April 2026
New Features
Section titled “New Features”Role-Based Access Control
Section titled “Role-Based Access Control”The platform has expanded role-based access control (RBAC) across every module. Every action — viewing a risk, editing a document, approving a threat proposal, inviting a team member — is gated by permissions that are grouped into roles and assigned per organization member.
The platform ships with seven built-in roles:
| Role | Access |
|---|---|
| Admin | Full platform access — all 17 permissions, including org settings and user management |
| Editor | All read + content write permissions across the full platform |
| Viewer | Read-only access across the full platform; can generate CyberGov and Board Deck reports |
| Risk Editor | Editor-level access scoped to risks and threats; no incidents visibility |
| Risk Viewer | Read-only access scoped to risks; no incidents visibility |
| Incident Editor | Editor-level access scoped to incidents and threats; no risks visibility |
| Incident Viewer | Read-only access scoped to incidents; no risks visibility |
The domain-scoped roles (Risk Editor, Risk Viewer, Incident Editor, Incident Viewer) are designed for organizations that separate risk and incident management across different teams.
Members can hold more than one role — permissions are additive, so a member receives the union of all their assigned roles.
Roles are managed from Settings → Team. One constraint applies: you cannot remove the Admin role from the last active Admin in your organization. To transfer admin access, assign Admin to another member first, then remove it from the original.
See Roles & Permissions for the complete permission matrix and role management guide.
GitHub Dependabot Integration
Section titled “GitHub Dependabot Integration”The platform now connects to GitHub Dependabot to import security vulnerability alerts as risks. Configure the integration in Settings → Integrations using a personal access token scoped to your GitHub organization. Alerts are created as risks with type Vulnerability and stay linked to their source alert for lifecycle tracking.
Improvements
Section titled “Improvements”AI Scoring Upgraded to GPT-5-mini
Section titled “AI Scoring Upgraded to GPT-5-mini”The AI scoring engine now runs on GPT-5-mini, improving both speed and scoring quality for risk and incident workflows.
Enriched Scoring Summary Notifications
Section titled “Enriched Scoring Summary Notifications”Scoring runs now produce a single consolidated summary instead of individual per-item notifications. Summaries include:
- A breakdown of high and critical records, with direct links to each
- Downgrade tracking — flagging risks whose AI score falls below their current urgency
- Email subjects that show the count at a glance (e.g. “Risks Scored: 2 Critical, 1 High”)
- Delivery to the user who requested the run, regardless of their subscription preferences
Wiz Scoring: Technologies, Exposures & Exploitability
Section titled “Wiz Scoring: Technologies, Exposures & Exploitability”Wiz risk scoring now factors in technologies, public exposures, and exploitability data from the source issue, giving the model additional signal to assess severity for cloud and infrastructure risks.
Organization Context in Scoring
Section titled “Organization Context in Scoring”Scoring prompts now include organization-level context, aligned with the GPT-5 prompting guide. This allows the model to tailor risk and incident scores to your organization’s environment.
GreyMatter: Deterministic SEV-5 from Closure Codes
Section titled “GreyMatter: Deterministic SEV-5 from Closure Codes”GreyMatter incidents closed with benign or informational closure codes are now automatically assigned SEV-5 without going through the AI scoring pipeline. This covers a broad set of benign close codes — authorized activity, legitimate tool behavior, anomalous-safe signals, and similar — reducing noise from non-actionable alerts.
GreyMatter: PENDING_CUSTOMER Incidents
Section titled “GreyMatter: PENDING_CUSTOMER Incidents”GreyMatter incidents in PENDING_CUSTOMER status are now imported into the platform, enabling full lifecycle tracking for incidents that are awaiting customer-side action.
Date & Time Precision on Registers
Section titled “Date & Time Precision on Registers”Created and Updated date columns on the risk and incident registers now display a precise YYYY-MM-DD HH:mm timestamp including the viewer’s local timezone on hover. This makes it easier to correlate events across distributed teams.
Standardized Search Behavior
Section titled “Standardized Search Behavior”Search across risk and incident registers and modal record pickers has been standardized. Searching by record ID (e.g. RSK-123) now surfaces ID matches at the top of results. The search experience is consistent whether you’re in a register or a linked-record picker inside a modal.