Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Release Notes

Invicti Application Security Platform

RSS Feed

11 Sep 2025

Copy Link
Enhancements include new Vulnerabilities widgets and Trend Matrix features, improved scan and report displays, custom User Agent options, FQDN utilization visibility, updated error messaging, and automatic DAST scans in GitHub Actions.

New feature

  • Added Vulnerabilities widgets to the Target Trend Matrix
  • The User Agent string is now displayed in Scan Configuration settings for each Target
  • Updated the scanner error message for status code 429 (Too Many Requests)
  • Added display of Mean Time to Remediate grouped by severity and indicated vulnerabilities exceeding MTTR
  • The Vulnerability drawer is now accessible in the Trend Matrix
  • Added the ability to export the Trend Matrix to CSV
  • Added filtering options for the Trend Matrix
  • Introduced the Trend Matrix for Applications
  • Improved the display of scan duration in reports
  • Added a custom User Agent option in Scan Configuration for Targets
  • FQDN utilization is now displayed in the side menu
  • Implemented automatic DAST scans in the GitHub Actions CI/CD pipeline

Improvements

  • Scan Profiles are now required for CI/CD integrations

Resolved issues

  • Resolved an issue that prevented manually entered sensor secrets from being saved
  • Enhanced scan summaries to provide clearer explanations for aborted scans
  • Resolved multiple issues related to HTTP/2 and LSR processing
  • Resolved handling of aborted scans in the CLI
  • Resolved an issue with restricted HTTP methods to ensure scan script requests are properly blocked
  • Resolved an issue with Jira bi-directional sync to ensure status updates are accurately reflected
  • Resolved an issue where scan progress displayed 100% without matching the actual scanner status

28 Aug 2025

Copy Link
New updates include enhanced AI-Aided Login features, improved DeepScan and DAST functionality, redesigned Agents Page, added Technologies tab, API vulnerability filtering, session token tracking in LSR recorder, Trend Matrix for DAST targets, and SCIM 2.0 user provisioning for Teams

New features

  • Scanning stops automatically when a 429 status is received without a retry-after header
  • Implemented Trend Matrix for DAST Targets
  • AI-Aided Login automatically regenerates invalid reused LSR files
  • Added support for tracking session tokens in URL Parameters for LSR recorder
  • DeepScan now scans all path fragments discovered in locations for potential vulnerabilities
  • Added a filter on the Vulnerabilities page to show vulnerabilities found on APIs
  • Added support in AI-Aided Login for saving AI-generated LSR files
  • Improved Agents Page with an updated design for better navigation and readability
  • Added the Technologies tab to the Application dashboard
  • Added user provisioning with SCIM 2.0 for Teams

14 Aug 2025

Copy Link
Discover new features in Invicti Application Security Platform including scan comparisons, new reports in Application dashboards, vulnerability assignments.

New features

  • Added the ability to restrict HTTP methods for a DAST scans on a Target
  • Added “Export to file” bulk action in Projects
  • Added “Sync vulnerabilities” bulk action in Projects
  • Added “Last updated” per SAST source in Projects
  • Added “Export to file” action in Projects
  • Added “Sync vulnerabilities” action in Projects
  • Added handling of custom namespaces in specifications for WSDL imports
  • Added NTA Standalone mode
  • Added details about an API operation to API catalog
  • Added “Scan comparison” feature to Past scans tab
  • Added a scan message when AI-aided login is used
  • Implemented automation to push vulnerabilities into issue trackers every time they are found, creating new or updating existing work items if needed
  • Added vulnerability assignment to a specific user
  • Implemented standard and compliance reports for Application consolidating all SAST asset vulnerabilities for a comprehensive application security overview
  • Added “Most vulnerable technologies” list to the Application dashboard
  • Added filtering by application, asset, and environment to the Vulnerabilities page
  • Added information on the status and version of the installed NTA to the API sources section in Discovery Configuration

30 Jul 2025

Copy Link
Discover new features in Invicti Application Security Platform including enhanced DAST scanner with AI support and LLM vulnerability detection.

New features

  • Enhanced DAST scanner with improved performance and vulnerability detection capabilities
  • Fully redesigned user interface and experience
  • New Applications feature allows to group related targets under logical application structures
  • AI-powered web form auto-completion for DAST scans (Read more)
  • AI-powered authentication handling for DAST scans
  • Dynamic targets for integration into CI/CD pipelines (Read more)
  • Detection of IDOR (Insecure Direct Object Reference) and BOLA (Broken Object Level Authorization) vulnerabilities in APIs
  • Improved API analysis through stateful scanning capabilities
  • Concurrent scan support for internal scanning agents
  • Docker-based internal scanning agents
  • Simplified Packages
  • LLM vulnerability detection including:
    • LLM Command Injection
    • LLM-enabled Server-side Request Forgery (SSRF)
    • LLM Insecure Output Handling
    • Tool Usage Exposure
    • Prompt Injection
    • System Prompt Leakage
    • LLM Fingerprinting (Read more)