June 3rd, 2026
This first major release marks a fundamental turning point for the platform. It consolidates everything built since v0.3 and introduces the capabilities that define CybeDefend for the years ahead: securing the AI coding agent era.
The SAST and IaC rule catalog takes a significant leap forward with over 700 new rules covering the main cloud providers, orchestrators, and application languages.
Cloud and infrastructure rules: Azure, GCP, AWS, Kubernetes, Terraform, Dockerfile.
Application languages: Android, Python, JavaScript / TypeScript, Java, Go.
New dedicated Rust ruleset β the first of its kind in CybeDefend: SQLi on sqlx, diesel, rusqlite, and tokio-postgres; XSS; CORS; SSRF.
See the real path of untrusted data, from the entry point all the way to the vulnerability. No more guessing from a snippet around the faulty line.
Full flow trace: source, propagation, sink.
Instantly understand why a finding matters, not just where it is.
Reduces triage time by giving developers the context they need to fix the right place.
VibeDefend distributes CybeDefend's business security rules directly to AI coding agents (Claude Code, Cursor, VS Code Copilot, Windsurf, Codex), injecting them into their plan and context before every code write.
Automatic business rule extraction: a mining engine analyses the existing codebase to build the initial ruleset without any manual authoring.
Real-time consultation: on every edit, the agent consults the rules that apply to the project β forbidden patterns (no eval, no child_process.exec, no plain SQL), pre-approved dependencies only, and a "no plaintext secrets" rule.
allow / deny / warn status: before every write operation, Cursor or Claude Code receives a verdict on the action it is currently performing.
End-of-session gap analysis: missing rules are surfaced to the user for validation.
Autopilot mode: learns from each Claude Code session over time, proposing new rules as usage patterns emerge.
One-command install on Linux, macOS, and Windows.
The Risk Score system now integrates new key criteria to accurately reflect the reality of each project.
Enriched criteria: identified findings, reachability, business sensitivity, and exposure level.
Cybe Chat can now execute actions directly in CybeDefend by interacting with the API, in addition to answering security questions.
Available actions: update a vulnerability status, analyze a finding, advise on next steps to take, summarize a project's security statistics.
Directly connected to the CybeDefend documentation to answer any question about the platform.
Retains full awareness of the codebase and open vulnerabilities for contextual, actionable responses.
A brand-new scanner family that builds a complete AI Bill of Materials for your codebase and measures it against the EU AI Act. Know exactly which models, datasets, and AI frameworks ship inside your software and what your regulatory obligations are.
Full AI component inventory (CycloneDX 1.6 ML-BOM): every machine-learning model, training dataset, AI library, framework, and runtime is detected and catalogued, with version, origin (PURL), licenses, hashes, and the exact location where each one is used.
EU AI Act risk classification (Regulation (EU) 2024/1689): every component is mapped to its risk tier, prohibited, high, limited, or minimal and GPAI models and systemic-risk components are flagged on sight.
Obligation & legal-article mapping: each component is tied to the concrete obligations it triggers β technical documentation, copyright policy, transparency, model evaluation with direct references to the relevant AI Act articles and Annex IV.
Audit-ready EU AI Act report: a one-click PDF structured on the AI Act's Annex IV technical-documentation requirements, executive risk summary, component inventory, training datasets, GPAI & systemic-risk breakdown, applicable obligations, and full legal references.
Dashboard load time significantly reduced.
Improved response time on the organization overview, grouped and detailed vulnerability list, and project branch list endpoints.
Fixed a scan crash occurring on certain large projects.
Improved file ingestion reliability during scan uploads.
Fixed a false positive rate issue in secret detection.
Improved SAST scan speed.
Fixed PDF and HTML report generation for large-scale outputs.
Improved real-time UI responsiveness: new vulnerabilities, scan status updates, and project additions now reflect instantly without requiring a page refresh.