We’ve updated how CVSS scores are displayed so you can now see exactly which version has been used, right where you need it.

We’ve added the CVSS version number next to each score directly in the issues panel. CVSS scores now display with their version (e.g. 9.8 (Critical, v3)) so you can immediately see which scoring standard was applied.

This enhancement makes it easier to:

Most modern vulnerability feeds still rely on CVSSv3.1, which remains the most widely supported and comprehensive version. While CVSSv4 has been released, adoption is limited and still not complete meaning coverage is inconsistent and therefore CVSSv3.1 remains the best choice for accuracy and consistency today.

No configuration is required the CVSS version now appears automatically across all relevant views for every customer.

Previously, when you ran a vulnerability scan that included more targets than you had infrastructure licenses for, Intruder would automatically allocate any surplus application licenses to those extra targets.

This ensured maximum coverage but sometimes caused unexpected license usage. Similarly, when an Emerging Threat Scan (ETS) ran, Intruder would assign both infrastructure and application licenses automatically.

With this update, you now have full control over this behaviour.

You can decide whether surplus application licenses are automatically assigned to infrastructure targets during a scan. This gives you greater transparency, predictable license allocation, and better cost control.

You can now manage automatic license assignment directly in your settings:

We've given your Intruder dashboard a brand new look that makes it easier to monitor your security posture at a glance.

📊 Cleaner data visualization - We've redesigned the interface to put your most important security metrics front and center, so you can assess your exposure in seconds.

⚡ Faster navigation - A streamlined layout means less clicking and scrolling to find what you need, so you can jump straight to the issues that matter most.

📄 Export your data with ease - New export functionality lets you download your dashboard data as PDF or CSV files, making it simple to share reports with stakeholders or keep records for compliance.

Modern applications increasingly rely on OAuth authentication to secure their APIs and web services. Previously, if your applications used OAuth, you had to implement time consuming workarounds to allow Intruder to fully scan your applications.

With this release, we've added OAuth authentication support to our scanning capabilities. This means you can now comprehensively test applications and APIs that require OAuth tokens for access - giving you complete visibility into vulnerabilities across your entire authenticated attack surface.

We've expanded our authentication options to include OAuth 2.0, the industry-standard protocol used by countless modern applications. When setting up a scan, you can now:

To add OAuth authentication to a target, simply:

You'll need your OAuth client credentials and token endpoint URL to get started. Our scanner will handle the rest, automatically managing token generation and renewal throughout the scan.

This feature is available across all plans. To enable DAST scanning of your application you will need an Application License, if you already have one it will be assigned to the target when you configure the OAuth login details - if you don't have one you can purchase one from the billing page, or speak to your Customer Success Manager.

If you have any trouble setting up OAuth, reach out through the support chat.

Managing security across multiple cloud providers has traditionally meant juggling different tools, dashboards, and reports. Security teams often miss critical misconfigurations because they're buried in provider-specific consoles or require specialized knowledge to identify. This fragmented approach leaves gaps in your security coverage and makes it harder to prioritize what needs fixing first.

We've expanded our Cloud Security feature to support all three major cloud providers - AWS, Azure, and Google Cloud - giving you complete visibility into your cloud security posture from a single dashboard.

Our enhanced Cloud Security feature now automatically checks your AWS, Azure, and Google Cloud accounts for security misconfigurations and weaknesses - going beyond just scanning the assets hosted there.

You can now link at the tenant level with the Azure integration so you can quickly discover all associated subscriptions. You no longer need to integrate individual accounts/subscriptions/projects, or rotate multiple secret keys when they expire.

Key improvements include:

If you haven't yet added a cloud integration you can do so by:

If you already have a cloud connector configured you will need to update your permissions to allow Intruder to carry out Cloud Security scans.

We have guides for AWS, Azure, and Google Cloud available in our help center.

As soon as you enable cloud security scans Intruder will automatically kick off continuous cloud security scans (which you will see on your Scans page), and the results will populate in the Issues page (which you can filter to view Cloud results only).

This enhancement is available now for all customers on our Cloud, Pro and Enterprise plans.

Tracking which issues have been sent to Jira and when just got easier. Our enhanced Jira integration now gives you clear, in-app visibility into every Jira push, so you can stay on top of remediation progress without leaving Intruder.

The improved Jira functionality adds in-app visibility and better traceability between Intruder issues and Jira tickets. You can now:

Whenever an issue has been pushed to Jira, you’ll now see a Jira icon beside it. Hovering over the icon reveals when the issue was sent and includes a direct link wich opens corresponding Jira ticket in a new tab.

At the bottom of the issue details, you can now see a full history of all Jira pushes listed in chronological order. This includes cases where the same issue has been pushed multiple times.

These improvements apply across the Current, Fixed, and Snoozed tabs, so you can trace an issue’s full lifecycle regardless of its status.

This update gives teams better visibility and control over their remediation workflow helping you:

No setup is required! these improvements are live for all customers using the Jira integration.

If you haven’t yet connected Jira, you can do so by:

For more information on the Jira integration, visit our help article here.

Buying an exposure management solution should be simple - there should be as few hurdles as possible in your way to getting better security. For years, we've made it quick and easy to purchase Intruder directly through our portal so that you can set up and scan your entire attack surface. However, on occasion we've found that users have struggled with budget issues, often having budget tied to other expenses like their AWS cloud infrastructure.

As part of our commitment to making the process as simple as possible, we've now listed Intruder on AWS marketplace. This means you'll be able to pay directly through AWS using pre-existing budget.

We've made a number of possible license combination options available, allowing flexibility in choosing the right package for you. If you notice that your specific option is not available, please feel free to reach out to our support team and let us know.

It's an often said phrase - you can't protect what you don't know about. This is why over the recent years, we've focused on adding discovery methods to our products, enabling you to discover more of your known unknowns, and secure your attack surface.

In 2023 we released Version 1 of our API detection, focused initially on discovering APIs which exist in your AWS environment. By identifying which of your targets have an API, you can then add an API schema to the target to enable us to scan it more effectively and find more vulnerabilities.

With this release, we've now expanded API detection to . This will appear in the exact same way as it has previously, indicating APIs on the targets page, and on the API section within target details.

If you'd like to discuss this feature, or our wider attack surface management feature suite, feel free to book some time with our product team!

One of our core principles at Intruder has always been building a simple to use product, especially compared to many other cybersecurity products which can often feel intimidating. It's why we invested heavily in a top tier product design team, and why we regularly roll out updates to our UI/UX. However, there's only so much you can do without flooding the UI with additional educational content and text.

To try to overcome this barrier, and to seize the opportunities that AI has afforded us, we've now released a new AI assistant onto portal - Greg.

You can ask Greg anything you'd like, but here are some examples of how he can help:

This is a beta feature - and we'd love your feedback! You can give feedback directly through Greg, or you can book some time to chat to our Product team here.

As part of the launch of Cloud Security, we've implemented a new Cloud plan to expand our commercial offering. Sitting between Essential and Pro, this new plan is our entry point to Cloud Security at Intruder, while having a similar feature suite to Pro.

You can see the full breakdown of the differences between the plans on our pricing page here.