May 9th, 2026
This minor release marks the most significant turning point since the platform launched. It introduces a new pricing model built for the agent era, the global rollout of the Cybe MCP Server, a complete overhaul of the vulnerability priority engine with EPSS and CVSS 4.0 support, and lays the groundwork for v1.0.0 with the preview release of VibeSec.
CybeDefend moves to a new set of plans aligned with the reality of teams shipping with AI coding agents.
Four plans are now available:
Developer ($19/month billed annually): 3 repositories, 1 seat, 100 AI credits/month. Includes IDE plugins, MCP server, and GitHub & GitLab integrations. Built for solo developers shipping with an agent.
Team ($164/month billed annually): 10 repositories (up to 20, +$10/mo each), 5 seats (up to 10, +$20/mo each), 1,500 AI credits/month. Adds container scanning, supply-chain checks, CI/CD integrations, REST API, and task management (Jira, Linear).
Scale ($641/month billed annually): 25 repositories (up to 50), 15 seats (up to 25), 5,000 AI credits/month. Includes early access to BLSA (business-logic security analysis), the advanced business-context engine, a 99.5% uptime SLA, dedicated Slack support, and an onboarding workshop.
Enterprise (custom): unlimited repositories and seats, private VPC or on-premise deployment, SSO / SAML / SCIM, advanced audit logs, 24/7 priority support, and a dedicated account manager.
Static scans (SAST, SCA, IaC, Secrets) remain unlimited and free on every plan. Every account starts with 50 AI credits, no credit card required, no time limit.
The CybeDefend MCP Server is now available across two independent regions, with no local installation required:
EU: https://mcp-eu.cybedefend.com/mcp
US: https://mcp-us.cybedefend.com/mcp
Integration takes a single command in Claude Code, Cursor, Windsurf, VS Code, or any MCP-compatible agent. Full documentation is available at docs.cybedefend.com.
The vulnerability scoring system has been completely rethought to move beyond the limitations of static CVSS 3.1.
Dynamic CVSS 4.0: the frozen CVSS 3.1 score is replaced by a dynamically computed CVSS 4.0 score combining the base score and the environmental score per detection, accurately reflecting the real context of each project.
EPSS support: the Exploit Prediction Scoring System is now integrated as a priority signal, weighting the likelihood of active exploitation for each vulnerability.
Top 5 Focus: beyond dynamic sorting, an AI agent analyses all findings across every scanner and recommends the 5 vulnerabilities to address urgently. This focus strengthens CybeDefend's agentic ASPM capabilities by directing attention where the impact is highest.
Natural language scoring: technical CVSS strings (e.g. AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) are now translated into plain-language explanations, available in both English and French.
It is now possible to define a dedicated security context for each project. This context enriches agent-driven analysis and allows priority and detection rules to be tuned against the specific business and infrastructure characteristics of each repository.
Every vulnerability now carries an explicit exploitability field with three states: not_exploitable, theoretical, and proven. This field complements the existing Exploitable Path and enables more precise triage workflows, particularly for security policy enforcement and compliance exports.
This release lays the foundation for VibeSec, the flagship feature of v1.0.0. VibeSec analyses the Security Code Knowledge Graph of a project to automatically detect the business rules already enforced in the codebase: multi-tenant isolation, payment ceilings, separation of duties, idempotency, and more. These rules are then injected into the context of AI coding agents (Claude Code, Cursor, Windsurf, and others) to ensure that generated code respects them from the very first suggestion, before the PR even exists. The MCP Server reinforcement included in this release directly prepares the infrastructure required for VibeSec.
v1.0.0 will also introduce a full redesign of the Cybe Security Champion. It will be able to answer any security question while connected to the CybeDefend documentation, and to take actions directly on the platform: update a vulnerability status, summarize a project's security posture, and advise on the next steps to take. The foundations of this redesign are integrated into v0.10.0.