Deva

DEVA AI ASSISTANT

Your always-on
AI teammate.

Deva is a voice-activated AI agent with a 10,000-particle visualization. Talk naturally — scan files, fix vulnerabilities, generate code, and manage tasks by voice.

Voice commands with local STT inference

Gesture control: pinch, point, swipe

6 visual states: idle to scanning

AI chat + streaming file edits

Custom agent orchestration (DFCM)

Floating HUD overlay + mission control

SECURITY SCANNING

3-phase scanning engine.

Fast Scan

Regex + tree-sitter AST analysis with intra-procedural taint tracking. 20 specialized detectors, 32+ pattern rules. 7 languages supported.

LLM Analysis

Optional AI-augmented post-processing. Batches suspicious snippets to frontier models. Confirms findings and discovers new semantic vulnerabilities.

Enrich & Fix

Compliance enrichment with 14 frameworks. Supply chain checks against 27K+ CVEs. One-click AI-generated fix with side-by-side diff preview.

970+

CWE Rules

27K+

CVE Advisories

Compliance Frameworks

<5s

Scan Time (500 files)

Deva security scan visualization with dependency graph

MAGIC WAND

Point. Describe. Transform.

A visual element editor that lets you click on any DOM element in a live browser preview and describe changes in natural language. The AI maps elements back to source files, generates targeted edits, and verifies correctness.

Click-to-Select

Select any DOM element in the live browser preview.

Natural Language Edits

"Make this button larger and change to primary color."

15 Prebuilt Components

Buttons, cards, layouts, modals — drag and drop.

Smart Source Mapping

Confidence-scored mapping from DOM to source files.

Verify & Rollback

File snapshots before edits. Undo with one click.

Select element in browser

Describe change in plain English

AI maps element to source file

Generates targeted code edit

Verifies and applies changes

PLAYBOOKS & ORCHESTRATION

Automate everything.

Playbooks

DAG-based workflow graphs
Cron scheduling and triggers
Configurable quality modes
Execution history and logs
Google Docs, Slack, webhook connectors
Template cloning and sharing

DFCM Task Orchestration

Multi-step AI agent workflows
3 autonomy modes with guardrails
Mandatory human approval gates
File, CLI, scan, browser, messaging tools
Real-time SSE event streaming
Mission control via floating HUD

MARKETPLACE & INTEGRATIONS

Extensible by design.

Skills Marketplace & Tools Directory

A searchable marketplace with 8 content types sourced from GitHub and our cloud service. Browse 150+ developer tools across 45+ categories. Install skills, MCP servers, agents, and repos directly from the IDE.

SkillsAgentsMCPReposAPIsTools

MCP + App Integrations

Slack
Telegram
Discord
Google Docs
Webhooks
Notion

Custom AI Agents

Create agents with YAML frontmatter — define persona, tools, and model. Visual Agent Builder for team sharing. 4 pre-built templates ship out of the box.

Tech & Developer News

Curated feed of developer news, security advisories, and industry trends — delivered inside the IDE to inspire new product ideas and keep teams informed.

MULTI-MODEL AI

Model-agnostic. Your choice.

Route through frontier cloud models, run open-source locally, or use the Deva model built for security-first development. Switch models per-task, per-agent, or per-playbook. API keys stay in Google Secret Manager — never on the developer's machine.

Deva Model

BUILT FOR SECURE DEVELOPMENT

Purpose-built for security-aware code generation and vulnerability analysis. Fine-tuned on security patterns, CWE databases, and real-world exploit data.

Deva Pro

Security-focused code gen, vulnerability detection, and compliance-aware suggestions.

Pro

Deva Max

Full-spectrum analysis with multi-file reasoning, architecture review, and threat modeling.

Max

Frontier Cloud Models

Claude

Best-in-class reasoning and code generation. Extended thinking for complex security analysis.

Opus 4.6Most capable

Sonnet 4.6Balanced

Haiku 4.5Fast

GPT

Industry-standard models with strong tool use. Native function calling for agent workflows.

GPT-5.3 CodexCoding

GPT-4oMultimodal

o4-miniReasoning

Gemini

Long-context analysis with 1M+ token windows. Ideal for large codebase scanning.

2.5 ProAdvanced

2.5 FlashSpeed

Open-Source Models via Ollama

Run open-source models locally for air-gapped or on-premise environments. Full scanner and AI features work offline with local inference. No data leaves your network.

Llama 3.3

Air-Gapped Ready

Deploy in fully disconnected environments. Security scanning, AI chat, code generation, and playbook execution — all running on-premise.

Zero telemetry or data exfiltration

FIPS-compliant inference options

Custom model fine-tuning support

Architecture: IDE → FastAPI backend → Cloud Run proxy → Secret Manager → Provider API. No API keys stored locally. Model routing is configurable per-task, per-agent, and per-playbook.

CODING AGENTS

Choose your coding agent.

Pick the AI that writes your code. Switch between Claude, Codex, Gemini, or local models — per task, per file, or per project. Every agent can scan, fix, and ship with Deva's security engine built in.

Ask

Query your codebase, debug errors, understand unfamiliar code. The agent reads files, searches symbols, and explains logic.

Edit

Direct code editing with streaming diffs. See changes in a multi-diff editor with checkpoint timeline and one-click undo.

Agent

Full agentic mode — the AI reads files, runs terminal commands, installs dependencies, fixes bugs, and ships features autonomously.

OUR OWN CODING AGENT — COMING SOON

A security-native coding agent built from the ground up. Deva doesn't just write code — it understands vulnerability patterns, enforces compliance, and scans every edit before it hits your codebase. Fine-tuned on CWE databases, real-world exploits, and secure coding patterns.

Write secure code

Security-aware code generation from the start

Auto-scan & fix

Every edit scanned in real-time, one-click fixes

Ship with confidence

Compliance-checked, vulnerability-free commits

Security-Native970+ CWE Rules27K+ CVEsCompliance-AwareAll 3 Modes

Also works with your favorite coding agents

Claude Code

Anthropic

Best-in-class reasoning for complex refactors, security analysis, and multi-file edits. Extended thinking for deep code understanding.

AgenticTool UseVision

OpenAI Codex

OpenAI

Purpose-built for code generation. Cloud-based agent that executes tasks in a sandboxed environment with native function calling.

Code GenSandboxTools

Gemini Agent

Google

1M+ token context window for scanning entire repositories. Ideal for large-scale codebase analysis and cross-file refactoring.

Long ContextMultimodalAgent

Local / Ollama

Open Source

Run coding agents locally with Llama, DeepSeek, Qwen, or CodeLlama. Full agent capabilities with zero data leaving your machine.

Air-GappedPrivateOn-Prem

No matter which agent you choose, Deva wraps every edit with its 3-phase security scanner. 970+ CWE rules applied automatically. Vulnerabilities flagged with one-click fixes.

THE DEVA PHILOSOPHY

Think with your tools,
not through them.

Deva doesn't just write code for you. It helps you think about the products you develop through three lenses:

Application & Cyber Security

Security is not a bolt-on. Every line of code is scanned, every fix is verified, every deployment is compliance-checked.

Coder's Intent

How do you want to impact the world? Deva connects your interests, issues, and news to the tools you build. Code with purpose.

Coder's Taste

Preference matching for the individual developer. Deva learns your style, curates inspiration, and helps you find your creative edge.

BEFORE & AFTER

See the difference Deva makes.

SusVibes Benchmark Validated

AI-generated code is dangerously insecure

Claude, GPT-4, and Copilot produce functionally correct code that fails security tests. Deva catches what others miss — directly in your editor.

Functionally correct AI solutions61%

Of those, actually secureOnly 17.2%

of "working" AI-generated code has exploitable vulnerabilities

Source: SusVibes Benchmark — CMU, Columbia, Johns Hopkins (Dec 2024). 200 tasks, 77 CWE types. Best model: Claude 4 Sonnet.

What AI agents miss (Deva catches)

Timing Attacks

Password comparison leaks

Weak Auth

Password 'a' is valid

IDOR

Anyone can access /patient/123

SQL Injection

String concatenation in queries

XSS Attacks

Unsanitized HTML rendering

Auth Bypass

Missing role validation

Exposed Services

Binding to 0.0.0.0

Session Issues

Predictable session IDs

Real-World Disaster: January 2026

The OpenClaw disaster exposed 30,000+ systems

An AI assistant project went viral — 100,000 GitHub stars in 2 months. But AI-generated code created catastrophic security holes that traditional scanners completely missed.

Password 'a' was accepted as valid authentication

Services exposed to internet on 0.0.0.0:18789

AI happily revealed API keys when asked

Remote code execution via prompt injection

Security bypassed with allowInsecureAuth: true

Deva catches all of these

Weak Authentication

No password complexity

CWE-521

Exposed Network Services

Binding to 0.0.0.0

CWE-668

Security Bypass Config

allowInsecureAuth flag

CWE-266

Credential Exposure

AI-accessible secrets

CWE-200

Command Injection

Unrestricted shell access

CWE-78

Source: Bitsight Security Research, January 2026

Languages & compliance

Scans source code, infrastructure, and validates against industry standards.

Source languages

PythonJavaScriptTypeScriptGoJavaRubyRustC/C++

Infrastructure

DockerfileKubernetes YAMLTerraformDocker Compose

Compliance presets

OWASP Top 10HIPAASOC 2PCI-DSSGDPRFedRAMPNISTISO 27001SANS Top 25CIS ControlsSupply ChainStrict

Let's build the future of secure development.

One platform for coding, scanning, fixing, automating, and shipping — with an AI teammate that speaks your language.

Download Deva Watch Demo

Your always-onAI teammate.