May 9th, 2026
This minor release marks the most significant turning point since the platform launched. It introduces a new pricing model built for the agent era, the global rollout of the Cybe MCP Server, a complete overhaul of the vulnerability priority engine with EPSS and CVSS 4.0 support, and lays the groundwork for v1.0.0 with the preview release of VibeSec.
CybeDefend moves to a new set of plans aligned with the reality of teams shipping with AI coding agents.
Four plans are now available:
Developer ($19/month billed annually): 3 repositories, 1 seat, 100 AI credits/month. Includes IDE plugins, MCP server, and GitHub & GitLab integrations. Built for solo developers shipping with an agent.
Team ($164/month billed annually): 10 repositories (up to 20, +$10/mo each), 5 seats (up to 10, +$20/mo each), 1,500 AI credits/month. Adds container scanning, supply-chain checks, CI/CD integrations, REST API, and task management (Jira, Linear).
Scale ($641/month billed annually): 25 repositories (up to 50), 15 seats (up to 25), 5,000 AI credits/month. Includes early access to BLSA (business-logic security analysis), the advanced business-context engine, a 99.5% uptime SLA, dedicated Slack support, and an onboarding workshop.
Enterprise (custom): unlimited repositories and seats, private VPC or on-premise deployment, SSO / SAML / SCIM, advanced audit logs, 24/7 priority support, and a dedicated account manager.
Static scans (SAST, SCA, IaC, Secrets) remain unlimited and free on every plan. Every account starts with 50 AI credits, no credit card required, no time limit.
The CybeDefend MCP Server is now available across two independent regions, with no local installation required:
EU: https://mcp-eu.cybedefend.com/mcp
US: https://mcp-us.cybedefend.com/mcp
Integration takes a single command in Claude Code, Cursor, Windsurf, VS Code, or any MCP-compatible agent. Full documentation is available at docs.cybedefend.com.
The vulnerability scoring system has been completely rethought to move beyond the limitations of static CVSS 3.1.
Dynamic CVSS 4.0: the frozen CVSS 3.1 score is replaced by a dynamically computed CVSS 4.0 score combining the base score and the environmental score per detection, accurately reflecting the real context of each project.
EPSS support: the Exploit Prediction Scoring System is now integrated as a priority signal, weighting the likelihood of active exploitation for each vulnerability.
Top 5 Focus: beyond dynamic sorting, an AI agent analyses all findings across every scanner and recommends the 5 vulnerabilities to address urgently. This focus strengthens CybeDefend's agentic ASPM capabilities by directing attention where the impact is highest.
Natural language scoring: technical CVSS strings (e.g. AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) are now translated into plain-language explanations, available in both English and French.
It is now possible to define a dedicated security context for each project. This context enriches agent-driven analysis and allows priority and detection rules to be tuned against the specific business and infrastructure characteristics of each repository.
Every vulnerability now carries an explicit exploitability field with three states: not_exploitable, theoretical, and proven. This field complements the existing Exploitable Path and enables more precise triage workflows, particularly for security policy enforcement and compliance exports.
This release lays the foundation for VibeSec, the flagship feature of v1.0.0. VibeSec analyses the Security Code Knowledge Graph of a project to automatically detect the business rules already enforced in the codebase: multi-tenant isolation, payment ceilings, separation of duties, idempotency, and more. These rules are then injected into the context of AI coding agents (Claude Code, Cursor, Windsurf, and others) to ensure that generated code respects them from the very first suggestion, before the PR even exists. The MCP Server reinforcement included in this release directly prepares the infrastructure required for VibeSec.
v1.0.0 will also introduce a full redesign of the Cybe Security Champion. It will be able to answer any security question while connected to the CybeDefend documentation, and to take actions directly on the platform: update a vulnerability status, summarize a project's security posture, and advise on the next steps to take. The foundations of this redesign are integrated into v0.10.0.
April 23rd, 2026
Cette patch release apporte une refonte majeure du moteur de détection de secrets, une accélération spectaculaire du parsing IA, et plusieurs améliorations ciblées sur l'expérience utilisateur et l'onboarding.
I. Secrets Detection — 150 New Rules & Commit History Scanning The secrets scanner has been significantly expanded with 150 additional detection rules, broadening coverage across cloud providers, SaaS APIs, private keys, and internal token formats. Detection now extends beyond the current state of the codebase to include the full commit history, surfacing credentials that were introduced and later removed but remain exploitable.
II. AI Parsing — 3x Faster Initial Parse, 95% Faster Incremental Updates A complete overhaul of the AI project parsing pipeline delivers dramatic performance gains. Initial project parse time is reduced by a factor of 3. Subsequent incremental parses, which occur after the baseline is established, are now up to 95% faster thanks to a new caching layer that reuses prior parsing results and only processes diffs. At scale, this transforms the responsiveness of the platform for large, frequently updated codebases.
III. User Role Clarity on Member Invite The member invitation flow now includes clearer explanations of what each user role entails. Permissions and access levels are displayed inline when selecting a role, reducing confusion and mis-assignments during onboarding.
IV. Invited User Onboarding Improvements Several improvements have been made to the onboarding experience for users joining an existing organization via invitation, covering clarity of the activation flow, contextual guidance, and edge case handling.
April 14th, 2026
This patch release builds on the foundations of V0.9 with two major third-party integrations, a new code visualization capability, key UX improvements, and several targeted bug fixes. It also includes frontend groundwork preparing the upcoming V0.10, which will introduce full agentic ASPM capabilities.
I. Slack Integration CybeDefend can now connect directly to your Slack workspace. Receive real-time notifications on scan completions, new critical findings, and security posture changes — keeping your team informed without leaving their primary communication tool.
II. Jira Integration Bridge the gap between security and engineering. CybeDefend now integrates natively with Jira, allowing you to create and track tickets for vulnerabilities directly from your findings, ensuring security issues flow seamlessly into your existing development workflows.
III. Code Graph Visualization You can now visualize your project's code graph directly from the CybeDefend interface. This dependency and call graph view provides a deeper understanding of your codebase structure and helps contextualize how vulnerabilities propagate through your application.
IV. Cancel Scan Button A new cancel action is now available for scans in a waiting for file or queued state, giving teams more control over their scan pipeline and reducing unnecessary queue blocking.
V. Improved Project List View The project list has been redesigned to be more consistent and user-friendly, improving navigation and readability across organizations with a large number of projects.
VI. Frontend Improvements — Preparing V0.10 (Agentic ASPM) Significant frontend improvements have been made to the Cybe integration layer in preparation for the upcoming V0.10 major release, which will bring full agentic AI-powered ASPM capabilities to the platform.
VII. Yarn Dependency Scan Fix Resolved an issue that caused dependency scanning to fail or produce incorrect results on projects using Yarn as their package manager.
VIII. Exploitable Path — Import Comment Handling Fixed a bug in the Exploitable Path engine where import paths containing inline comments were not correctly resolved, leading to inaccurate reachability analysis.
IX. Large Codebase Parsing Fix Resolved a crash occurring during the parsing of very large codebases exceeding 200,000 lines of code, ensuring stable and complete analysis at scale.
March 19th, 2026
Version 0.9 marks a major milestone in the evolution of CybeDefend, transforming the platform into an omnipresent development companion. This release introduces our new official IDE extensions, a revolutionary way to manage SCA vulnerability relevance via Exploitable Path, and a complete overhaul of our Command Line Interface (CLI) for enterprise-grade DevSecOps integration.
Security is moving out of the dashboard and directly into your workspace. CybeDefend extensions bring the power of scanning and AI to VS Code and the JetBrains suite (IntelliJ, WebStorm, PyCharm, etc.).
Multimodal Scanning: Run SAST, SCA, IaC, Secrets, and CI/CD audits in a single click.
Native Visualization: Severity gutter icons, diagnostic underlines, and a dedicated results panel.
CybeAgent (AI-Powered Fix): Don’t just detect—repair. The AI agent analyzes context (CWE, data flow) and proposes a precise patch you can apply instantly.
Integrated DeepFix: Automatically update vulnerable dependencies across 10 ecosystems without leaving your editor.
Cut through the noise. Exploitable Path determines if an SCA vulnerability is actually exploitable by analyzing whether your code effectively calls the vulnerable function or package.
Reachability Detection: Identifies if a dependency is Used, Unused, or Potentially Used.
Priority Adjustment: Automatically boosts the severity of used packages and lowers unused ones to "Very Low."
Auto-Ignore: Automatically hide vulnerabilities that cannot be exploited because the code is never called.
Import Tracking: See exactly which line and file a high-risk dependency is imported in.
A total redesign of our command-line tool to meet the strictest security requirements.
OAuth & PAT: Moving away from static API keys in favor of Personal Access Tokens (PAT) and OAuth (PKCE) flows with secure storage (chmod 0600).
Persistent Login: No need to pass credentials with every command thanks to seamless token management.
Enterprise Support: SSO & SAML authentication integration for smooth organization-wide deployment.
Advanced Reporting: Generate multi-format reports (JSON, HTML, PDF, Markdown) and automatically aggregate all scan types.
To simplify resource management, we are unifying Security Champion, Autofix, and Analysis quotas into a single metric: the Cybe Quota.
Developer Plan: The quota has been increased to 100 Cybes (a 25 Cybe boost).
Granular Control: You can now manage and assign quota limits per user or for Cybe analysis directly from the new "Usage & Entitlements" page.
The SCA scanner now identifies legal risks related to your dependency licenses (Copyleft, non-compliant licenses, etc.) in addition to traditional security flaws.
We are expanding our Cloud coverage with native support for Scaleway container registries, enabling seamless vulnerability scanning for your Docker images.
SARIF Stability: Improved integrity of SARIF exports for better compatibility with GitHub Advanced Security.
SCA Performance: Optimized analysis of complex dependency graphs for large Maven and NPM projects.
February 7th, 2026
This release introduces Policy Management, a foundational security governance layer for CybeDefend. Version 0.8.0 enables organizations to define security requirements as code, automatically evaluate scans against those policies, and track compliance over time at both organization and project levels.
In parallel, we delivered major stability improvements across all scanners, more realistic scan progress tracking, and significant UX enhancements for vulnerability management.
CybeDefend now provides a full Policy as Code engine to enforce security standards consistently across organizations, teams, and projects.
Key capabilities include:
Hierarchical policies with strict precedence:
Organization → Team → Project
Higher-level policies cannot be weakened by lower levels.
YAML-based policy definitions with full version control support.
Async policy evaluation using a dedicated worker to avoid blocking scan workflows.
Support for simple and composite rules:
Severity, CVSS, CWE, OWASP, scanner type, branch, vulnerability age, and more.
AND / OR logic for advanced conditions.
Flexible exclusions with glob patterns, justification, and optional expiration dates.
Violation tracking and audit trail for compliance and reporting.
CI/CD enforcement with deterministic exit codes for warn vs block actions.
Policies are evaluated automatically after scans, ignoring vulnerabilities that are already resolved, ignored, or marked as not exploitable, ensuring focus on real, active risk.
This feature enables security teams to move from passive detection to enforced security governance.
To make policy enforcement visible and actionable, CybeDefend now includes Compliance Overview dashboards:
Organization-level compliance view
Global security posture across all projects.
Policy violations summary and trends.
Project-level compliance view
Effective merged policy visualization.
Historical compliance tracking per scan.
Clear identification of blocking vs warning violations.
This provides a continuous, auditable view of security compliance over time.
You can now update multiple vulnerabilities at once directly from the Detailed view:
Select vulnerabilities using checkboxes.
Apply status changes (ignore, accept risk, etc.) in bulk.
Greatly improves triage efficiency on large scans.
Scan progress estimation has been reworked to better reflect real execution stages:
Reduced misleading “stuck at X%” behavior.
Progress now correlates more closely with actual scan phases.
Improved user confidence during long or complex scans.
Significant work has been done to harden the scanning pipeline:
Improved stability for GitHub and GitLab scans.
Global reduction of scan crashes across all scanners.
Better error handling and recovery for edge cases.
These changes reduce unexpected failures and improve overall scan reliability, especially on large repositories.
Fixed an issue affecting public container image scans that could cause incorrect failures.
To prepare the upcoming authentication system overhaul:
API keys are now officially deprecated.
They will be fully replaced by Personal Access Tokens (PAT) in v0.9.0.
Upcoming authentication flow:
A PAT will be exchanged for an OAuth access_token using a token exchange endpoint (grant_type=token-exchange).
All API calls will then use:
Authorization: Bearer <access_token> This change is required to support fine-grained scopes, better rotation, and improved security guarantees.
We strongly recommend starting to plan this migration ahead of v0.9.0.
January 12th, 2026
This release introduces a major evolution of the CybeDefend user experience and remediation capabilities. Version 0.7.0 delivers a fully redesigned web dashboard, a next-generation Autofix engine with bulk remediation via pull requests, and a breakthrough approach to fixing SCA vulnerabilities, even deep within transitive dependencies. We also significantly expanded our IaC detection coverage and improved result readability with advanced vulnerability grouping.
The CybeDefend web dashboard has undergone a complete overhaul to provide a more modern, intuitive, and efficient user experience.
Cleaner and more structured layouts for faster navigation.
Improved readability of scan results and security insights.
Optimized workflows for triage, remediation, and reporting.
Designed to scale better with large projects and high vulnerability volumes.
This redesign significantly reduces cognitive load for both developers and security teams.
We introduced a brand-new Autofix engine, designed to be faster, smarter, and more scalable.
Select multiple vulnerabilities across files and categories.
Generate a single grouped Autofix Pull Request.
Consistent, secure, and idiomatic fixes aligned with your codebase and framework.
Improved fix accuracy thanks to deeper contextual analysis.
This enables teams to remediate large sets of vulnerabilities in minutes instead of hours.
CybeDefend now supports Autofix for Software Composition Analysis (SCA), powered by DeepFix, a new proprietary resolution engine.
DeepFix is capable of fixing vulnerabilities even when they originate from transitive dependencies:
Analyzes complex dependency graphs with multiple transitive import paths.
Identifies valid remediation paths among competing dependency trees.
Recommends safe upgrades of parent dependencies to eliminate vulnerable child libraries.
Avoids breaking changes whenever possible by selecting the most compatible fix path.
This brings true, actionable remediation to SCA, where traditional tools often stop at detection.
To improve result readability and prioritization, vulnerabilities can now be visualized in a grouped mode.
Vulnerabilities of the same type are merged into a single logical occurrence.
Grouping applies even when findings span multiple files or locations.
Quickly assess impact without being overwhelmed by repetitive detections.
Ideal for large repositories and refactoring-oriented workflows.
You can still drill down into each individual occurrence when needed.
We have added more than 1,000 new Infrastructure as Code detection rules, significantly expanding coverage across cloud providers and configuration patterns.
December 31st, 2025
The new branching system has significantly changed the scan logic, so we recommend rerunning a scan on your projects.
This major update marks a turning point for CybeDefend’s integration capabilities. Version 0.6.0 introduces full support for private container registries, a sophisticated multi-branch management system to track security across your entire development lifecycle, and deep integration with GitHub Issues for automated remediation workflows. We have also overhauled our core AI models and agentic parsing engine for unprecedented speed and precision.
CybeDefend now seamlessly integrates with the industry’s leading container registries. You can now scan private images for vulnerabilities across:
Public Cloud: Amazon ECR, Azure Container Registry, Google Container Registry.
Standard Platforms: Docker Hub, GitHub Container Registry, GitLab Registry.
Enterprise Solutions: Quay, Harbor, and JFrog Artifactory.
You are no longer limited to scanning your main branch. CybeDefend now supports a full Branching System, allowing you to track the security posture of every feature or release branch independently.
Auto-Sync: For GitHub and GitLab linked projects, branches are automatically detected.
Manual Flexibility: For unlinked projects, simply specify the branch name via the CLI or CI/CD configuration.
Native IDE Support: The CybeDefend VS Code extension now automatically detects your current local branch to run targeted scans.
Streamline your remediation process by syncing CybeDefend findings directly with GitHub Issues. To fit your team's workflow, we offer three synchronization modes:
One issue per vulnerability type: Consolidates similar findings (e.g., all SQL Injections) into a single ticket.
One issue per vulnerability detection: Creates a unique ticket for every single occurrence.
One issue per affected file: Organizes work by file, perfect for developers refactoring specific modules.
To provide better clarity and risk assessment, we have decoupled scan results. CI/CD Security & Secrets are now separated from SAST and IaC findings. This dedicated view allows security teams to prioritize hardcoded credentials and pipeline misconfigurations without them being drowned out by code-level vulnerabilities.
The Cybe Agent's intelligent code parsing engine has received a significant performance boost. The underlying logic has been optimized to handle large codebases much faster, reducing the "time-to-insight" during the next discovery phase of a scan.
We have upgraded the LLM architecture powering Cybe Analysis and the Cybe Security Champion.
Higher Precision: Better context window management leads to even fewer false positives.
Actionable Advice: The Security Champion now provides more idiomatic and secure code fix suggestions tailored to your specific framework and coding style.
CLI & GitHub Actions: Updated to support the new --branch flag.
GitLab CI: Example templates updated to include multi-branch detection logic.
VS Code Extension: Seamlessly switches context based on your active Git branch.
December 1st, 2025
⚙️ Stability, Precision, Reporting, and IaC Intelligence Release
This version enhances the accuracy of all analysis engines, improves overall platform robustness, and introduces new configuration capabilities for more consistent and predictable scans. It also brings powerful new reporting features across organizations, teams, and multi project scopes, along with a comprehensive organization level overview delivering deep, consolidated security insights.
Advanced reports can now be generated not only from a single project, but also from:
An entire organization.
A custom selection of teams.
A selection of multiple projects.
The available formats remain the same: JSON, HTML, PDF.
The reports include:
CWE Top 25 Report.
OWASP Top 10 Report.
This evolution finally enables cross scope reporting for internal audits, compliance needs, board level reporting, and partner communication.
A new Overview page has been added at the organization level, providing a comprehensive dashboard with a large set of consolidated statistics.
Examples of available metrics:
Total number of projects and teams.
Open and resolved issues.
New findings over the last 7 days.
Severity distribution.
State distribution.
Vulnerabilities over time.
Analysis type distribution (SAST, SCA, IaC, Container).
Consolidated risk scoring with high, medium, and low risk breakdown.
Weekly activity.
Top most vulnerable projects.
Team summaries with their associated projects.
This new Overview provides a strategic vision of the organization’s application security posture and gives an immediate understanding of the global software risk level.
Cybe Analysis now supports intelligent false positive reduction for Infrastructure as Code, with advanced IaC rule correlation to filter out non exploitable patterns.
Semantic analysis has also been improved for Terraform, Kubernetes manifests, and CloudFormation.
A new .cybedefend configuration file can be added at the root of your repository to precisely control analysis behavior.
Exclusion rules targeting files, directories, and patterns.
Unified configuration for SAST, SCA, IaC, and Container Analysis.
The agentic parsing subsystem and the supervision layer have been reinforced.
Reduced risks of agent desynchronization.
Improved stability for large scale analyses.
Major optimizations enhance platform responsiveness and interface consistency.
Reduced loading time for the issues list through optimized API queries.
Smoother navigation across vulnerability segments.
Several issues that could cause unexpected scan termination have been resolved.
A fix has been applied for a bug affecting organization switching.
Proper context isolation when switching between organizations.
Consistent workspace rehydration and correct resource scoping.
November 14th, 2025
⚡ Enhanced Reporting & Performance Release
This version focuses on deepening analytical capabilities, improving speed, and refining the user experience across CybeDefend’s AI-driven AppSec ecosystem.
CybeDefend now allows you to generate comprehensive compliance-ready reports (JSON, HML, PDF) directly from your project results:
CWE Top 25 Report – identifies the most critical weaknesses across your codebase.
OWASP Top 10 Report – maps your vulnerabilities to the industry’s most recognized security risks.
SBOM (Software Bill of Materials) – provides a complete inventory of dependencies for enhanced transparency and supply chain security.
Enhanced stability and accuracy in vulnerability detection and triage.
Optimized processing for large-scale scans to ensure consistent performance across multiple languages and repositories.
User Interface Redesign for better readability, navigation, and conversational context.
Smoother interaction flow for developers using CybeDefend’s AI-powered assistant.
Faster SAST scan execution and result retrieval, reducing waiting times and improving developer feedback loops.
September 26th, 2025
🚀 Major AI Agents Release
This version introduces Cybe AI Agents, a new suite of intelligent assistants designed to drastically improve security triage, remediation, and developer enablement.
Cybe Analysis
Automated False Positive Reduction for SAST findings.
Intelligent Vulnerability Triage: vulnerabilities are automatically classified, their status updated, and severity prioritized.
Cybe Autofix
Automatic Vulnerability Remediation for SAST findings.
GitHub & GitLab Pull/Merge Request Integration: automatically generates and submits secure fixes as PRs/MRs directly to your repositories.
Cybe Security Champion
AI-powered assistant chatbot inspired by the OWASP "Security Champion" role.
Full Codebase Awareness: parses your entire codebase to provide context-aware answers.
Vulnerability Context Integration: all responses consider the project’s open vulnerabilities, ensuring accurate, coherent, and actionable guidance for your dev team.
New SCM Support: GitLab SaaS is now fully integrated into CybeDefend.
Supported Features:
Project scanning via GitLab repositories.
Cybe Autofix support with automated Merge Requests on GitLab.
🌍 New Sovereign European Platform
Access at: https://eu.cybedefend.com/login
Hosted on OVHcloud SecNumCloud-certified infrastructure (ANSSI qualification).
Ensures full compliance with European cybersecurity and sovereignty standards.