Overview
Deep Analyze is an AI-driven static analysis feature that inspects source code for security vulnerabilities using program-structure analysis, call-graph extraction, and a multi-agent system.Privacy commitment: We do not train our models with your data. Your source code and analysis results remain private and are never used for model training purposes.
Key capabilities
Zero-day vulnerability detection
Deep Analyze leverages call graphs to detect zero-day vulnerabilities from user-controlled inputs, including:
- Authorization and authentication bypass
- SQL injection
- Server-Side Request Forgery (SSRF)
- Remote Code Execution (RCE)
Integration points
Use Deep Analyze in:
- Security engineering workflows
- CI/CD security pipelines
- Code review and PR validation
- API and microservice security scanning
Vulnerability detection
Critical vulnerability categories
Deep Analyze identifies critical vulnerability categories:
- Broken Access Control - Unauthorized access to resources
- SQL Injection - Database manipulation through untrusted input
- Server-Side Request Forgery (SSRF) - Unauthorized server-side requests
- Remote Code Execution (RCE) - Arbitrary code execution
Validation workflow
All detected issues surface as prefindings. You validate each one to determine whether it is a confirmed vulnerability requiring remediation or a false positive that can be safely dismissed. Only approved prefindings become active findings in your workspace.
Vulnerability details
For each detected vulnerability, Deep Analyze provides full context to help your team understand and act on the issue:- Human-readable description of the vulnerability
- CWE references and descriptions
- CVSS severity scoring
- The exact code path that leads to the vulnerability

Recommended fixes and Autofix
For every confirmed API vulnerability, Krait suggests a recommended code fix alongside the finding details. You can review the proposed change before taking any action. When you are ready to apply it, Krait can automatically create an Autofix PR directly to your connected repository, so your team can review and merge the fix without writing a single line of code.