> For the complete documentation index, see [llms.txt](https://support.attackforge.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://support.attackforge.com/release-notes/2026.md).
# 2026
## 25 June 2026
### Introducing System Actions, Actions Catalogue and Sharing Actions
β‘ **Actions Just Got a Massive Upgrade: User Actions, System Actions & Sharing!**
Get ready to supercharge your workflows! We've rolled out a powerful new way to create, manage, and share Actions across your organization β giving you more flexibility and control than ever before.
#### What's New
π€ **User Actions β Make It Personal**
Every user can now create, update, delete, and share their very own User Actions. Build the workflows that work for you, and bring your teammates along for the ride. Perfect for personal automations, team collaborations, and everything in between.
π’ **System Actions β Roll It Out at Scale**
Administrators, this one's for you. System Actions let you configure powerful workflows and roll them out to your users β no acceptance or assignment required on their end. Deploy organisation-wide automations effortlessly, and rest easy knowing all admins automatically inherit Action Owner privileges on every System Action.
Need to pivot? Admins can switch any Action between System and User Action at any time. π
π€ **Sharing Actions β Collaboration Unlocked**
Sharing is now smarter and more flexible:
Admins can share System Actions and their User Actions with Roles, Groups, or individual Users. Non-admins can share their User Actions with their own Groups and other Users.
Fine-tune access with three levels β None (a powerful denylist option), View (trigger the Action), and Edit (trigger and configure). Plus, the Override option guarantees your assigned access prevails, so users won't accidentally inherit access they shouldn't have through their Roles or Groups.
π **Effective Access β Crystal Clear Visibility**
Want to know exactly who can access your Action? Effective Access gives Action Owners the definitive answer, factoring in every Role, Group, and User assignment. Available right from the Action settings page β just click Effective Access and see the full picture.
More power. More flexibility. More collaboration. Go build something amazing! π
### Custom Vulnerability Scoring Systems
π **Score Vulnerabilities Your Way β Multi-Framework Scoring Is Now Available!**
Stop forcing every vulnerability through a single lens. AttackForge now ships with first-class support for every major vulnerability scoring framework β and lets you mix, match, and build your own on top.
β¨ **What's Included Out-of-the-Box**
Spin up a fresh deployment and you'll find five battle-tested scoring systems already loaded:
* **CVSS 3.1** β the industry workhorse for technical severity
* **CVSS 4.0** β the latest evolution of the standard
* [**DREAD Threat Modelling**](https://support.attackforge.com/attackforge-enterprise/getting-started/vulnerability-scoring-systems#dread-threat-model) β Microsoft's classic threat model for fast triage
* [**OWASP Risk Rating Methodology**](https://support.attackforge.com/attackforge-enterprise/getting-started/vulnerability-scoring-systems#owasp-risk-rating-methodology) β likelihood Γ impact with business context baked in
* [**Custom 4x4 Risk Matrix**](https://support.attackforge.com/attackforge-enterprise/getting-started/vulnerability-scoring-systems#custom-4x4-risk-scoring) β board-friendly probability vs. impact scoring
Already have an existing AttackForge deployment? No problems! Click on any of the links above to access the scoring system configuration and add it to your own AttackForge instance!
π― **Run Multiple Frameworks on the Same Vulnerability**
Here's the big idea: you don't have to pick just one. Stack as many scoring systems as you want on a single project and watch them work together.
You can now benefit from:
* **Complementary perspectives** β CVSS handles technical exploitability, DREAD adds discoverability and user reach, OWASP layers in business impact. Together, full picture.
* **Smarter prioritization** β a CVSS-critical bug that's hard to find and affects a non-revenue system? Multiple frameworks help you avoid both over-reacting and under-reacting.
* **Speak every dialect** β CVSS for compliance auditors, OWASP for executives, DREAD for the engineering huddle. One vulnerability, every audience.
* **Cancel out bias** β if all three frameworks scream "critical," confidence goes up.
π οΈ **Build Your Own Scoring System**
Need something custom? Head to `Administration β Vulnerabilities β Scoring` and click `Add Custom Scoring System`. You get:
* **Custom forms** β design your own sections and fields that appear when scoring.
* **A priority script engine** β write AFScript logic that returns Critical / High / Medium / Low / Info.
* **Cross-context awareness** β your script can pull data from other scoring systems, vulnerability fields, writeups, affected assets, and project metadata.
π **Project-Level Control**
When you assign scoring systems to a project, you've got the steering wheel:
* **Required flag** β force testers to score using specific systems.
* **Ordered priority** β the top-ranked system wins when scores conflict.
* **Per-system access levels** β hide custom scoring rationale from lower-privilege roles when needed.
π‘ **Smart Conflict Detection**
When a manually overridden priority disagrees with what the scoring systems calculated, AttackForge flags the mismatch β so you always know when human judgment has diverged from the math.
π **Ready-Made Priority Scripts**
The documentation ships with working AFScript examples for DREAD (1β50 score bands), OWASP (likelihood Γ impact matrix), and the Custom 4x4 β copy, paste, tweak, ship.
The bottom line: one vulnerability, many lenses, zero compromise. Pick your framework β or invent a new one β and get to triaging. π
### Automated AI Attack Chains
π€ **Build and Explore Attack Chains automatically for every project!**
π₯ Attack Chains turn a list of findings into a real story with impact. This shift unlocks many benefits which a usual vulnerability list cannot show:
* **Demonstrate real impact**. A report full of "medium" issues β a misconfigured share here, a weak service account there, an outdated Confluence page β tends to get triaged into oblivion. Chain them together into "anonymous foothold β credential harvest β lateral movement β domain admin β crown jewels," and suddenly the same findings represent an existential business risk. The attack chain proves the *so what?*, which is usually what executives and risk owners actually care about.
* **Forces realism**. Individual vulns are scored in isolation using CVSS or other, but attackers don't operate that way. Demonstrating the attack chain proves the path is actually walkable in the target environment, not just theoretically exploitable. Findings that looked scary on paper sometimes don't chain to anything meaningful, and findings that looked boring sometimes turn out to be the linchpin. That's much better signal for prioritization than severity scores alone.
* **Remediate faster with *****break-chain***** thinking rather than *****fix-everything***. If five distinct findings are required to reach impact, the defender doesn't necessarily need to fix all five β breaking any one link disrupts the path. That's often significantly cheaper and faster than full remediation, and it gives the client a defensible interim posture while longer-term fixes land.
* **Map cleanly onto frameworks like MITRE ATT\&CK and Cyber Kill Chain**. Give the blue team a shared vocabulary. Each stage becomes a detection opportunity: if recon was caught, the chain stops at stage one; if not, where else could it have been broken? This feeds directly into purple-team exercises, SOC tuning, and tabletop scenarios.
* **Expose systemic weaknesses that single findings hide**. Over-permissioned service accounts, flat networks, missing egress controls, identity sprawl. Those root causes rarely show up as a single CVE but fall out clearly when you look at how an attacker actually moved from end-to-end.
In this release, we've included four (4) Attack Chain variants to help you:
#### [Interactive Attack Chain Explorer](https://support.attackforge.com/attackforge-enterprise/modules/ai-mcp-and-skills#interactive-attack-chain-explorer)
The Attack Chain Explorer generates an interactive web page from real AttackForge testing data β turning a project's findings into an animated, explorable kill-chain report. Pick from various distinct attack chains β different routes an attacker could realistically take through the engagement. Watch each chain animate stage-by-stage: attacker β recon β actionable stages β outcome. Hit `Best fix` to see the single highest-leverage remediation, or `Break chain` to see where any one fix collapses the path.
#### MITRE ATT\&CK
The MITRE ATT\&CK option will frame the project's findings against MITRE's tactics β Reconnaissance, Initial Access, Execution, Persistence, etc. It's built to land the attack chain narrative, the remediation plan, and the priority call - all on one page, so it suits board / leadership / engineering briefings.
There are two styles to choose from, and they produce visually and structurally different chains:
[**Style 1 β Executive landscape, one-pager**](https://support.attackforge.com/attackforge-enterprise/modules/ai-mcp-and-skills#mitre-att-and-ck-attack-chain-style-1)
[**Style 2 β Portrait narrative, debrief leave-behind**](https://support.attackforge.com/attackforge-enterprise/modules/ai-mcp-and-skills#mitre-att-and-ck-attack-chain-style-2)
#### [Cyber Kill Chain](https://support.attackforge.com/attackforge-enterprise/modules/ai-mcp-and-skills#cyber-kill-chain)
The Cyber Kill Chain option maps every finding in an AttackForge project onto the seven stages of the Lockheed Martin Cyber Kill Chain β but with modernized offensive-security labels: Reconnaissance, Payload Development, Initial Access, Exploitation, Persistence, Command & Control, Mission Impact.
Try generating these Attack Chains on your next project! Your customers and internal teams are sure to be impressed π€©
### New Tenable and Qualys Workflow Automations
π **Click a button. Get a full Tenable or Qualys scan. Findings auto-import back into AttackForge.**
We've built new workflow automations giving you turnkey orchestration between AttackForge and Tenable and Qualys Web App Scanning (WAS) and Vulnerability Management (VM).
π― **One Action Button, Full Scan Lifecycle**
A tester (or automation) clicks an Action on a Project in AttackForge β the project scope flies into Tenable β scans launch β status gets polled frequently β completed results flow straight back into AttackForge as vulnerabilities. No manual hand-offs, no babysitting.
π‘ **Why This Matters**
* **Zero context switching** β testers never leave AttackForge to kick off a Tenable scan.
* **Self-healing orchestration** β retries, aborts, multi-target fan-out, and email alerts are all built in.
* **Bulk friendly** β fire off scans across many projects in one Action click.
* **Stateful tracking** β every scan lives on the project as a custom field, so the cron job always knows what to poll.
* **Hands-off ingestion** β findings appear in AttackForge automatically when Tenable or Qualys finishes.
These new workflow automations will help you with *Continuous Threat Exposure Management (CTEM)* and ensuring that your vulnerability scans are *easy to trigger, consistent, and automatically ingested, contextualized and prioritized!* π
Whether you're using **Vulnerability Management (VM)** or **Web Application Scanning (WAS)** - we've got you covered:
* [Tenable VM Workflow](https://support.attackforge.com/attackforge-enterprise/modules/flows/tenable)
* [Tenable WAS Workflow](https://support.attackforge.com/attackforge-enterprise/modules/flows/tenable)
* [Qualys VM Workflow](https://support.attackforge.com/attackforge-enterprise/modules/flows/qualys)
* [Qualys WAS Workflow](https://support.attackforge.com/attackforge-enterprise/modules/flows/qualys)
These new workflows will help you to:
* *Trigger immediate scans* directly from your projects.
* *Track the status* of each scan against the project.
* *Automatically ingest findings* as scans complete, with error reporting when there's issues.
* *Prioritize findings using your own rules* - focus on the vulnerabilities that matter!
Bottom line: AttackForge project scopes go in, Tenable and Qualys findings come out β and the whole loop runs itself on your frequency. Import the example Flows, set your secrets, and ship. π
### WIZ Integration
Pentest findings, meet cloud security platform! π₯³
We've released new Flows to help you start streaming vulnerabilities straight into Wiz β automatically.
β‘ **Two Triggers, Same Destination** Pick your event, control what information goes into WIZ:
* [**Vuln Created Flow**](https://support.attackforge.com/attackforge-enterprise/modules/flows/wiz#export-vulnerability-to-wiz-on-vuln-created) β the instant a tester logs a finding, it's on its way to Wiz
* [**Vuln Updated Flow**](https://support.attackforge.com/attackforge-enterprise/modules/flows/wiz#export-vulnerability-to-wiz-on-vuln-updated) β catches vulnerabilities that weren't ready at creation but mature into export candidates later
π― **What Gets Exported**
Each AttackForge vulnerability lands in Wiz as a fully-formed attack surface finding, complete with:
* **Severity mapping** β AttackForge Critical/High/Medium/Low/Info translates cleanly to Wiz Critical/High/Medium/Low/None.
* **Affected asset endpoint** β hostname, port, and protocol pulled straight from asset custom fields.
* **Rich context** β description + attack scenario, steps to reproduce, vulnerability notes, and remediation guidance, all bundled into the assessment details.
* **Deep link back to AttackForge** β one click from the Wiz finding takes the analyst to the source vuln
* **Stable datasource ID** β keyed per project so findings group sensibly inside Wiz.
π§° **Customization-Friendly**
Need to send more or less data? No problem! Adjust the Flows easily inside AttackForge to match your needs. Swap the vulnerability type (DAST, SAST, SCA, IaC, ContainerScan, HostScan, SecretDetection, Misconfiguration), tweak the severity mapping, or fan out to multiple payloads per vuln. Your tenant, your rules.
π‘οΈ **Pre-Flight Validation Built In**
The Flow doesn't fire blindly. Before anything touches the Wiz API, it performs validation first. Extend the validation to match your own unique integration requirements!
Bottom line: plug it in, set your secrets, and every qualifying finding in AttackForge shows up in Wiz with the full pentest context attached β no CSVs, no copy-paste, no missed handoffs. π
### UX Improvements
We're constantly fine-tuning the user experience so every minute spent in AttackForge feels effortless π
#### New Design: Page View
We've given some of our most-used pages a fresh new look (and feel). Vulnerabilities, Writeups, Test Cases, Project Summaries, Reporting, and Project Requests now feature a redesigned layout, smarter navigation, and a cleaner, more focused experience.
**What's new:**
π§ **Table of contents with built-in search and jump-to-section** β find what you need in seconds
βοΈ **Adjustable panes** β expand your reading space whenever you need room to think
π **Collapsible sections** β show what matters, hide what doesn't
π **Faster access to files and history** β fewer clicks, more flow
#### Configure Default Tab on Module Load
π― **Land where you work most**
You can now choose which tab loads by default when you open a module. Spend most of your time in a specific view? Set it as your landing spot and skip the extra click every time.
Small change, big time-saver.
#### Project Code - Disable or Optional
π οΈ **More control over your Project form**
The Project Code field is no longer one-size-fits-all. You can now make it optional β or remove it entirely β to match the way your team actually works.
Head to `Administration > Projects > Details Form` to tailor it your way.
#### Groups Contact Fields - Disable or Optional
π₯ **Streamline your Group setup**
The Group Contact fields just got more flexible. Make them optional β or remove them entirely β so your Group records capture exactly what you need, and nothing you don't.
Head to `Administration > Groups > Details Form` to personalize your groups.
#### Copy Page Title or ID
π **One click, copied**
Need to grab a page title or system ID? Just click the page title and choose what you'd like to copy. No more highlighting, no more fiddly selections β it's right there when you need it.
#### System Dropdowns Now Support Search
β‘ **Searchable dropdowns**
Dropdown lists now support search across all configured options β find what you need instantly, even in the longest lists.
#### Enforce Remediation Note on Retest
π **Mandatory remediation notes for retests**
Optionally require a remediation note when vulnerabilities are marked as ready for retest β ensuring retesters have the context needed to validate fixes effectively.
Head over to `Administration > Vulnerabilities > Status > Status Update` to make the change.
#### Make Attack Scenario Mandatory
π‘οΈ **Mandatory Attack Scenario field**
Optionally require the Attack Scenario field on new Writeups β ensuring testers capture attack-specific context whenever a new issue type is defined.
Head over to `Administration > Writeups > Form` to make the change.
#### Improved User Lockout Experience for On-Premise Deployments
βοΈ **Configurable lockout policies**
You can now fine-tune the `max failed login attempts` and `account lockout timeout` policies to match your security requirements. Tighten things up, ease them off β your policy, your call.
#### All Project Request System Fields Now Accessible in Table
π We've loaded all the Project Request core/system fields and made them available in the `Pending Requests` and `Actioned Requests` tables!
You can now sort, filter, toggle and group all system and custom fields - and include them in your Custom Views!
### Additional Group Access - APIs, Events, Flows, Actions, AI MCP Tools
Your Groups just levelled up. Power your automations, your integrations, and your AI - using Group-driven access control.
π― What's New
Say hello to `Other Access` β a brand-new tab on every Group page that lets administrators extend Group membership to a whole new set of capabilities. No more juggling individual user permissions. No more "wait, how do we get that team access to that?" Just one Group, one place, one click.
π What Groups Can Now Access
* **Events via Flows** β Pipe internal events to the right team automatically
* **Events via Self-Service API** β Programmatic event access, gated by Group
* **Self-Service RESTful APIs** β Empower teams to build on AttackForge data
* **Flows** β Unlock ability for teams to build workflow automations and integrations
* **Actions** β Liberate teams to create Actions which matter to them
* **AI MCP** β Yes, even AI access is Group-managed now π€
πͺ Why You'll Love It
ποΈ **Granular by design** β Administrators assign access per-Group, on a needs basis. Right people, right tools, right level.
β‘ **Scales with your org** β Onboard a new customer team, vendor, or internal squad and they instantly inherit access to the APIs, Flows, Actions, and AI surfaces you've already approved for their Group.
π§ **One source of truth** β Group membership now drives access across projects, portfolios, vulnerabilities, AND your automation stack. Less drift, fewer gaps, way less audit headache.
π **Enterprise-grade control** β Everything lives behind the Other Access panel on the Group page, so admins always know exactly who can do what.
π How to Use It
1. Head to any Group in AttackForge
2. Click `Other Access`
3. Toggle on Events, APIs, Flows, Actions, or AI MCP β whatever this Group needs
4. Done. β
Members inherit the access automatically.
Bottom line: Groups are now the control plane for everything β not just data, but the Flows, Actions, APIs, and AI that make AttackForge sing. πΆ
### Flows Updates
We've made our Workflow Automation Engine [Flows](https://support.attackforge.com/attackforge-enterprise/modules/flows) even better! π€
#### Sharing Roles and Groups Access to Flows
π **Collaborate Like Never Before: Share Flows with Roles & Groups!**
You can now share your Flows with Roles, Groups, and individual Users β making collaboration smoother and access management a breeze.
π **Smarter Sharing for Everyone**
* Administrators can now share Flows directly with Roles, Groups, or individual Users β perfect for rolling out access across your organization.
* Non-admins can now share their Flows with their own Groups and other Users, empowering teams to work together without waiting on admin approval.
π **Introducing Effective Access**
Ever wondered exactly who can access a Flow? Wonder no more. Effective Access gives Flow Owners a single source of truth, showing precisely which users have access based on every Role, Group, and User assignment in play.
Just head to your Flow settings page and click Effective Access to see the complete picture.
Less guesswork, more teamwork. Happy Flowing! β¨
#### New Trigger Events
* [**asset-created**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-events-api/asset-created) - Handle event when an Asset in the Asset Module is created.
* [**asset-updated**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-events-api/asset-updated) - Handle event when an Asset in the Asset Module is updated.
* [**asset-archived**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-events-api/asset-archived) - Handle event when an Asset in the Asset Module is archived.
* [**asset-restored**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-events-api/asset-restored) - Handle event when an Asset in the Asset Module is restored.
* [**user-created**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-events-api/user-created) - Handle event when a User is created.
* [**user-updated**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-events-api/user-updated) - Handle event when a User is updated.
* [**project-request-file-uploaded**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-events-api/project-request-file-uploaded) - Handle event when a file on a Project Request is uploaded.
* [**project-on-hold**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-events-api/project-on-hold) - Handle event when a Project is on-hold.
* [**project-off-hold**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-events-api/project-off-hold) - Handle event when a Project is off-hold.
* [**vulnerability-remediation-plan-created**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-events-api/vulnerability-remediation-plan-created) - Handle event when a Remediation Plan is created on a Vulnerability.
* [**vulnerability-remediation-plan-updated**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-events-api/vulnerability-remediation-plan-updated) - Handle event when a Remediation Plan is updated on a Vulnerability.
* [**workspace-testing-log-uploaded**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-events-api/workspace-testing-log-uploaded) - Handle event when a testing log file is uploaded to the Project Workspace.
* [**project-member-added**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-events-api/project-member-added) - Handle event when a user is added to the Project Team for a Project.
* [**project-member-updated**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-events-api/project-member-updated) - Handle event when a user is updated on the Project Team for a Project.
* [**project-member-removed**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-events-api/project-member-removed) - Handle event when a user is removed from the Project Team for a Project.
#### Duplicate Actions
β‘ **Build Flows faster**
You can now duplicate actions in your Flows. Bootstrap new actions from existing ones, make a few tweaks, and you're off β no more rebuilding from scratch every time. A massive time-saver when you're building out complex automations.
#### HTML Response on HTTP Triggered Flows
π§ **One click. Clear feedback.**
Triggering automations from an email button click just got a whole lot friendlier. Add `?format=html` to the end of your [Trigger URL](https://support.attackforge.com/attackforge-enterprise/modules/flows#http-trigger-url) on any [HTTP Triggered Flow](https://support.attackforge.com/attackforge-enterprise/modules/flows#external-events), and users will land on a confirmation page acknowledging their request β including any helpful error details if something didn't go to plan.
No more guessing whether the click actually did anything.
#### Secrets Now Support Multi-Lines
π **Multi-line Secrets**
Secrets now support multi-line input β ideal for PEM keys and anything else that needs those line breaks preserved exactly as written. Paste with confidence.
### AFScript Updates
We've powered-up π our in-app scripting language [AFScript](https://support.attackforge.com/attackforge-enterprise/afscript) to make writing scripts even easier!
#### New Functions
* [**String.from()**](https://support.attackforge.com/attackforge-enterprise/afscript#strings) - Use this function to return a string representing the primitive or object.
* [**String.sign()**](https://support.attackforge.com/attackforge-enterprise/afscript#strings) - Use this function to cryptographically sign a message using a private key for signing.
* [**String.verify()**](https://support.attackforge.com/attackforge-enterprise/afscript#strings) - Use this function to verify a cryptographically signed message with a public key.
* [**XML.parse()**](https://support.attackforge.com/attackforge-enterprise/afscript#xml) - Use this function to parse an XML string, constructing the JSON value or object described by the string.
#### Updated Functions
* [**Date.format()**](https://support.attackforge.com/attackforge-enterprise/afscript#dates) - This function was updated to now support passing a `timezone` parameter to include a timezone offset.
### ReportGen Updates
We're always improving on our kick-ass reporting engine - **ReportGen** π₯
#### New Filters
* [**Substring**](https://support.attackforge.com/attackforge-enterprise/modules/reporting/template-filters#substring) - You can return a substring from a string.
### Self-Service API Updates
We're always improving our Self-Service APIs to make automations and integrations even easier! πͺ
#### New REST APIs
* [**ParseCSVData**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/parsecsvdata) - Parse CSV data to JSON format.
* [**GetUserProfile**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/getuserprofile) - Get Profile for a User.
* [**UpdateUserProfile**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/updateuserprofile) - Update Profile for a User.
* [**RequestInformationOnProjectRequest**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/requestinformationonprojectrequest) - Request Information on a Project Request.
* [**DownloadProjectRequestFile**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/downloadprojectrequestfile) - Download a file on a Project Request.
* [**UploadProjectRequestFile**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/uploadprojectrequestfile) - Upload a file to a Project Request.
* [**RichTextToConfluenceWiki**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/richtexttoconfluencewiki) - Convert data from rich-text to Confluence Wiki markup.
* [**UploadWorkspaceTestingLog**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/uploadworkspacetestinglog) - Upload a testing log to a Project Workspace.
* [**GetReportTemplates**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/getreporttemplates) - Get all Report Templates user has access to.
* [**DownloadReportTemplate**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/downloadreporttemplate) - Download a Report Template user has access to.
#### Updates to REST APIs
* [**GetProjects**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/getprojects) - now supports `?order=created:asc` and `?order=created:desc` to determine sort order on created timestamp.
* [**GetProjectRequests**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/getprojectrequest) - now supports the [Advanced Query Filter](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/advanced-query-filter).
## 5 March 2026
### Build Your Own Custom Workflows - In The UI!
The team at AttackForge are incredibly excited to bring you.. **Actions**! π€©π€©
[Actions](https://support.attackforge.com/attackforge-enterprise/actions) enable you to *build your own custom workflows* into the AttackForge application user interface, and trigger those workflows with a *simple button click*.
With the newest addition of Actions, this completes our mission to empower our customers with ***Automation - Anytime, Anywhere, by Anyone!***
You can now create Workflow Automations in AttackForge from:
* **Internal Events** - e.g. when a vulnerability is created or updated
* **External Events** - e.g. when changes happen in other systems or scripts
* **Scheduled Events** - e.g. run automations hourly, daily, weekly, or a custom frequency
* ***NEW*** **Actions** - e.g. when a user clicks on an Action within the app
And best of all - these Workflow Automations are *built directly into AttackForge*! Meaning:
* No need for complex middleware, or scripts running on *someones* machine
* Full visibility and control into what your automations are doing at every step
* No additional assets or infrastructure to procure and manage
* Auditability and access controls across all automations, including secrets management!
You can create Actions to *help you*:
* **Build custom workflows for your teams**
* **Trigger a process automation**
* **Launch an integration with an external system**
Examples of Actions could include:
* *Request a QA review / Approve a QA review*
* *Launch scans within your security tooling*
* *Create bulk actions which do not currently exist*
* *Trigger a custom vulnerability risk acceptance workflow*
* *Enable low-privileged users to perform isolated privileged tasks*
* *Export data on-demand*
* *Run custom reports and email the results*
* *Anything you can imagine* π
Actions can be created and accessed within any of the following entities:
1. [Project Request(s)](https://support.attackforge.com/attackforge-enterprise/getting-started/requesting-a-project)
2. [Project(s)](https://support.attackforge.com/attackforge-enterprise/getting-started/creating-and-managing-projects)
3. [Project Vulnerability(s)](https://support.attackforge.com/attackforge-enterprise/getting-started/creating-vulnerabilities)
4. [Project Test Case(s)](https://support.attackforge.com/attackforge-enterprise/getting-started/test-cases)
5. [Portfolio(s)](https://support.attackforge.com/attackforge-enterprise/modules/portfolios)
6. [Portfolio Stream](https://support.attackforge.com/attackforge-enterprise/modules/portfolios)
7. [Group(s)](https://support.attackforge.com/attackforge-enterprise/modules/groups)
8. [Asset(s)](https://support.attackforge.com/attackforge-enterprise/modules/assets)
9. [Writeup(s)](https://support.attackforge.com/attackforge-enterprise/modules/vulnerability-library)
10. [User(s)](https://support.attackforge.com/attackforge-enterprise/modules/users)
11. [Application](https://support.attackforge.com/attackforge-enterprise/actions#application-actions)
When triggering an Action, a confirmation dialogue will appear. You can also access more information in the `README`
After you click on `Run` - the Action will be triggered and it will show in your `Action Runs Manager`.
From here, you can monitor the status of your triggered Action.
You can click on the status to see more information:
You can also build `Application Actions`. These Actions relate to the application itself, they are not tied to any particular entity such as a Project, Vulnerability or Asset.
You can use Application Actions *at any time* - regardless of what access you have to other data and workflows in AttackForge.
This makes them ideal for ***personal workflows***, or ***delegating privileged workflows*** to lower-privileged users.
Actions are powered by [Flows](https://support.attackforge.com/attackforge-enterprise/modules/flows). Flows is AttackForge's **powerful Workflow Automation engine**, allowing users to *create completely custom workflows, automations and integrations*.
Flows is powered by [AFScript](https://support.attackforge.com/attackforge-enterprise/afscript) - AttackForge's **easy-to-use scripting language**, creating *infinite possibilities* with your Actions and Flows!
Actions can be linked to multiple Flows - meaning many workflows can be triggered from one single Action.
> Coming Soon! You can share your Actions, and also create Custom Forms on Actions!
### Project Scope Assets Improvements
We've significantly improved on how you can interact with assets on a project! π₯³
We've improved the project scope assets interface to make it easier to work with data.
You can now add scope and import assets directly when creating or editing vulnerabilities - without leaving the page, reducing friction when working on vulnerabilities:
Importing assets now support list imports where you can copy/paste a delimited list of assets to import:
You can now view full asset information (including components) directly from the vulnerabilities table.
We've added advanced filtering on all asset related tables within a project.
You can also manage project scope assets anywhere within a project where scope assets can be selected.
We've also extended the *Quick Select* and *Table* options to all places for filtering and selecting assets.
### Review Notes In More Places
In recent updates, we've focused on making quality assurance reviews β
*faster and easier* in AttackForge.
In this update, we've extended [Review Notes](https://support.attackforge.com/attackforge-enterprise/getting-started/reviewing-and-qa-vulnerabilities) to **Writeups** and **Test Cases on Test Suites**:
### Table Custom Field Improvements
We've powered up Table Custom Fields! πͺ
You can now use *Rich-Text fields in Table Custom Fields*.
This is ideal when you need a list of Rich-Text context, such as **Narratives, Timelines, Notes, and more**.
We've also added support for ***List*** fields in Table Custom Fields too!
You can also control which fields need to be displayed when viewing the table.
We've also improved Table Custom Field features to support filtering for all columns, as well as `Export to CSV`.
We've also improved the user experience when viewing and editing rows of data within the table.
### Improvements In Analytics
We've enhanced all of the `Top 10 Analytics` to now include more details!
### New AI Testing Methodologies
If you're currently or planning to do `AI pentesting` - look no further! π
We've added two more AI pentesting methodologies, in addition to the existing [**MITRE ATLAS Framework**](https://github.com/AttackForge/TestSuites/blob/main/MITRE/ATLAS/mitre_atlas_4.8.0_testcases.json):
* [**OWASP AI Testing Guide**](https://github.com/AttackForge/TestSuites/blob/main/OWASP/AITG/owasp_ai_testing_guide_2026.json) - The OWASP AI Testing Guide (AITG) is an open-source, community-driven framework providing standardized methodologies to test the trustworthiness, security, and reliability of AI and LLM systems. It offers comprehensive, actionable test cases across four key layersβApplication, Model, Data, and Infrastructureβto help developers and auditors manage AI-specific risks like prompt injection and bias.
* [**OWASP LLM Top 10**](https://github.com/AttackForge/TestSuites/blob/main/OWASP/Top%2010/OWASP-LLM-Applications-Top-10-2025.json) - The OWASP Top 10 for Large Language Model (LLM) Applications is a comprehensive framework identifying the most critical security risks when integrating LLMs into applications. It focuses on unique vulnerabilities like prompt injection, insecure output handling, and training data poisoning, serving as a guide for developers and security professionals to build, deploy, and manage LLMs securely.
### ReportGen Updates
We're always improving on our kick-ass reporting engine - **ReportGen** π₯
#### New Filters
* [**Declare**](https://support.attackforge.com/attackforge-enterprise/modules/reporting/template-filters#declare) - You can declare variables in-line using values from tags directly.
* [**Assign**](https://support.attackforge.com/attackforge-enterprise/modules/reporting/template-filters#assign) - You can assign a new value to a variable in-line using values from tags directly.
* [**DateAdd**](https://support.attackforge.com/attackforge-enterprise/modules/reporting/template-filters#dateadd) - You can add units of time to a date.
* [**DateSubtract**](https://support.attackforge.com/attackforge-enterprise/modules/reporting/template-filters#datesubtract) - You can subtract units of time to a date.
* [**DateDiff**](https://support.attackforge.com/attackforge-enterprise/modules/reporting/template-filters#datediff) - You can diff the time between dates.
* [**Increment**](https://support.attackforge.com/attackforge-enterprise/modules/reporting/template-filters#datediff) - You can increment a number by 1 or a specified integer.
* [**Multiply**](https://support.attackforge.com/attackforge-enterprise/modules/reporting/template-filters#datediff) - You can multiply a number by a specified integer.
* [**Drop**](https://support.attackforge.com/attackforge-enterprise/modules/reporting/template-filters#drop) - You can use drop to prevent a value from showing.
#### New Functions
* [**$range**](https://support.attackforge.com/attackforge-enterprise/modules/reporting/template-functions#usdrange) - Use this function to create a range of data which you can iterate over.
* [**$dateRange**](https://support.attackforge.com/attackforge-enterprise/modules/reporting/template-functions#usdrange) - Use this function to create a range of dates which you can iterate over.
* [**$dateDiff**](https://support.attackforge.com/attackforge-enterprise/modules/reporting/template-functions#usdrange) - Use this function to perform a diff between two dates.
#### [dateFormat Filter](https://support.attackforge.com/attackforge-enterprise/modules/reporting/template-filters#dateformat) Now Supports Timezone Offset
#### Sort Test Cases Using Custom Order
### UX Improvements
#### Export User Access Lists to CSV
You can now export all user access directly to CSV in `Users > (select user) > Access`.
#### Non-Admins Can Now Link/Re-Assign Vulns To Other Projects
#### Attack Chains Get New Tactics
We've added `Reconnaissance` and `Resource Development` to the Attack Chains.
### ServiceNow - Vulnerability Response Integration
We're committed to supporting our customers with integrating all of their offensive security testing into their enterprise ecosystem! π―
Previously we released an [integration with ServiceNow Incidents](https://support.attackforge.com/attackforge-enterprise/modules/flows#create-servicenow-incident).
In this release, we've created a bi-directional integration with [ServiceNow Vulnerability Response](https://www.servicenow.com/au/products/vulnerability-response.html) to help you:
* Automatically create Vulnerability Response (VR) findings from new vulnerabilities
* Automatically sync statuses between VR findings and vulnerabilities
You can read more about these [Flows on our Support Portal](https://support.attackforge.com/attackforge-enterprise/modules/flows#examples). Or import these Flows into your AttackForge from our [Flows GitHub Repository](https://github.com/AttackForge/Flows).
### AI MCP Updates
#### New Tools
We only recently introduced [AI MCP](https://support.attackforge.com/attackforge-enterprise/modules/ai-model-context-protocol-mcp) and we're already supercharging it to keep up with new ways our customers are *plugging in their own AI tools into AttackForge* to get real work done, fast! β¨
* [**get\_file**](https://support.attackforge.com/attackforge-enterprise/modules/ai-model-context-protocol-mcp#get-file) - The Get File tool can be used to get the metadata and binary content of an AttackForge File by supplying its id. This is useful for retrieving evidence files attached to Vulnerabilities or files attached to Writeups.
> If you missed [our release on AI Model Context Protocol (MCP)](https://support.attackforge.com/release-notes/2025#id-19-december-2025) - make sure to check it out to see how you can work smarter, not harder!
### Flows Updates
We've made our Workflow Automation Engine [Flows](https://support.attackforge.com/attackforge-enterprise/modules/flows) even better! π€
#### New Events
* [**project-reporting-updated**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-events-api/project-reporting-updated) - Handle event when Project Reporting page is updated.
* [**project-reporting-file-uploaded**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-events-api/project-reporting-file-uploaded) - Handle event when a file is uploaded to the Project Reporting page.
* [**project-summary-updated**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-events-api/project-summary-updated) - Handle event when Project Summary page is updated.
* [**project-summary-file-uploaded**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-events-api/project-summary-file-uploaded) - Handle event when a file is uploaded to the Project Summary page.
* [**vulnerability-remediation-note-file-uploaded**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-events-api/vulnerability-remediation-note-file-uploaded) - Handle event when a file is uploaded to a Vulnerability Remediation Note.
#### Updates to Events
* [**project\_created**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-events-api/project-created) - Added `"project_request_id"` to the payload.
* [**project\_updated**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-events-api/project-updated) - Added `"project_request_id"` to the payload.
* [**vulnerability\_created**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-events-api/vulnerability-created) - Added `"vulnerability_library_id"` to the payload.
* [**vulnerability\_updated**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-events-api/vulnerability-updated) - Added `"vulnerability_library_id"` to the payload.
### AFScript Updates
We've powered-up π our in-app scripting language [AFScript](https://support.attackforge.com/attackforge-enterprise/afscript) to make writing scripts even easier!
#### New Functions
* [**String.match()**](https://support.attackforge.com/attackforge-enterprise/afscript#strings) - Use this function to perform a match against a regular expression.
* [**String.matchAll()**](https://support.attackforge.com/attackforge-enterprise/afscript#strings) - Use this function to perform a match against a regular expression, and return all results.
### Self-Service API Updates
We're always improving our Self-Service APIs to make automations and integrations even easier! πͺ
#### New REST APIs
* [**UpdateProjectRequestAccess**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/updateprojectrequestaccess) - Patch the ACL (Access Control List) on a Project Request.
* [**UpdateProjectAccess**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/updateprojectaccess) - Patch the ACL (Access Control List) on a Project.
#### Updates to REST APIs
* [**UpdateVulnerability**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/updatevulnerability) - now supports `"reason"` on status changes.
* [**UpdateVulnerabilityWithLibrary**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/updatevulnerabilitywithlibrary) - now supports `"reason"` on status changes.
* [**GetVulnerabilities**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/getvulnerabilities) - now supports `"resolution"` in *Advanced Query Filter (Q filter)* and `"vulnerability_resolution_type"` in vulnerability response.
* [**GetVulnerability**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/getvulnerability) - now supports `"vulnerability_resolution_type"` in vulnerability response.
* [**GetVulnerabilitiesByAssetName**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/getvulnerabilitiesbyassetname) - now supports `"vulnerability_resolution_type"` in vulnerability response.
* [**GetVulnerabilitiesByGroup**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/getvulnerabilitiesbygroup) - now supports `"vulnerability_resolution_type"` in vulnerability response.
* [**GetProjectVulnerabilities**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/getprojectvulnerabilities) - now supports `"vulnerability_resolution_type"` in vulnerability response.
* [**GetProjectsAndVulnerabilities**](https://support.attackforge.com/attackforge-enterprise/modules/self-service-restful-api/getprojectsandvulnerabilities) - now supports `"vulnerability_resolution_type"` in vulnerability response.
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:
```
GET https://support.attackforge.com/release-notes/2026.md?ask=&goal=
```
`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.