Changelog

What we’ve shipped

The capabilities that move the platform forward, in plain language, as they land.

  1. June 2026New

    Subdomain-takeover detection + second secrets engine

    Dangling-CNAME subdomains (pointing at unclaimed S3, GitHub Pages, Heroku, Azure resources) are now flagged as possible takeovers. Secret detection adds a second engine (trufflehog) alongside gitleaks for additive coverage.

  2. June 2026New

    Secret detection over crawled URLs

    A gitleaks-class secret scanner fetches crawled URLs and hosts and surfaces exposed credentials (API keys, private keys, tokens) as redacted findings — with a built-in detector that works even without the external binary installed.

  3. June 2026New

    Choke-point analysis & trends

    Antrixis now ranks the assets the most attack paths route through — including lateral-pivot waypoints — so a single fix can break many paths. Choke-point concentration is tracked over time in your risk trend.

  4. June 2026New

    Multi-step lateral attack paths

    Path analysis now chains multiple hops across shared infrastructure (A → B → C) and can target high-criticality crown jewels even without a finding of their own — mapped to MITRE ATT&CK T1021.

  5. May 2026Improved

    Threat-intel ranking with EPSS + CISA KEV

    Exploit probability (EPSS) and known-exploited status (CISA KEV) now fold directly into attack-path likelihood, sharpening what gets ranked first.

  6. May 2026New

    Executive & technical reporting

    Generate board-ready executive summaries and detailed technical reports from the same live evidence, with business-impact framing and prioritized actions. Export to Markdown or JSON.

  7. April 2026New

    Continuous monitoring & risk trends

    Posture is snapshotted every scan, material drift is detected and alerted, and trends show whether risk is actually going down — powered by durable workflows.

  8. April 2026New

    Exposure analysis

    Internet-exposed sensitive services now become grounded findings and attack paths on their own — no CVE required.

  9. March 2026Improved

    Crawl-to-detection coverage

    Crawled URLs now feed vulnerability detection, extending coverage from hosts to the application endpoints attackers actually probe.

Want these in your workflow?

Start free and put the latest attack-path intelligence on your own surface.