Menu

    May 2026

    Avatar
    Secure Code Warrior Elves
    • Updated
    Follow

    Release Notes - May 2026

    Embedded Vulnerability Report with Quest Creation

    What's New:
    A new Vulnerability Report is now available under Trust Agent for organizations that import vulnerability data from supported scanning tools. The report gives company admins a consolidated view of imported vulnerability data, including time to remediate, top issues, repository breakdowns, and trend data over time. Admins can also create a draft Quest directly from the most common vulnerability topics surfaced in the report.

    Key Benefits:

    • See vulnerability insights in one place without relying on manual CSV-based reporting
    • Turn common vulnerability findings into targeted learning with Quest creation
    • Filter by repository, category, and severity to focus training where it matters most

    How to Access:
    Go to Trust Agent and select Vulnerability Report. This feature is available for company admins with imported vulnerability data from Fortify, Snyk, or GitHub Advanced Security.

    Trust Agent: AI General Availability Updates

    What's New:
    Trust Agent: AI now includes generally available features for AI tool visibility and policy management. Customers can view which artificial intelligence tools developers are using, filter dashboards by specific tools, and define approved or unapproved large language models for their organization.

    Key Benefits:

    • Understand which artificial intelligence tools are being used across your organization
    • Focus reporting with filters for specific tools and models
    • Track code written with unapproved models and strengthen governance

    How to Access:
    Open the Trust Agent: AI dashboards to view the AI tools table, apply filters, and configure large language model policy settings.

    Clone a Quest

    What's New:
    Admins and team managers can now clone an existing Quest into a new draft. The cloned Quest carries over the original configuration, including objectives, content, settings, and selected languages, while clearing fixed dates so a new schedule can be set.

    Key Benefits:

    • Reuse successful Quest setups without rebuilding them from scratch
    • Save time when creating updated or repeated training campaigns
    • Maintain consistency across similar learning programs

    How to Access:
    Open a Quest detail view and use the dropdown menu to clone a draft, active, finished, or archived Quest.

    Admin Impersonation Improvements

    What's New:
    The administration impersonation experience now includes a dedicated Impersonate button next to each user. Selecting it opens a separate tab and signs the administrator in directly as that user.

    Key Benefits:

    • Switch into user context more quickly
    • Reduce friction when troubleshooting or supporting users
    • Keep the existing impersonation workflow available alongside the new shortcut

    How to Access:
    Go to the impersonation area in administration and select the new Impersonate button beside the relevant user.

    Typescript MCP Content and OWASP Alignment

    What's New:
    Hands-on MCP vulnerability training now supports Typescript MCP in Quests, Learn, and Explore. The MCP curriculum has also been aligned to the public OWASP MCP Top 10 draft, including updated naming and additional topics.

    Key Benefits:

    • Train developers on MCP vulnerabilities in both Python and Typescript
    • Use content aligned to the OWASP MCP Top 10 draft
    • Access newly added topics for broader and more current coverage

    How to Access:
    Find this content in Quests, Learn, and Explore by selecting Typescript MCP where available.

    Security Champion Objective for Quests

    What's New:
    A new Security Champion objective type is now available in Quests. This objective helps admins configure a dedicated learning path that serves more advanced topics for champion-level learners.

    Key Benefits:

    • Create advanced learning tracks for more experienced learners
    • Surface harder content beyond standard common-topic objectives
    • Choose from 3, 5, or 10 champion-level topics

    How to Access:
    When creating or editing a Quest, select the Security Champion objective type and choose the number of topics to include.

    Quest FAQ
    How to set up Quests

    Self-Service Single Sign-On for Multiple Security Groups

    What's New:
    Self-service single sign-on setup now supports multiple security groups. This extends self-service setup for customers who use multiple domains or different identity providers with separate certificates.

    Key Benefits:

    • Support more complex authentication setups without relying on support intervention
    • Give company admins more control over single sign-on management
    • Reduce friction for organizations with multi-group identity requirements

    How to Access:
    Use the self-service single sign-on setup flow in administration. Multiple security group support is now included.

    Flexible Schedule Management for Quests

    What's New:
    Quest schedule management is now more flexible. Admins can edit end dates for active Quests and reopen finished Quests by updating the end date, making the Quest active again.

    Key Benefits:

    • Extend or shorten active Quest timelines as training needs change
    • Reopen completed Quests without creating a new one
    • Preserve completed learner status while reassigning incomplete learners

    How to Access:
    Edit the schedule settings on an active or finished fixed-date Quest.

    Quest FAQs

    Comments

    0 comments

    Please sign in to leave a comment.