Implemented

✨ AI SAST: Advanced plan clients, this one's for you: Our biggest detection upgrade in a while. The new AI-powered scanner is already finding critical vulnerabilities across your code, such as SQL injections and XSS. Multi-file analysis, all supported languages, 90% precision. It's already in your reports, look for the AI SAST technique. More details here.

🔍 Scanner in the MCP: Our MCP already let you query vulnerability info and our Knowledge Base from tools like VS Code, Cursor, and Claude. Now it also runs our SAST and SCA scanners locally. Devs can ask the MCP to scan and fix their code before committing—catching vulnerabilities instantly without switching tools. Prevent issues before they hit your repo and stay in your flow.

📦 Dependency risk mitigation info in our Database: Vulnerabilities found by our SCA now display patch impact details, letting you know when updates might introduce new issues or breaking changes.

🌳 Dependency paths visualization: Sometimes we report vulnerabilities in packages you didn't install directly. The reason is these security issues are inherited automatically by packages you did install. Now we show you the full chain from your direct dependency down to the vulnerable one. Go to the Packages section and try it.

🗑️ All roles can delete files in Design Map: Users, Group Managers, and Vulnerability Managers can now delete threat model files.

🗃️ Filters for Environments and Files: These sections in Scope now have filters for faster search. Additionally, today you can hide and reorder columns of the Environments table.

Upcoming deprecations

🐳 Docker image scanning: We're retiring Docker image scanning from our solution. In practice, it generated high alert volumes with limited remediation options. As you may know, mitigating risk posed by third-party images usually requires replacing the entire image.

Key info:

• Final deprecation date: March 31
• No action required.

☁️ CSPM (AWS, Azure, GCP): We're deprecating the CSPM technique. Many CSPM findings overlap with misconfigurations detected through IaC analysis, leading to duplicated alerts and noise. This simplifies results so teams can focus on what matters.

Key info:

• Final deprecation date: March 31
• No action required.

Additional information

📜 Privacy policy update: We've expanded our privacy policy. Check it out and reach out to help@fluidattacks.com if you have questions.

⚠️Fluid Attacks call notice⚠️

Our sales team may be calling your team members to offer them onboarding and adoption of new features on our platform. This is a reliable procedure in which we will never seek to discuss your software's vulnerabilities. However, if you have any questions, please contact us at help@fluidattacks.com.

✨Have 10-15 minutes to spare?✨

Share your opinions on our AppSec solution on Gartner Peer Insights and earn a $25 gift card! Your feedback helps others make informed decisions and shapes the future of application security. Just follow this link! Remember your review can also be in Spanish.