1st April 2026 — 30th April 2026
Product Area | Feature(s) | Deployment Type (SaaS, On-prem, Both) | Description |
|---|---|---|---|
AI Security | Third-Party MCP Server Discovery | SaaS | Traceable now enhances the Third-Party view to provide a more comprehensive view of external dependencies:
|
MCP Tool Risk Support | SaaS | Traceable now enhances the risk score experience by simplifying configuration and improving visibility for API risk scoring, and also introduces risk scores for MCP tools, enabling a consistent and intuitive risk evaluation across APIs and AI assets. For more information, see MCP Risk Score. | |
AI Assets Tab and AI Usage Visibility | SaaS | Traceable now introduces a dedicated AI Assets tab that provides a unified view of all AI-related assets:
For more information, see AI Assets. | |
Discovery | Behavioral Insights for MCP Tools | SaaS | Traceable now extends behavioral insights to MCP tools, allowing you to view usage patterns, exposure, encryption, and authentication details, enabling faster risk assessment and improved visibility into tool behavior. For more information, see AI Asset Details. |
Enhanced Posture Events with Sensitive Data Evidence | SaaS and On-prem (1.39.0) | Traceable now enhances posture events with in-context, sensitive-data evidence, enabling you to view data type, exact location (request or response, parameter-level), and full payload context directly within the workflow, helping you investigate and validate sensitive data findings faster without switching between views. For more information, see Posture Events. | |
Protection | Action Logs in Custom policies, Exclusions, and Threat Actors. | SaaS and On-prem (1.39.0) | Traceable now supports action logging, providing rule-level visibility and entity-scoped change history. Instead of relying on a centralized timeline, the system organizes configuration changes by individual policies, exclusions, and threat actors, enabling precise tracking and improved traceability. For more information, see Threat Actors and Exclusions. |
Advanced Bot and Abuse Policy Templates | SaaS and On-prem (1.39.0) | Traceable now enables self-service policy templates for Bot and Abuse Protection that allow you to create advanced rules using Velocity and Aggregation templates, define thresholds, and detect and mitigate abuse based on traffic patterns and aggregated activity. For more information, see Bot and Abuse Protection Policies. | |
API Security Testing | Scan Configuration Enhancements | SaaS | Traceable now introduces an improved scan configuration experience to simplify scan creation and improve usability. For more information, see Creating a Scan and AI Security Testing. |
Optimize Scan Asset Resolution | SaaS and On-prem (1.39.0) | Traceable now optimizes scan asset resolution to improve performance and reliability when processing large API inventories, reducing timeouts, and ensuring more reliable scan execution at scale. | |
Reachability Tests for Replay Scans | SaaS | Traceable now introduces reachability checks as a prerequisite for replay-based API testing. It verifies whether an API can be successfully invoked via the runner; APIs that fail due to authentication or availability issues are marked as unreachable, and no security tests are generated for them. For more information, see Scan Details. | |
Scan Labeling | SaaS | Traceable now supports adding labels to scans to organize and group them more effectively. | |
Integrations | Akamai WAF Integration Enhancement to use Client List | SaaS and On-prem (1.39.0) | Traceable now supports Akamai Client Lists in WAF integrations, centralizing allow-list and block-list management. |
Bulk Ticket Creation for ServiceNow ITSM | SaaS and On-prem (1.39.0) | Traceable now supports bulk ticket creation using ServiceNow ITSM, streamlining incident management workflows. | |
Enable or Disable Options for WAF Integration | SaaS and On-prem (1.39.0) | Traceable now allows you to enable or disable WAF integrations to effectively manage WAF rule synchronization. | |
Data Collection | Nginx Fabric Gateway Support | SaaS and On-prem (1.39.0) | Traceable now supports the Nginx fabric gateway to expand API traffic visibility and gateway coverage. |
1st March 2026 — 31st March 2026
Product Area | Feature(s) | Deployment Type (SaaS, On-prem, Both) | Description |
|---|---|---|---|
AI Security | AI Security across Protection, Discovery, and Testing | SaaS | Traceable now enables end-to-end security for AI applications, helping you discover, assess, and protect your AI ecosystem. Built on Traceable’s API security foundation, AI security addresses risks across models, prompts, tools, and data flows. Traceable now brings together three core capabilities to secure your AI applications:
For more information, see AI Security Overview. |
Discovery | Label Support for MCP assets | SaaS | Traceable now extends label support to MCP servers, tools, prompts, and resources, allowing you to apply manual labels to organize, group, and filter MCP assets more effectively for improved visibility and management. |
Protection | Download Connected Actors and Accounts with Threat Details | SaaS | Traceable now enables you to download all actors and accounts associated with a confirmed threat in a single step. This allows you to identify related entities sharing the same threat signature and take faster remediation actions. |
Dynamic Match Support in Custom Policies and Exclusions | SaaS and On-prem (1.37.0) | Traceable now supports dynamic matching across payload components, including request, response, and attributes. It is now enabled for Custom Signatures, Rate-limiting, and Enumeration policies. This enables more flexible and precise policy configurations. For more information, see Custom Policies. | |
API Security Testing | Enhanced Scan Reports and Compliance Reporting | SaaS and On-prem (1.37.0) | Traceable now includes additional fields, such as domain, service, label, owner, and environment in scan reports, improving visibility and compliance reporting. |
Integrations | Region-Based Rule Support for Malicious Sources in AWS WAF | SaaS and On-prem (1.37.0) | Traceable now supports propagating region-based rules configured under Malicious Sources to AWS WAF. These rules are managed within Traceable and synchronized with WAF for enforcement. For more information, see AWS Integration. |
1st February 2026 — 28th February 2026
Product Area | Feature(s) | Deployment Type (SaaS, On-prem, Both) | Description |
|---|---|---|---|
Discovery | Enhanced Evidence Insights for API Characteristics and Compliance Issues | SaaS | Traceable now provides a more robust evidence experience for API characteristics and related compliance issues. APIs discovered through multiple sources, including live traffic analysis, API documentation uploads, Sonar, and code analysis, are enriched with automatically learned attributes such as authentication type, encryption status, and external or internal exposure. With this enhancement, you can drill down into detailed evidence supporting API characteristics and compliance findings. This enables clearer visibility into why an API is flagged, for example, when an externally accessible API lacks authentication, and helps you take appropriate remediation actions with greater confidence. |
Notifications Based on API Ownership | SaaS and On-prem (1.36.0) | Traceable now enables email notifications to API owners for blocked activity specific to their APIs. When ownership is configured, relevant stakeholders are automatically informed of enforcement actions. This improves accountability, accelerates remediation, and strengthens collaboration across teams. | |
Change Insights for Inventory and Issues via Chatbot | SaaS and On-prem (1.36.0) | Traceable now supports querying Inventory and Issues through the AI chatbot to obtain change insights. You can use natural language queries to explore issue trends and inventory updates, enabling faster analysis and more informed decision-making. For more information, see Ask AI. | |
Protection | IP Resolution | SaaS and On-prem (1.36.0) | Traceable now provides IP Resolution capabilities to manage and enforce IP-based access controls using custom configuration rules. You can define and apply rules to allow, block, or monitor traffic based on IP attributes. This enhancement improves access governance and strengthens network-level protection across your APIs. For more information, see IP Resolution Configuration. |
Updated Web Application Protection Ruleset (January 2026) | SaaS and On-prem (1.36.0) | Traceable has published a new version of the Web Application Protection ruleset. The updated rules enhance detection coverage and accuracy of protection. For more information, see WAF Policies Changelog. | |
Enhanced Configuration and Tuning for API Protection Policies | SaaS and On-prem (1.36.0) | Traceable has enhanced API Protection policies with additional configuration options and behind-the-scenes tuning improvements. You can now adjust thresholds and fine-tune policy behavior to better align with your specific use cases. This provides greater flexibility while maintaining strong detection accuracy. For more information, see API Protection Policies. | |
API Security Testing | AST Processor Redesign | SaaS and On-prem (1.36.0) | Traceable has redesigned the AST processor to improve system reliability during test generation. These internal enhancements strengthen stability, optimize processing workflows, and improve overall testing performance. |
Runner Health Dashboard | SaaS | Traceable now provides a Runner Health Dashboard that enables you to monitor runner metrics and logs directly from the Traceable platform. Available with CLI version 2.4.0 or later, this enhancement provides real-time visibility into runner performance, operational status, and execution logs. For more information, see Understanding Runners Dashboard. | |
Integrations | Custom Jira Template Management | SaaS and On-prem (1.36.0) | Traceable now allows you to create, edit, and delete custom Jira templates by mapping relevant AppSec attributes to Jira project labels. This enhancement enables more structured and context-rich ticket creation, improves issue traceability, and streamlines collaboration between security and engineering teams. For more information, see Jira integration. |
Data Collection | Agent Observability Dashboard | SaaS and On-prem (1.36.0) | Traceable introduces a new Data Collection deployment dashboard that provides comprehensive visibility into agent health metrics. You can monitor granular details across tracers, including Kubernetes clusters, namespaces, and custom deployment names. This enhancement improves operational visibility and helps you proactively identify and resolve data collection issues. |
1st December 2025 — 31st January 2026
Product Area | Feature(s) | Deployment Type (SaaS, On-prem, Both) | Description |
|---|---|---|---|
Protection | Linked Visibility Across Events, Actors, and Accounts | You can now easily identify the relationship between Risky Bot Accounts, Risky Bot Actors, and the events generated by them through embedded linkages across pages. For example, on the Bot Accounts page, selecting the Events Count shows how many events were generated by that account. | |
API Protection Policies Reorganization | SaaS and On-prem (1.35.0) | API Protection policies are now reorganized and categorized according to industry standards, providing clearer visibility into platform capabilities. Additional configuration options are now available at the threat rule level to support better tuning and compatibility with customer applications. | |
Schema Validation Using Uploaded API Specifications | SaaS and On-prem (1.35.0) | First-class schema validation detection is now available, with the option to configure monitoring based on uploaded API specifications. For more information, see Request Schema Validation. | |
Improved Custom Signature Policy Creation Flow | SaaS and On-prem (1.35.0) | The create-and-update flow for custom signature policies has been redesigned to be more intuitive. The workflow is now action-first, which dynamically determines the available criteria options based on the selected action. This reduces unnecessary back-and-forth and improves overall usability. For more information, see the Custom Signatures tab in the Custom Policies topic. | |
Discovery | Navigation and Terminology Update | SaaS and On-prem (1.35.0) | Traceable has updated the navigation and terminology to improve clarity and align with how users explore data across the platform. The following are the updates:
This is a navigation and naming update only; there are no changes to underlying functionality. |
API Versioning Support via Headers and Query Parameters | SaaS and On-prem (1.35.0) | You can now configure rules to extract API version information from URLs, headers, or query parameters. This also enables the creation of fine-grained policies and rules targeting specific API versions, since each version is treated as a distinct API endpoint. For more information, see the API Versioning tab in API Discovery. | |
API Security Testing | AI-Powered AST Authentication Hook Generation | SaaS | You can now generate custom authentication hooks using AI. For more information, see Authentication. |
CLI 2.x with Prechecks Now Generally Available | SaaS and On-prem (1.35.0) | CLI v2 is now GA and available for upgrade. This release delivers improved stability along with enhanced resource management and monitoring capabilities. For more information, see CLI Pre-checks and Installation. | |
Data Collection | Data Collection Support for Netlify Edge Functions | SaaS | You can now onboard using Netlify Edge Functions, enabling real-time data capture directly at the network edge. For more information, see Netlify Edge Function. |