Yash Dave

DeepSource AI Review now scores higher on the OpenSSF CVE Benchmark. Most importantly, we're seeing 4%+ gain on the F1 score. This means we're catching more real vulnerabilities without introducing a single false positive. Our precision hit 100% (zero false positives across 83 patched diffs) while recall climbed to 73.17%.

🤖 Announcing Autofix Bot -- AI agent that detects and fixes security vulnerabilities in code. Autofix Bot v1 benchmark: - 8% more accurate than Claude Code - 52% cheaper than Codex CLI - 5x faster than Gemini CLI Programming with AI introduces real challenges to security: - LLMs often miss critical flaws when used for self-review, with recall often dropping to zero. - AI codegen tools produce code with hidden security risks that aren't obvious at first glance. - LLMs use patterns from old data, introducing outdated vulnerabilities. Autofix Bot solves these by combining AI with static analysis for consistent, deterministic results: it scans pull requests for security issues and suggests in-place fixes to prevent security issues from reaching production. Benchmarked on OWASP's rigorous dataset of 2740 labeled files, Autofix Bot delivers 88% accuracy and 94% true positives -- matching OpenAI Codex while outperforming Claude Code and Gemini CLI in cost (58 USD vs. up to 300 USD) and time (2.4 hours). For secrets detection, it achieves a 0.93 F1 score, higher than just relying on tools like Gitleaks at 0.76, leading to fewer missed credentials and minimal false positives. In practice, fixes average under 13 seconds, and it scales to thousands of files without slowing workflows. Early access is open for partners -- reach out to integrate the API. Coming soon for individual developers. More information at https://t.co/H9ZW8wcrGM