We are happy to announce new AI security training content, 30+ new Challenges, new and improved Quest functionality, the launch of a brand-new in-platform Resource Center, and deeper learner insights.

New

Content 

Non-Human Identities (NHI) Content

As AI adoption accelerates, so does the use of Non-Human Identities (NHIs), like tokens, automation accounts, and machine credentials. These are essential for modern tooling, but they introduce new risks that engineers need to understand. This new content covers the OWASP Top 10 for Non-Human Identities, including:

• Improper Offboarding
• Secret Leakage
• Vulnerable Third-Party NHIs
• Insecure Authentication
• Overprivileged NHIs
• Insecure Cloud Deployment
• Long-Lived Secrets
• Environment Isolation
• NHI Reuse
• Human Use of NHIs

This NHI content is ideal for Architects, DevOps, Platform Engineers, Cloud Engineers, Backend/API Engineers, QA Engineers, Engineering Managers, and Product Managers looking to better understand emerging risks. You can find this content in Quests as an assignable conceptual topic, as a course template in Legacy Courses, and all guidelines are available on-demand in Explore. 

25 New V2 Challenges Just Dropped in Explore – Now with Go, TypeScript React, and JavaScript React

We’ve added 25 new V2 Challenges to the Explore playtest, more than doubling the total to 44 challenges! This latest batch includes:

• Go (Basic): 10 challenges (8 vulnerable, 2 secure)
• TypeScript React: 10 challenges (6 vulnerable, 4 secure)
• JavaScript React: 5 challenges (3 vulnerable, 2 secure)

These v2 challenges are available exclusively in Explore while we’re in playtest mode. Try them out and don’t forget to leave a thumbs up/down, your feedback helps shape the future of secure coding content. Jump into Explore now and start testing your skills!

13 New Typescript React Frontend Security Topics 

Responding to demand, our Typescript React practical content has been expanded with 13 brand-new Challenges to provide learners with a more robust learning experience outside of Coding Labs. The 13 New Typescript React Challenges cover the following frontend security topics: 

• Cross-Site Scripting (XSS)
  • DOM-Based Cross-Site Scripting (2 easy challenges)
• Injection Flaws
  • CSS Injection (2 easy challenges)
• Security Misconfiguration
  • Clickjacking (2 easy challenges)
  • Disabled Security Features (1 easy challenge)
  • Improper or Missing HTTP Headers (1 easy challenge)
• Side Channel Vulnerability
  • Clipboard buffer caching (1 easy challenge)
• Unvalidated Redirects and Forwards
  • Unvalidated Redirects and Forwards (2 easy challenges)
• Vulnerable Components
  • Using Components From Untrusted Source (2 easy challenges)

These new Typescript React Challenges are available in Quests, Learn, Explore, Tournaments, Legacy Courses, and Assessments. 

Quests

Editing Active Quests

Admins can now edit active and scheduled Quests, making it easier to fix typos or adjust dates on the fly. Editable fields include:

• Quest name
• Badge
• Mandatory toggle
• Teams (add teams or switch from team-specific to all-company)
• End date

All changes are tracked in the Quest audit log for transparency. Learn more about editing Quests and tracking changes made to Quests. 

Sharing Drafts

Quest drafts can now be shared across all admins. When saving a draft, an admin can choose to share it. Once shared, all other admins within the same company can view, edit, and publish the draft. Learn more: How to share a draft quest with other Admins.

Quest Security Awareness and Design Concepts Catalogue

We’ve expanded our Quest content to better support non-developer roles with conceptual topics focused on secure design and awareness. View the Quests Security Awareness and Design Concepts catalogue to learn more.

Resource Center 

We’ve launched a new in-platform Resource Center for all Company Admins. This centralized hub makes it easier than ever to find what you need, when you need it. Key features:

• Announcements: Product updates, webinar invites, admin notices, and more.
• Knowledge Base Search: Quickly find help articles without leaving the platform.
• How To Videos: Watch quick video guides, like how to create a Quest and click directly to take action.
• Additional Resources: Direct links to case studies and upcoming webinars.

Metrics

New Learner Details View

Admins can now click on any learner’s name in the Metrics reports to open a detailed view showing key stats for the learner and a summary of progress across all assigned learning activities. API access to this learner data is supported via our Reporting GraphQL API. Learn more.

Explore

Role filter

Learners can now filter training content by role in Explore. This strengthens the ability to support role-specific learning paths, making it great for tailored upskilling.

Improved

Early Preview: New User Management Experience

We’ve started a phased rollout of our new User & Team Management interface, designed to make it easier to view, manage, and organize users across teams with greater clarity and control. This streamlined experience introduces faster navigation, improved filtering and bulk actions, and a more intuitive layout - helping admins save time and reduce complexity.

Customers will start seeing this change in May, with a banner linking from the old admin page to the new user-management interface. Learn more, or contact your CSM to request access or share feedback ahead of the full launch in June.