Release Notes — January 2026

January 31, 2026

Product & Engineering

Release period: January 1 – January 31, 2026

January was a big month for AI security. We shipped Vigil, our AI-native firewall for AI apps and MCP servers, launched our new web application scanning (DAST) and external attack surface management capabilities, and made AI guardrails and AI discovery work end to end — alongside dozens of improvements to findings, sensitive data, reporting, and the dashboard.

Highlights

Vigil — AI-native firewall — New runtime protection purpose-built for AI applications and MCP servers, with upstream route configuration and live policy enforcement.
AI Guardrails, end to end — Guardrail violations now generate real-time alerts, backed by both ML-based and regex-based scanners for request and response content.
Web Application Scanning (DAST) — First release of our DAST engine (ShadowNet), including AI-driven and hybrid crawling and a crawl-only mode.
External Attack Surface Management (EASM) — New product to discover and scan your internet-facing API attack surface.
AI discovery in your traffic — Levo now tags and classifies AI, API, and MCP traffic, including AI PII, so you can see what your AI apps are exposing.
Findings export & faster dashboard — Export findings to CSV and PDF, server-side sorting on the Findings screen, and broad UI performance improvements.

What's new at a glance. A map of where January's new capabilities fit across the Levo API & AI security platform.

January 2026 — What's new

Legend for the bullets below: 🆕 new · ⚡ enhancement · 🐞 fix

AI Security

🆕 Vigil — AI-native firewall — A new firewall built for AI apps and MCP servers, with upstream route configuration and runtime enforcement.
🆕 AI Gateway & firewall configuration — Configure your AI Gateway and firewall policies directly, including a forward-proxy mode and the ability to forward AI traces to a remote endpoint.
🆕 Guardrails with ML and regex scanning — AI Guardrails now scan both requests and responses using ML-based and regex-based detectors.
🆕 Guardrail violation alerting — End-to-end alerting fires when a guardrail is violated, surfaced in a new AI Guardrails alert screen in the dashboard.
🆕 MCP server scanning — New tooling to scan MCP servers for security issues, with discovered findings published back to the platform.
⚡ ML models for AI security can now be deployed with persistent storage for faster, more reliable startup.

AI Discovery

🆕 AI traffic classification — Traffic is now tagged by module type (API, AI, MCP) so AI activity is identified and cataloged automatically.
🆕 AI PII discovery — Levo now detects and surfaces personally identifiable information flowing through your AI applications.
⚡ New observability receivers for Portkey AI Gateway, LiteLLM, and Agent Gateway broaden the AI sources Levo can ingest.

Web Application Scanning (DAST)

🆕 DAST module (ShadowNet) — First release of Levo's web application scanning engine.
🆕 AI-driven and hybrid crawling — New crawler support including a crawl-only mode for mapping an application before scanning.
⚡ Scan results now include a findings summary and clearer scan logs.
⚡ Web app scan details can now ignore unknown items to reduce noise.

External Attack Surface Management

🆕 EASM product — A new capability to discover and scan your external, internet-facing API attack surface, with multiple scanner improvements in this first release.

API Security Testing

🆕 Local File Inclusion (LFI) test — New test category to detect local file inclusion vulnerabilities.
🆕 Input Validation test category — New test category covering input validation weaknesses.
⚡ Filter test runs by the user who started them.
🐞 Authenticator logs now appear correctly in the UI, and unauthenticated endpoints now use the target URL from the manifest.

Vulnerabilities & Findings

🆕 Export findings to CSV and PDF — Export your findings for sharing and offline review.
⚡ Server-side sorting on the Findings screen for faster, more consistent results.
⚡ Vulnerability alignment in test runs and an improved diff view in the test-case log page.
🐞 Findings are now created even when the originating endpoint is no longer present.

Sensitive Data

🆕 AI prompt sensitive-data view — New screen to review sensitive data detected in AI prompts.
⚡ More filters and saved views in the sensitive data tab.
⚡ PII masking applied to trace collection shown on the dashboard.
🐞 Corrected PII endpoint filter behavior, including the "does not contain PII" and null-value cases.

Runtime Protection

🆕 Threat feed and prompt sensitive-data permissions added for runtime protection.
⚡ Protection configuration moved into a dedicated API & Web App Protection Rules section for easier management.

Sensors & Deployment

🆕 Java agent diagnostics script and Java 8 compatibility.
⚡ Traffic capture improvements — New trace collection strategy with support for masked traces.
⚡ PCAP sensor now parses form-urlencoded bodies wrapped in data URIs (RFC 2397).
🐞 PCAP sensor now handles self-signed certificates correctly.

Integrations

🆕 QRadar integration — Added to the integrations catalog for SIEM forwarding.
⚡ Refreshed integrations page with new connectors and clearer "new" indicators.
⚡ Documentation added for the Chrome extension, IDE plugin, and Jenkins.
🐞 Fixed Azure AD SSO user attribute mapping.

Reporting & Compliance

🆕 Export findings to CSV / PDF — Generate findings reports in CSV and PDF formats from the dashboard.

MCP Server

🆕 Dedicated MCP Server section — Levo's MCP Server now has its own navigation and page in the dashboard.

Platform, Administration & Access

🆕 Audit logs — End-to-end audit logging across the platform, with a dedicated UI, permissions, and broad endpoint coverage.
🆕 Keycloak authentication — Added Keycloak as a supported authentication provider.
🆕 Licensing visibility — Organizations now show their license expiry date, with new org licensing storage and retrieval.
⚡ Admin portal enhancements — Time-based sorting of organizations, multi-org workspace lookups, and clean organization deletion.
⚡ Dedicated pages for Satellites, Sensors, and Test runs, an auto-expandable menu, and grouped settings navigation.
⚡ Consistent application display names across all pages and clearer status-code and HTTP filtering.
⚡ Dashboard performance improvements across multiple screens.
🐞 Several dark mode fixes, including hard-refresh, test plans, and the org-selection screen.

Highlights​

AI Security​

AI Discovery​

Web Application Scanning (DAST)​

External Attack Surface Management​

API Security Testing​

Vulnerabilities & Findings​

Sensitive Data​

Runtime Protection​

Sensors & Deployment​

Integrations​

Reporting & Compliance​

MCP Server​

Platform, Administration & Access​