Quests
Quests continue to evolve to offer more advanced configuration options and administrative controls.
- Learning Depth: Admins can now set the learning depth for each Quest so training matches the time and coverage they want to provide. The three depth options include Fundamentals for a quick introduction, Compact for focused essentials, and Comprehensive for holistic coverage.
-
Language Controls: Admins and team managers can now control which programming languages learners can use in a Quest, keeping training aligned to relevant programming languages.
- Clone a Quest: Clone an existing Quest into a new draft. The cloned Quest carries over the original configuration, including objectives, content, settings, and selected languages, while clearing fixed dates so a new schedule can be set.
- Security Champion Quest Objective: This objective helps admins configure a dedicated learning path that serves more advanced topics for champion-level learners.
- Flexible Schedule Management: Admins can edit end dates for active Quests and reopen finished Quests by updating the end date, making the Quest active again.
- Reordering Quests in a Program: Admins and team managers can now drag and drop Quests into a custom order when creating or editing a program. Previously, when multiple Quests shared the same start date, end date, and mandatory status, their sequence was determined automatically with no way to control it.
-
Skill Levels for Quest Learners: Learners now see their skill level directly in My Quests, including their current level, progress toward the next level, and additional information about how skill levels are calculated. Available levels include Recruit, Apprentice, Warrior, Sentinel, and Champion.
Trust Agent & Administration
Trust Agent, as well as a number of admin reports and features have been updated in order to simplify user experience and grant easier access to the insights admins need most.
- Trust Agent Navigation: Trust Agent is now a top-level item in the platform navigation, giving it a dedicated home in the main menu rather than sitting inside the Reporting section.
- Trust Agent: AI: Trust Agent: AI now includes generally available features for AI tool visibility and policy management. Customers can view which artificial intelligence tools developers are using, filter dashboards by specific tools, and define approved or unapproved large language models for their organization.
-
Trust Agent: AI - Local Agent for MacOS: The Trust Agent: AI Local Agent is now available for macOS. This extends AI usage visibility beyond VS Code to the tools developers use every day — including Claude Code, Codex CLI and their desktop variants — giving security teams a cross-tool view of AI activity across their developer fleet.
- Adaptive Learning with Trust Agent: AI: Adaptive Learning now uses Trust Agent AI signals to assign training based on real developer behavior. When enabled, the platform detects qualifying AI usage and automatically assigns relevant training so developers receive learning at the right time.
- Adaptive Learning with Vulnerabilities: Adaptive Learning with Vulnerabilities is now live, turning vulnerability scan data into targeted training assigned automatically to the developers responsible for the affected code. Admins set up a policy once — choosing org-level or repo-level assignment and defining repo scope — and the platform handles matching vulnerabilities to repos and repos to contributors in the background, refreshing every 90 days.
- Embedded Vulnerability Report with Quest Creation: A new Vulnerability Report is now available under Trust Agent for organizations that import vulnerability data from supported scanning tools. The report gives company admins a consolidated view of imported vulnerability data, including time to remediate, top issues, repository breakdowns, and trend data over time. Admins can also create a draft Quest directly from the most common vulnerability topics surfaced in the report.
- Self-Serve Single Sign-On Setup: Company admins can now configure single sign-on through a guided self-service workflow, including multiple security groups.
- Admin Impersonation Improvements: Admin impersonation now includes a dedicated Impersonate button next to each user. Selecting it opens a separate tab and signs the administrator in directly as that user.
Content
Our content library continues to evolve alongside the latest security research and global standards, with a heavy emphasis on AI security.
- 268 New AI Challenges across 21 Languages: New challenges appear automatically in Quests, Learn, and Explore where applicable. Filter by language in Explore to browse the full catalogue.
- New Topics for OWASP Web A10: 9 of our web languages have been updated with new topics to reflect the new A10 - Mishandling of Exceptional Conditions category in the new OWASP 2025 Web Top 10. These new topics are available in Quests and Learn, and Explore.
- Golang Memory Vulnerability Topics: We have added 2 new memory vulnerability topics to GO Basic, covering vulnerabilities possible in Golang that are not typically possible in most web languages.
- Typescript MCP Content: Hands-on MCP vulnerability training now supports Typescript MCP in Quests, Learn, and Explore. The MCP curriculum has also been aligned to the public OWASP MCP Top 10 draft, including updated naming and additional topics.
-
New Language/Framework Coverage:
- Web Language - Delphi
- Desktop Language - C# (.NET)
- PL/I Mainframe
-
Accurate Time Estimates for Videos/Guidelines: Videos/Guidelines now display time estimates based on actual video length and word count. These changes are reflected in the insight panels and learner views.
Comments
0 comments
Please sign in to leave a comment.