Skip to main content

Release Notes — March 2026

Levo Team
Levo Team
Product & Engineering

Release period: 2026-03-01 → 2026-03-31

March is a big month for web application scanning: our DAST engine matures with smarter crawling, scheduled and on-demand scans, AI/LLM-driven authentication, and a large round of false-positive reduction. We also unified AI Gateway policies with live guardrail enforcement, moved reporting to a faster async pipeline with a new application comparison report, and added configurable session management, sensor health notifications, and grouped threats.

Highlights

  • DAST matures — Web application scans gain smart crawl depth, scheduled and re-runnable scans, deployable on-prem runners, OpenAPI spec parsing, and broad coverage of missing vulnerability categories — with a major false-positive cleanup across active and passive scanners.
  • Unified AI Gateway policies — A consolidated, gateway-level policy architecture with hot-reloaded policies from SaaS, a forward-proxy AI traffic governance pipeline, and live guardrail scanners now enabled in the AI Firewall.
  • Faster reporting with application comparison — Reports moved to an async pipeline for reliability at scale, plus a new application comparison report you can run and view in the dashboard.
  • Configurable session management — Set inactivity and absolute session timeouts, with a clear banner explaining why a session ended.
  • Sensor health notifications — Get notified when a sensor goes inactive, with configuration support so you know your traffic capture is healthy.
  • Grouped threats and richer findings — Threats are now grouped for easier triage, with evidence surfaced in the Threat Feed, severity sorting, more filters, and saved views across findings and scans.

What's new at a glance. A one-page map of where March's additions land across the Levo API and AI security platform.

March 2026 — What's new

Legend for the bullets below: 🆕 new · ⚡ enhancement · 🐞 fix

API Discovery & Cataloging

  • 🆕 Configurable ignored HTTP methods — API discovery can be configured to skip specific HTTP methods, keeping catalogs focused on the traffic that matters.
  • ⚡ Endpoint exports now include the created date and last-trace-received date, and you can sort endpoints by when their last trace arrived.
  • ⚡ Header parameters such as Content-Type and Accept are now parsed and populated automatically, and endpoint parameters are returned sorted by required status and name.
  • ⚡ A new "Recently Discovered" filter at the application level, and a tooltip on Owned Domains in the API Discovery configuration.
  • 🐞 Fixed request-parameter wrapping in API specifications and corrected masked-parameter handling in captured request paths.

API Security Testing

  • ⚡ More reliable parameter handling — user-set parameter values are no longer overwritten by newly derived values, and custom values are preserved in raw parameters.
  • ⚡ Live UI log streaming per test suite for better visibility into running tests, and quieter CLI output in non-interactive mode.
  • 🐞 Corrected test-run counts so they match between Insights and the API Scans page, and fixed author selection to use organization users.

Web Application Scanning (DAST)

  • 🆕 Scheduled and re-runnable web app scans — Schedule web app scans to run automatically, re-run a previous scan, and trigger scans from CI/CD with a new DAST scan action.
  • 🆕 Smart scan depth and crawl-only mode — Scans default to a "smart" depth mode, with a crawl-only option for discovery and configurable scan depth per scan.
  • 🆕 AI/LLM-driven authentication — Provide cookies, local storage keys, and headers for authenticated scans, including AI-assisted login that handles SPA re-login and CAPTCHA flows.
  • 🆕 OpenAPI spec parsing and broader coverage — The scanner parses OpenAPI specs and adds support for the remaining DAST vulnerability categories, plus soft-404 detection, tech-stack detection, and stored-XSS detection.
  • 🆕 Deployable on-prem scan runners — Run web app scans from deployable runners with scheduled, org-isolated execution for on-prem deployments.
  • ⚡ A redesigned create-scan flow, a search bar for URLs and endpoints in the scan details view, HTTP-method support and filtering, live crawl metrics, persistent filters, saved filter state, and the ability to switch off DAST scanning selectively.
  • ⚡ Endpoint URL is now captured on DAST findings and vulnerabilities, with a finding "Kind" filter (Web App Scans / Traffic / All).
  • 🐞 Large false-positive reduction across active and passive scanners — including auth-bypass, JWT, GraphQL introspection, and JSON-reflected XSS — plus more reliable crawling, static-asset filtering, soft-404 handling, scan cancellation, and a CLI startup fix.

AI Security

  • 🆕 Unified AI Gateway policy architecture — A consolidated, gateway-level policy framework with a single policy engine, policy versioning, and policies hot-reloaded from SaaS so changes take effect without redeploying.
  • 🆕 Forward-proxy AI traffic governance — A new forward-proxy mode runs AI traffic through a multi-stage governance pipeline for inline inspection.
  • 🆕 Live guardrail scanners in the AI Firewall — Guardrail scanners are now implemented and enabled, with the AI Firewall and AI Gateway pages out of "coming soon."
  • ⚡ The AI Gateway can now send its traffic to the Levo Satellite for full API observability alongside your other APIs, and ships latency benchmarks with inspection optimizations.
  • 🆕 Chrome extension AI Guardrails — The browser extension (now "Levo Live") adds AI Guardrails integration with LLM interception and enforce or observe modes.

AI Discovery

  • AI traffic to the Satellite — The collector adds a Levo AI receiver and AI-proxy span processing, and full LLM request bodies are forwarded so AI agents and MCP entities are discovered accurately.

Vulnerabilities & Findings

  • 🆕 Grouped threats and evidence — Threats are now grouped for easier triage, with evidence returned by the findings API and surfaced in the Threat Feed.
  • 🆕 Bulk tag actions — Apply tag actions to findings in bulk, and sort findings by severity.
  • ⚡ More filters on the Findings and Applications pages, saved filters and views on API Scans, application stats that update as you apply filters, and a stats API for consistent counts.
  • 🐞 Fixed open-vulnerability counts that did not match between Insights and the global level, and corrected bulk actions on the vulnerability pages.

Sensitive Data

  • Inline sample traces for PII — The PII tab now shows inline sample traces with row selection, pagination by type, and a refreshed view that updates as new sensitive data is discovered.

Runtime Protection

  • 🆕 Findings and evidence from protection rules — Protection now creates findings (including for Lua-based rules) with evidence, and deduplicates rate-limit findings to one per key per window.
  • 🆕 Bulk rule exclusions and header-injection rules — Add bulk rule exclusions and custom header-injection rules, with configurable content types and active WAF protection.
  • ⚡ Improved rate-limit rule configuration in the dashboard, and GraphQL protection handling.
  • 🐞 Blocking is now disabled by default for safer rollout, with smarter routing of rule overrides and hardened Kubernetes deployment.

Sensors & Deployment

  • 🆕 Sensor health notifications — Get notified when a sensor becomes inactive, with configuration support so you always know your traffic capture is healthy.
  • ⚡ The Java agent now logs to file with additional diagnostics for easier troubleshooting.
  • 🐞 Sensor Helm chart fixes addressing a customer-reported deployment issue.

Integrations

  • 🆕 CI/CD DAST scan action — A new action to run web app scans directly from your CI/CD pipeline.
  • ⚡ Auth0 tokens are now routed correctly by subject claim, and SSO-only users no longer hit a 401 on password reset.

Reporting & Compliance

  • 🆕 Application comparison report — A new report that compares applications side by side, available to run and view in the dashboard.
  • 🆕 Async reporting pipeline — Existing reports were migrated to an async architecture for reliability at scale, with additional report types added and a new Reports page in the UI.
  • ⚡ Reports support multiple CSV previews, and DAST scan report findings now include a solution field and detected AI endpoints.
  • 🐞 Fixed PDF rendering in generated reports.

MCP Server

  • ⚡ Reliability improvements to the MCP Server deployment.

Platform, Administration & Access

  • 🆕 Configurable session management — Set inactivity and absolute session timeouts, with sensible defaults and a banner that explains why a session ended after inactivity or expiry.
  • 🆕 Default "staging" environment — New organizations are created with a default "staging" environment so you can start capturing traffic immediately.
  • 🆕 Redesigned admin portal login — A modernized admin portal sign-in, with consolidated frontend and backend deployment.
  • ⚡ Sidebar UX improvements (peek, pin, and toggle), clicking the Levo logo returns you home, an announcements unread count, and organization list sorting with consolidated copy buttons.
  • 🐞 Cross-organization data leakage on org switch is fixed by clearing cached state, pagination and filter state now persist correctly across navigation, dark-mode rendering issues were resolved, and several login and auto-logout bugs were fixed.