2026

5 March 2026

Build Your Own Custom Workflows - In The UI!

The team at AttackForge are incredibly excited to bring you.. Actions! 🤩🤩

Actions enable you to build your own custom workflows into the AttackForge application user interface, and trigger those workflows with a simple button click.

With the newest addition of Actions, this completes our mission to empower our customers with Automation - Anytime, Anywhere, by Anyone!

You can now create Workflow Automations in AttackForge from:

• Internal Events - e.g. when a vulnerability is created or updated

• External Events - e.g. when changes happen in other systems or scripts

• Scheduled Events - e.g. run automations hourly, daily, weekly, or a custom frequency

• NEW Actions - e.g. when a user clicks on an Action within the app

And best of all - these Workflow Automations are built directly into AttackForge! Meaning:

• No need for complex middleware, or scripts running on someones machine

• Full visibility and control into what your automations are doing at every step

• No additional assets or infrastructure to procure and manage

• Auditability and access controls across all automations, including secrets management!

You can create Actions to help you:

• Build custom workflows for your teams

• Trigger a process automation

• Launch an integration with an external system

Examples of Actions could include:

• Request a QA review / Approve a QA review

• Launch scans within your security tooling

• Create bulk actions which do not currently exist

• Trigger a custom vulnerability risk acceptance workflow

• Enable low-privileged users to perform isolated privileged tasks

• Export data on-demand

• Run custom reports and email the results

• Anything you can imagine 😄

Actions can be created and accessed within any of the following entities:

1. Project Request(s)

2. Project(s)

3. Project Vulnerability(s)

4. Project Test Case(s)

5. Portfolio(s)

6. Portfolio Stream

7. Group(s)

8. Asset(s)

9. Writeup(s)

10. User(s)

11. Application

When triggering an Action, a confirmation dialogue will appear. You can also access more information in the README

After you click on Run - the Action will be triggered and it will show in your Action Runs Manager.

From here, you can monitor the status of your triggered Action.

You can click on the status to see more information:

You can also build Application Actions. These Actions relate to the application itself, they are not tied to any particular entity such as a Project, Vulnerability or Asset.

You can use Application Actions at any time - regardless of what access you have to other data and workflows in AttackForge.

This makes them ideal for personal workflows, or delegating privileged workflows to lower-privileged users.

Actions are powered by Flows. Flows is AttackForge's powerful Workflow Automation engine, allowing users to create completely custom workflows, automations and integrations.

Flows is powered by AFScript - AttackForge's easy-to-use scripting language, creating infinite possibilities with your Actions and Flows!

Actions can be linked to multiple Flows - meaning many workflows can be triggered from one single Action.

Coming Soon! You can share your Actions, and also create Custom Forms on Actions!

Project Scope Assets Improvements

We've significantly improved on how you can interact with assets on a project! 🥳

We've improved the project scope assets interface to make it easier to work with data.

You can now add scope and import assets directly when creating or editing vulnerabilities - without leaving the page, reducing friction when working on vulnerabilities:

Importing assets now support list imports where you can copy/paste a delimited list of assets to import:

You can now view full asset information (including components) directly from the vulnerabilities table.

We've added advanced filtering on all asset related tables within a project.

You can also manage project scope assets anywhere within a project where scope assets can be selected.

We've also extended the Quick Select and Table options to all places for filtering and selecting assets.

Review Notes In More Places

In recent updates, we've focused on making quality assurance reviews ✅ faster and easier in AttackForge.

In this update, we've extended Review Notes to Writeups and Test Cases on Test Suites:

Table Custom Field Improvements

We've powered up Table Custom Fields! 💪

You can now use Rich-Text fields in Table Custom Fields.

This is ideal when you need a list of Rich-Text context, such as Narratives, Timelines, Notes, and more.

We've also added support for List fields in Table Custom Fields too!

You can also control which fields need to be displayed when viewing the table.

We've also improved Table Custom Field features to support filtering for all columns, as well as Export to CSV.

We've also improved the user experience when viewing and editing rows of data within the table.

Improvements In Analytics

We've enhanced all of the Top 10 Analytics to now include more details!

New AI Testing Methodologies

If you're currently or planning to do AI pentesting - look no further! 👀

We've added two more AI pentesting methodologies, in addition to the existing MITRE ATLAS Framework:

• OWASP AI Testing Guide - The OWASP AI Testing Guide (AITG) is an open-source, community-driven framework providing standardized methodologies to test the trustworthiness, security, and reliability of AI and LLM systems. It offers comprehensive, actionable test cases across four key layers—Application, Model, Data, and Infrastructure—to help developers and auditors manage AI-specific risks like prompt injection and bias.

• OWASP LLM Top 10 - The OWASP Top 10 for Large Language Model (LLM) Applications is a comprehensive framework identifying the most critical security risks when integrating LLMs into applications. It focuses on unique vulnerabilities like prompt injection, insecure output handling, and training data poisoning, serving as a guide for developers and security professionals to build, deploy, and manage LLMs securely.

ReportGen Updates

We're always improving on our kick-ass reporting engine - ReportGen 🥋

New Filters

• Declare - You can declare variables in-line using values from tags directly.

• Assign - You can assign a new value to a variable in-line using values from tags directly.

• DateAdd - You can add units of time to a date.

• DateSubtract - You can subtract units of time to a date.

• DateDiff - You can diff the time between dates.

• Increment - You can increment a number by 1 or a specified integer.

• Multiply - You can multiply a number by a specified integer.

• Drop - You can use drop to prevent a value from showing.

New Functions

• $range - Use this function to create a range of data which you can iterate over.

• $dateRange - Use this function to create a range of dates which you can iterate over.

• $dateDiff - Use this function to perform a diff between two dates.

dateFormat Filter Now Supports Timezone Offset

Sort Test Cases Using Custom Order

UX Improvements

Export User Access Lists to CSV

You can now export all user access directly to CSV in Users > (select user) > Access.

Non-Admins Can Now Link/Re-Assign Vulns To Other Projects

Attack Chains Get New Tactics

We've added Reconnaissance and Resource Development to the Attack Chains.

ServiceNow - Vulnerability Response Integration

We're committed to supporting our customers with integrating all of their offensive security testing into their enterprise ecosystem! 🎯

Previously we released an integration with ServiceNow Incidents.

In this release, we've created a bi-directional integration with ServiceNow Vulnerability Response to help you:

• Automatically create Vulnerability Response (VR) findings from new vulnerabilities

• Automatically sync statuses between VR findings and vulnerabilities

You can read more about these Flows on our Support Portal. Or import these Flows into your AttackForge from our Flows GitHub Repository.

AI MCP Updates

New Tools

We only recently introduced AI MCP and we're already supercharging it to keep up with new ways our customers are plugging in their own AI tools into AttackForge to get real work done, fast! ✨

• get_file - The Get File tool can be used to get the metadata and binary content of an AttackForge File by supplying its id. This is useful for retrieving evidence files attached to Vulnerabilities or files attached to Writeups.

If you missed our release on AI Model Context Protocol (MCP) - make sure to check it out to see how you can work smarter, not harder!

Flows Updates

We've made our Workflow Automation Engine Flows even better! 🤖

New Events

• project-reporting-updated - Handle event when Project Reporting page is updated.

• project-reporting-file-uploaded - Handle event when a file is uploaded to the Project Reporting page.

• project-summary-updated - Handle event when Project Summary page is updated.

• project-summary-file-uploaded - Handle event when a file is uploaded to the Project Summary page.

• vulnerability-remediation-note-file-uploaded - Handle event when a file is uploaded to a Vulnerability Remediation Note.

Updates to Events

• project_created - Added "project_request_id" to the payload.

• project_updated - Added "project_request_id" to the payload.

• vulnerability_created - Added "vulnerability_library_id" to the payload.

• vulnerability_updated - Added "vulnerability_library_id" to the payload.

AFScript Updates

We've powered-up 🔋 our in-app scripting language AFScript to make writing scripts even easier!

New Functions

• String.match() - Use this function to perform a match against a regular expression.

• String.matchAll() - Use this function to perform a match against a regular expression, and return all results.

Self-Service API Updates

We're always improving our Self-Service APIs to make automations and integrations even easier! 💪

New REST APIs

• UpdateProjectRequestAccess - Patch the ACL (Access Control List) on a Project Request.

• UpdateProjectAccess - Patch the ACL (Access Control List) on a Project.

Updates to REST APIs

• UpdateVulnerability - now supports "reason" on status changes.

• UpdateVulnerabilityWithLibrary - now supports "reason" on status changes.

• GetVulnerabilities - now supports "resolution" in Advanced Query Filter (Q filter) and "vulnerability_resolution_type" in vulnerability response.

• GetVulnerability - now supports "vulnerability_resolution_type" in vulnerability response.

• GetVulnerabilitiesByAssetName - now supports "vulnerability_resolution_type" in vulnerability response.

• GetVulnerabilitiesByGroup - now supports "vulnerability_resolution_type" in vulnerability response.

• GetProjectVulnerabilities - now supports "vulnerability_resolution_type" in vulnerability response.

• GetProjectsAndVulnerabilities - now supports "vulnerability_resolution_type" in vulnerability response.