Detection Patterns
Understanding DeepSweep detection rules
Pattern Categories
The DeepSweep editor extension ships 77 detection patterns - 37 built specifically for AI-generated code and agent configurations, plus 40 traditional application-security patterns - aligned with the OWASP AI systems Top 10. The AI-specific set covers these categories:
Credential Exposure
Patterns detecting API keys, tokens, and secrets left in code or AI assistant configuration files - the most common issue in AI-generated projects.
Prompt Injection
Patterns detecting attempts to manipulate AI assistant behavior through hidden instructions, jailbreak attempts, and instruction override attacks in files like .cursorrules.
MCP Security
Patterns detecting risky Model Context Protocol configurations, including dangerous tool permissions, auto-execution risks, and untrusted server connections.
Misconfiguration
Patterns detecting insecure AI assistant and workspace settings that widen your attack surface.
Data Exfiltration & Supply Chain
Patterns detecting attempts to extract sensitive data through AI assistant behavior, and supply chain risks in the components your assistant pulls in.
Patterns in the CLI
The open-source CLI focuses on AI assistant configuration files and currently ships 16 rules covering Cursor rules, MCP configs, and related files. List them anytime:
deepsweep patterns