Skip to main content

Release Notes — February 2026

Levo Team
Levo Team
Product & Engineering

Release period: February 1 – February 28, 2026

February built on January's launches by making them production-ready: web application scanning (DAST) matured fast with CLI-driven scans, evidence, and DOCX reports; AI Guardrails gained a policy framework and multi-tenant, parallelized scanning; and we introduced tagging across findings and vulnerabilities, separated threats into their own feed, and shipped a new agentless API discovery CLI.

Highlights

  • Findings & Vulnerabilities tagging — Apply tags to findings and vulnerabilities to organize, triage, and filter at scale, with bulk delete and a redesigned Findings view.
  • DAST scanning matures — Launch web app scans from the CLI, capture evidence, cancel scans end to end, export DOCX reports, and discover far more endpoints with new JS-aware crawling.
  • AI Guardrail Policies — A new policy framework for AI Guardrails with multi-tenant enforcement and parallel scanning for 3–5x faster checks.
  • Threats, separated from findings — Runtime threats now have their own dedicated feed, distinct from security findings.
  • Agentless API discovery CLI — A new command-line tool to discover APIs with multiple scan modes, no sensor required.
  • End-to-end audit logging — A rebuilt audit log with readable entity names, user-activity tracking, and before/after state on changes.

What's new at a glance. A map of where February's new capabilities fit across the Levo API & AI security platform.

February 2026 — What's new

Legend for the bullets below: 🆕 new · ⚡ enhancement · 🐞 fix

Vulnerabilities & Findings

  • 🆕 Tagging for findings and vulnerabilities — Apply and search by tags across findings and vulnerabilities to organize and triage at scale.
  • 🆕 Bulk delete for findings — Select and remove multiple findings in one action.
  • 🆕 Redesigned Findings page — A new Findings view with clearer layout and additional row controls.
  • ⚡ Search for multiple issue names at once across the Findings and Grouped Findings screens.
  • ⚡ New KIND filter for findings and vulnerabilities, plus improved field filtering.
  • 🐞 Fixed null values on the Grouped Findings page, a vulnerability detail page that would not open for certain filters, and an application-to-endpoints count mismatch.

Web Application Scanning (DAST)

  • 🆕 Launch scans from the CLI — Kick off web application scans directly from the command line.
  • 🆕 Evidence capture — DAST scans now record supporting evidence for each finding, viewable in the UI.
  • 🆕 DOCX scan reports — Export web application scan results as DOCX, alongside an improved report export experience.
  • 🆕 Scan cancellation — Cancel a running web app scan end to end.
  • 🆕 AI-assisted login — Provide a prompt and credentials for AI-driven authentication during a scan.
  • Smarter crawling and discovery — AI-driven crawler and prompt improvements, framework-agnostic URL discovery, and JS endpoint discovery that finds 80–99% more endpoints.
  • ⚡ Separate passive (Scanner) and active (Probe) interfaces, advanced rules in active scans, and new active-scan test categories including a SQL injection filter in the UI.
  • ⚡ Standard crawl mode is now the default when creating a scan, with a refreshed scan details page, metrics, and URLs tab.
  • 🐞 Fixed scan log cleanup, LLM provider selection, and assorted scan stability issues.

AI Security

  • 🆕 AI Guardrail Policies — A new policy framework to configure AI Guardrails, with an expandable policy screen and per-scanner action and alert settings.
  • 🆕 Guardrail alert management API — New API endpoints to manage and route guardrail alerts.
  • 🆕 Standalone Scan API — Dedicated request and response scan endpoints for integrating guardrail checks directly.
  • Multi-tenant guardrails — Multi-tenant guardrail management with per-tenant alert routing and OAuth2 token rotation.
  • Faster guardrail scanning — Parallel scanner execution for 3–5x faster checks, plus a global model cache that cuts cold-start model load from ~40s to ~1s.
  • ⚡ Configurable alert webhooks and periodic scanner-configuration polling, with SaaS configuration enabled by default.

AI Discovery

  • 🆕 Local MCP and coding-agent discovery — Levo now discovers local MCP servers and coding agents, including those launched from the Claude CLI, and captures their enabled tools and permissions.

API Discovery & Cataloging

  • 🆕 Agentless API discovery CLI — A new command-line tool to discover APIs with multiple scan modes, without deploying a sensor.
  • 🆕 Auth scheme refresh — A new system capability to refresh authentication schemes for endpoints by replaying recent traffic.
  • ⚡ Configure API discovery to ignore specific HTTP methods, reducing noise in generated specs.
  • ⚡ Application-name support across discovery so endpoints are attributed to the right app, with faster API-visibility retrieval.
  • 🐞 Imported Postman collections are now persisted reliably, and optional path lists are handled correctly during discovery.

Runtime Protection

  • 🆕 Dedicated threat feed — Runtime threats are now separated from security findings into their own feed and UI, with new threat-ingestion endpoints.
  • ⚡ Production reliability, memory-safety, and client-identification improvements across the protection engine.

Sensitive Data

  • 🆕 Sensitive-data masking in trace collection — Trace collection can now mask sensitive values, with data-type-based masking applied during processing.
  • ⚡ Improved Sensitive Data page for both traces and endpoints, with Authentication and PII details separated on the endpoint detail page.
  • 🐞 Fixed a persistent PII filter issue in saved views.

Reporting & Compliance

  • 🆕 DOCX report generation — Generate DAST reports in DOCX format for sharing and offline review.

Sensors & Deployment

  • 🆕 Sensor health reporting — eBPF and PCAP sensors now capture health and component details and report them to the Satellite.
  • ⚡ eBPF sensor CPU optimizations and PCAP multitenant traffic support.
  • ⚡ New fallback handling so traffic is captured reliably across PCAP and other sensors.

API Security Testing

  • 🆕 Per-test error-code configuration — Define expected error codes for security tests to reduce false positives.
  • ⚡ Automatic baseline retry when authentication expires mid-run, for more reliable test results.

Integrations

  • 🐞 Burp extension now omits default ports (80 for HTTP, 443 for HTTPS) from the Host header, per RFC 7230.

Platform, Administration & Access

  • 🆕 End-to-end audit logging — A rebuilt audit log that resolves entity IDs to readable names, tracks user activities, captures before/after state on changes, and supports querying by organization.
  • POC workspace limits — Proof-of-concept workspaces are now capped at five applications via tier tagging, with a clear in-app banner.
  • ⚡ Standardized service-to-service communication and environment-scoped requests for more consistent, isolated multi-environment behavior, with improved connection stability at scale.
  • ⚡ Faster endpoint and application loading, database-level pagination, and page numbers retained when switching environments.
  • ⚡ Skeleton loaders, category titles in navigation, clearer severity colors, and assorted dashboard UI/UX fixes.
  • 🐞 Fixed a caching issue when switching organizations and a more intuitive wrong-password sign-in experience.