He has also released music on labels such as New York Trax, Blankstairs and Robert & Leopold (the tape label owned by Ryan Martin of Dais), the latter sh...
2019-05-032h 00