Vercel Agent is now a persistent presence in the Vercel Dashboard, not just a PR reviewer. It investigates production anomalies autonomously, traces errors to specific deploys, proposes rollbacks, and opens fix PRs, all before an engineer opens a laptop. In one documented case, a bad deploy triggered 500 errors at 11pm. Vercel Agent traced the failure to a deploy from four minutes prior, recommended a rollback, and resolved the incident in under three minutes after a single engineer approval.
The security model is the story worth reading in full. Most agents inherit your full permissions, making every bad prompt a full-blast-radius event. Vercel Agent runs as its own principal called vercel-agent, is read-only by default, and uses a plan-to-permission model: it proposes a scoped action, requests only the access that action requires, executes it, then drops back to read-only. Generated code runs in an ephemeral Firecracker microVM called Vercel Sandbox, isolated from live systems, tested against your actual build and linters before anything surfaces in a PR. Three checks gate every call: a short-lived capability token, scope, and existing team permissions.
The architecture argument Vercel makes about immutable deployments is worth your time even if you skip the product details. Because every deploy is preserved, agent mistakes are one rollback away, making the safety guarantee structural rather than model-dependent. Vercel Agent is rolling out now to Pro and Enterprise teams. Planned additions include delegated specialist agents for security review and frontend UX analysis.
[READ ORIGINAL →]