What we’ve shipped
The capabilities that move the platform forward, in plain language, as they land.
- June 2026New
Subdomain-takeover detection + second secrets engine
Dangling-CNAME subdomains (pointing at unclaimed S3, GitHub Pages, Heroku, Azure resources) are now flagged as possible takeovers. Secret detection adds a second engine (trufflehog) alongside gitleaks for additive coverage.
- June 2026New
Secret detection over crawled URLs
A gitleaks-class secret scanner fetches crawled URLs and hosts and surfaces exposed credentials (API keys, private keys, tokens) as redacted findings — with a built-in detector that works even without the external binary installed.
- June 2026New
Choke-point analysis & trends
Antrixis now ranks the assets the most attack paths route through — including lateral-pivot waypoints — so a single fix can break many paths. Choke-point concentration is tracked over time in your risk trend.
- June 2026New
Multi-step lateral attack paths
Path analysis now chains multiple hops across shared infrastructure (A → B → C) and can target high-criticality crown jewels even without a finding of their own — mapped to MITRE ATT&CK T1021.
- May 2026Improved
Threat-intel ranking with EPSS + CISA KEV
Exploit probability (EPSS) and known-exploited status (CISA KEV) now fold directly into attack-path likelihood, sharpening what gets ranked first.
- May 2026New
Executive & technical reporting
Generate board-ready executive summaries and detailed technical reports from the same live evidence, with business-impact framing and prioritized actions. Export to Markdown or JSON.
- April 2026New
Continuous monitoring & risk trends
Posture is snapshotted every scan, material drift is detected and alerted, and trends show whether risk is actually going down — powered by durable workflows.
- April 2026New
Exposure analysis
Internet-exposed sensitive services now become grounded findings and attack paths on their own — no CVE required.
- March 2026Improved
Crawl-to-detection coverage
Crawled URLs now feed vulnerability detection, extending coverage from hosts to the application endpoints attackers actually probe.
Want these in your workflow?
Start free and put the latest attack-path intelligence on your own surface.