Back to Documentation

Detection Patterns

Understanding DeepSweep detection rules

Pattern Categories

The DeepSweep editor extension ships 77 detection patterns - 37 built specifically for AI-generated code and agent configurations, plus 40 traditional application-security patterns - aligned with the OWASP AI systems Top 10. The AI-specific set covers these categories:

Credential Exposure

Patterns detecting API keys, tokens, and secrets left in code or AI assistant configuration files - the most common issue in AI-generated projects.

Prompt Injection

Patterns detecting attempts to manipulate AI assistant behavior through hidden instructions, jailbreak attempts, and instruction override attacks in files like .cursorrules.

MCP Security

Patterns detecting risky Model Context Protocol configurations, including dangerous tool permissions, auto-execution risks, and untrusted server connections.

Misconfiguration

Patterns detecting insecure AI assistant and workspace settings that widen your attack surface.

Data Exfiltration & Supply Chain

Patterns detecting attempts to extract sensitive data through AI assistant behavior, and supply chain risks in the components your assistant pulls in.

Patterns in the CLI

The open-source CLI focuses on AI assistant configuration files and currently ships 16 rules covering Cursor rules, MCP configs, and related files. List them anytime:

deepsweep patterns