AI-native development platform
Startup Tuneup · LaunchCyber Venture Forum 2026
NVIDIA Inception
Deva Security · 500+ installs

AI-assisted secure and compliant coding
for classified and controlled environments.

Deva catches insecure and non-compliant code as it is written, explains why it matters, and generates the fix, using local AI models that run entirely inside your boundary.

Download DevaTry Interactive Demo
Download for iOS
Fully air-gapped
Local Deva models
17 compliance frameworks
14 languages · No code egress

field report · Deva IDE · May 2026

0+

CWE security rules built in

25 hybrid detectors · AST + taint tracking · 14 languages

0

Active user teams

government cyber/intel · medical/health research

0

Compliance frameworks mapped

CMMC · FedRAMP · HIPAA · PCI-DSS · NIST · SOC 2 · GDPR + more

0 days

Full-time to core product shipped

went full-time Feb 9 · scanning engine + AI fixes + compliance

live

See the full picture.

Every feature, one unified experience.

Watch all videos
The Platform

One platform.
Everywhere.
Including where no cloud AI can go.

Write-time detection, compliance-aware fixes, and local AI, sealed inside your boundary.

Local-Model Deployment

Runs against an on-prem or air-gapped model. Ships with Deva Coder, or use your own.

Write-Time Detection

Findings surface while code is being typed, not at commit, PR, or nightly scan. The difference between preventing and remediating.

Code-Level Compliance

Findings map directly to CMMC, FedRAMP, NIST 800-53, HIPAA, PCI-DSS, SOC 2, and GDPR controls. 17 frameworks, 6 export formats.

Explore all features
Deva Model Family · Local AI

The local models.

Run entirely inside your boundary.

Purpose-built models trained on domain-specific data. No outbound model calls. No third-party provider dependencies. Deploy on your own hardware, use a dedicated server we provision for you, or run fully air-gapped. Source code and patient data never leave your environment.

Your hardware

Run on dev machine or bare-metal server

Dedicated server

We provision and manage the inference host

Air-gapped env

Fully offline, classified environments

live · no egress

EXPLORER

deva-coder-v8
123456789101112131415161718192021222324

# deva-coder-v8 · benchmark results

# H200 GPU run · 2026-04-29

mbpp_syntax_pass_rate99.7%
99.7%
tool-use_compliance93.3%
93.3%
securityeval_cwe_accuracy87.5%
87.5%
fix_generation_rate100%
100%
first-token_latency~1.3s
Apple Silicon · no cloud calls
deva-coder-v8local inference · no cloud calls
Ln 1, Col 1air-gapped

the deva model family

NVIDIA Inception compute
Deva Coder
Live

Security-focused coding agent. CWE detection, CVE patching, secure code generation. Excelling on SWE Bench, HumanEval, and SecurityEval.

Local inferenceOn-premiseAir-gapped
Deva Medical
Training

HIPAA-aware clinical AI. De-identification of all 18 PHI categories, clinical summarization, ICD-10 coding, FHIR resource generation, and HIPAA-compliant code.

Clinical NLPDe-identificationOn-premise only
Deva Gov
Training

Government compliance mapping. CMMC, FedRAMP, NIST 800-53, FISMA controls. Built for classified environment workflows and air-gapped deployments.

Compliance mappingClassified envsAir-gapped
Compliance Coverage

17 compliance frameworks.

Mapped to your code.

Every finding maps to the exact control clause it violates. Not just the framework name. HIPAA 164.312(a)(1). NIST 800-53 SI-10. PCI-DSS 6.3.2. Each control is labeled with a verdict: covered clean, covered with violations, partially covered, not covered, or attestation-required. The output mirrors what an auditor expects on a System Security Plan.

src/api/users.ts:42

violates 3 controls
NIST 800-53SI-10
HIPAA164.312(a)(1)
PCI-DSS6.3.2
CWE → control mapping across 17 frameworks
5 verdict levels per control, matching System Security Plan format
6 export formats: SARIF, OSCAL, JUnit, CSV, JSON, agent-json
Compliance-aware fixes that don't re-introduce violations

DoD & Government

5 frameworks
CMMC 2.0
FedRAMP
NIST 800-53
NIST 800-171
NIST CSF 2.0

Code-level mapping · exact control clauses · audit-ready evidence

AI Assistant

Your always-on
AI teammate.

Say it. Deva does it. Scan files, fix vulns, write code, run agents. All from your voice. No context switching. No chat window. Just talk to your IDE.

Voice commands with local STT inference
Gesture control: pinch, point, swipe
6 visual states: idle to scanning
AI chat + streaming file edits
Custom agent orchestration (DFCM)
Floating HUD overlay + mission control
Deva Clone: AI personas with persistent memory
situation report· DEVA-2026-Q2 · May
Live

active user teams

10

Government cyber/intel and medical/health research teams. The two verticals where compliance most directly blocks revenue.

GovernmentCyber/IntelHealthcareMedical ResearchDefense

60 days

Full-time to core product shipped

Went full-time Feb 9, 2026. Scanning engine, AI fixes, compliance mapping live.

500+

Deva Security installs in 3 days

VS Code Marketplace + Open VSX Registry. Extension version of the full IDE.

Gov + Health

Two verticals where compliance blocks revenue

10 user teams across government cyber/intel and medical/health research

recognized by

Startup Tuneup

by Launch

NVIDIA Inception

Compute for Deva Models

CVF 2026

Blu Ventures

Defense Tech DC

015

investor relations

Building in or investing in regulated-environment AI security? We are actively meeting with teams in gov and healthcare.

Get in touch
Actively Developed

Built in the open.
Updated constantly.

Full-time since Feb 9, 2026. Shipped the core product in 60 days. Here's the timeline.

May 12, 2026
Launch

Deva Security Extension: 500+ Installs in 3 Days

Deva Security, the extension version of Deva, is live on the VS Code Marketplace and Open VSX Registry. 500+ downloads within its first 72 hours.

May 10, 2026
Traction

10 Active User Teams in Gov + Healthcare

Now serving 10 user teams across government cyber/intelligence and medical/health research — the two verticals where compliance most directly blocks revenue.

Sign up to see all updates and get notified about new ones.

Sign up for full access