Verx — AI dependency security for dev teams.
Scans full dependency trees against CVE databases, clusters related packages for safe batch updates, and runs AI agents in isolated containers to fix breaking changes before you merge.
The problem
Triaging CVEs, figuring out which packages can be safely bumped together, chasing breaking changes across a monorepo — dev teams spend days on this every release cycle. Nobody enjoys it and nobody’s careful about it by week four.
The result is predictable: security backlog grows, dependency updates pile up, the day the team finally catches up it’s a five-PR landslide with a production incident on the other side.
What we built
Verx scans full dependency trees against CVE databases and clusters related packages for safe batch updates. AI agents run in isolated containers to fix breaking changes and push ready-to-review PRs — one phased upgrade plan instead of dozens of individual PRs.
It also maps blast radius: which files, imports, and downstream packages a proposed change touches. So you know what breaks before you merge, not after.
- Full dependency tree scanning against CVE databases
- Clustered upgrades: related packages bumped together safely
- Isolated AI agents fix breaking changes and open PRs
- Blast-radius mapping for every proposed change
Outcome
Weeks of dependency triage compress into a reviewable upgrade plan. Breaking changes get diagnosed and fixed before the PR hits review, not after. Teams stop choosing between shipping features and keeping dependencies current.
Verx is live and running in production.
Clustered upgrades
Related packages get bumped together so fixes don’t fight each other.
Isolated AI fixes
Agents run in sandboxes to patch breaking changes before PRs open.
Blast-radius mapping
See which files, imports, and downstream packages a change touches.
Working on something like this?
We'll walk you through how we'd approach your version and tell you honestly whether AI is the right fit.