AI Code Security in 2026: Vercel and Replit Don't Agree on the Problem

Three AI security tools shipped from major vendors in the last sixty days. Replit Security Agent. Vercel's deepsec. A whole AppSec layer reorganizing around AI-generated code. The launches aren't the news. The shape of the response is. The vendors don't agree on what the problem is.

What did the defender stack actually ship?

Three things, in the same month, with the same architectural shape and different stories about what they are for.

Replit Security Agent (April 21) reviews a Replit-hosted app in about 15 minutes. It pairs a deterministic scan (pattern matchers that look for known vulnerability shapes) with AI agents that investigate the flagged areas. Two weeks later, Workspace Security Center 2.0 added a cross-project dashboard so a team can see which of their apps need attention first.

Vercel deepsec (May 4) is open-source and runs on your own infrastructure. It uses Claude Opus 4.7 and GPT-5.5 to investigate code through five stages of agent analysis. You point it at any repository. It surfaces findings the way a senior security engineer would.

Same architectural shape. Same month. Different way of describing what they are.

Why don't Replit and Vercel agree on the problem?

Replit's positioning is explicit. The Security Agent is for vibe-coded apps. The framing is: AI-generated code is a category, and that category needs its own security model. The blog post and the docs all say so directly.

Vercel's positioning is the opposite. Steven Tey, founder of deepsec, framed it this way at launch:

Read it carefully. He does not mention AI-generated code. He mentions review quality. That is a posture about the underlying problem (security reviews that don't tell you anything useful), not about a new category of insecure code.

Same launch month. Same shape of tool. Different cause being named. That divergence is the news.

What does same tool, different framing mean for you?

Start with what the tools actually do, not how the vendors describe them. Both Replit Security Agent and Vercel deepsec begin with a deterministic scan (pattern matchers that look for known shapes of vulnerability). Both then hand the candidates to AI agents that investigate, trace where the data is going, and check whether anything in the code is already protecting against the issue. Both produce findings with severity ratings. Both have a human-review step. The architecture is identical.

Where the two split is in what they say it is for.

Replit is right that AI-assisted building compressed the gap between "I have an idea" and "production code my users are touching." That compression is what makes security review at day one a real concern instead of a hypothetical one. The customers shipping these apps usually do not have a security team. They need something that scans the whole app in 15 minutes and gives them findings they can act on. Replit built that.

Vercel is right that the underlying issue is not new. SQL injection is still SQL injection. The agent does not introduce new vulnerability classes. It just generates the old ones faster than anyone is reading the code. Deepsec does not care who wrote the code, including whether "wrote" meant a prompt or a keystroke. The acceleration is real. The category, the way Vercel sees it, is not.

Both framings are coherent. Both ship tools that work. The market just hasn't agreed on whether AI-generated code is a security category of its own or whether security review just got pulled left across the company life cycle. That ambiguity is the most honest read of where things are this month. Anyone selling you certainty on the framing right now is selling.

What does this cost you?

These tools cost real money to run. Deepsec scans on large codebases can run thousands or tens of thousands of dollars at maximum reasoning effort, because the agents are doing the work humans used to do: read the diff, trace the data, check the mitigations. The cost has not gone away. It shifted into agent-time, billed in tokens. Continuous with the broader recalibration we wrote about in subscription shock vs usage drift: the unit you pay in is changing.

The cost is not optional once the tools become table stakes, and they are becoming table stakes quickly. The choice is which scanner gets the budget, not whether to have one.

One more piece of context. Vercel had a serious security incident in April: an OAuth attack via a compromised AI-platform customer. Deepsec shipped a few weeks later. The sequencing is not coincidence. A company that gets breached because another company's security model failed has a sharper view than most of where the actual exposure is. Vercel's response was open-source tooling for any codebase, not category-specific tooling for AI-generated code. That choice is itself a data point in the framing argument.

What should you do while the vendors argue?

We have been making the visibility argument for weeks. Why vibe coding fails named the visibility problem. Technical debt when you didn't write the code named the maintenance version of it. This is the security version.

The through-line: AI-assisted code accumulates the same liabilities any other code does. What is missing is the mental model that usually comes with authoring the code. The agent built up the understanding while it generated; you inherited the surface area without it. You can't review what you do not understand. The defender stack is buying you a borrowed mental model, fast. That is what these agent-powered scans are actually offering you.

If you ship AI-assisted code into production, don't wait for the framing argument to resolve. The tools are shipping faster than the vendors agree on what they are for. Run something at the IDE-time, pre-deploy, and runtime junctures. Don't let the category debate stall the operational fix.

Read what your tools tell you. Build the mental model the agent borrowed back into yourself. The vendors will keep arguing about whether vibe coding is a security category of its own. While they do, your users keep hitting your endpoints.