BYOK for AI Review
AI code review that runs on your infrastructure, with the model provider you choose.
- By Jai
- ·
- Product
- Announcements
Enterprise teams considering to adopt AI code review run into the same set of questions: where does inference happen, which model provider do we use, and how does this fit into the cloud agreements we already have in place? We're introducing Bring Your Own Keys (BYOK) on DeepSource Enterprise Server to solve this.
For organizations with restrictions on how their source code is shared with AI model providers, it's now easier to adopt DeepSource AI Review.
Full control over AI inference
If you have committed spend or negotiated rates with a cloud provider, AI Review runs against that budget. No separate AI line item, no new vendor to approve in procurement. Some teams standardize on Anthropic, others on OpenAI or Gemini, and BYOK lets each team use the model family that matches their requirements, whether technical, contractual, or both.
Swapping providers is a simple config change. Update the API key, and the next PR analysis picks up the new model. There is no migration, no data export, no downtime. Static analysis, SCA, secrets detection, IaC scanning, and the PR Report Card all run identically no matter which LLM sits behind AI Review.
Supported providers
We're starting with support for three model families:
| Model | Cloud providers |
|---|---|
| Anthropic Claude | Amazon Bedrock, direct API |
| OpenAI GPT Codex | Azure OpenAI, direct API |
| Google Gemini | GCP Vertex AI, direct API |
Configuration requires two model deployments:
- a flagship model that powers Autofix™ and AI Code Review, and
- a smaller, faster model that handles everything else (like generating issue descriptions, filtering, summarization)
Splitting workloads this way keeps token costs down and inference fast, while maintaining quality.
Security and compliance
With BYOK on DeepSource Enterprise Server, inference calls go directly from Enterprise Server to your model provider, without passing through DeepSource Cloud or any third-party endpoint. If your org has a BAA with Azure OpenAI or a data residency agreement with GCP Vertex AI, those terms govern every AI feature on DeepSource.
This matters for teams operating under SOC 2, HIPAA, FedRAMP, or internal policies that require DPAs with every vendor in the data path. BYOK keeps AI features inside your existing compliance boundary, with no additional agreements to negotiate.
BYOK is generally available on all Enterprise Server deployments starting today. If you're already on Enterprise Server, reach out to your point of contact to enable it. If you're interested in bringing AI code review to your team, Contact sales to discuss!
The AI Code Review Platform for fast-moving teams and their agents.
