Skip to main content

Release Notes — Q4 2025

Levo Team
Levo Team
Product & Engineering

Release period: October 1 – December 31, 2025

This release brings a refreshed dashboard experience, a completely rebuilt notification system, and the first wave of web application scanning and AI security capabilities. We also expanded API discovery, security testing, and administrative controls to make Levo easier to operate at enterprise scale.

Highlights

  • New Light/Dark theme across the entire dashboard, with smoother loading states and a polished interface.
  • Unified notifications — all alerts now flow through a single, more readable notification service, with richer Slack notifications and scheduled-report digests.
  • Web Application Scanning (early access) — a new dynamic scanning capability to test deployed web apps, available alongside API security testing.
  • AI visibility foundation — Levo now discovers and catalogs AI Models, AI Agents, and MCP servers and tools, with dedicated dashboard views and permissions.
  • Stronger vulnerability governance — mandatory closure comments, single-finding export with reproducible commands, and severity context on every alert.

What's new at a glance. This map shows where this quarter's additions fit across the Levo platform: from traffic capture, through Discover → Test & Scan → Detect/Alert/Report, to the dashboard and your downstream tools. New or expanded areas are marked NEW.

Q4 2025 — What's new

Legend for the bullets below: 🆕 new · ⚡ enhancement · 🐞 fix

API Discovery & Cataloging

  • 🆕 Postman collection import — bring API definitions into Levo directly from Postman collections, including adding endpoints to existing applications and converting collections to OpenAPI. Large collections (up to 50 MB) are supported.
  • 🆕 Source type visibility — endpoints now show where they were observed from, so you can distinguish traffic-discovered, imported, and other sources at a glance.
  • 🆕 Diversity-based clustering — an improved discovery option that produces cleaner, more representative API catalogs.
  • ⚡ Larger OpenAPI specifications (over 4 MB) can now be uploaded and exported reliably.
  • ⚡ Application and endpoint catalogs now always reflect the latest observed traffic on refresh.
  • ⚡ Added a default saved filter to hide noisy OPTIONS and HEAD endpoints, plus filtering by query or path parameters.
  • ⚡ Bulk tag updates are now supported when application or method details change.
  • ⚡ OpenAPI specifications can be cleaned automatically to remove invalid parameters.

API Security Testing

  • 🆕 Mass Assignment test category — added to Levo's security test suite to catch a common and high-impact API vulnerability class.
  • 🆕 Multi-user testing — run security tests across multiple user identities to validate authorization behavior.
  • 🆕 Test plan hooks — inject parameters and authenticated calls into test plans for more accurate, real-world test execution.
  • 🆕 Remote test runs from the CLI — launch a test run remotely, with Jenkins integration support.
  • ⚡ Test runs now clearly indicate their trigger method (on-premises vs. cloud) and link back to the schedule that started them.
  • ⚡ Introduced test runner groups for organizing and targeting runners.
  • ⚡ Custom schedules can now be created for tracers and scheduled test runs, with the ability to enable or disable individual schedules.
  • ⚡ Added the ability to run tests directly from selected traces, including replaying traces to a hosted target.
  • ⚡ Reports can now show or download skipped-endpoint details for a test run.

Web Application Scanning (Early Access)

  • 🆕 Web App Scan — a new dynamic application scanning capability (powered by Levo's ShadowNet engine) to test running web applications, with GraphQL support, domain exclusions, and scan logging.
  • ⚡ Web App Scan now supports multitenant satellite deployments and reports scan status and logs back to the dashboard.

AI Security (Foundation)

  • 🆕 AI asset discovery — Levo now discovers and catalogs AI Models and AI Agents, with create/read/update/delete management and dedicated dashboard visibility.
  • 🆕 MCP server and tool cataloging — import, index, and manage MCP (Model Context Protocol) servers and tools, with environment-aware imports.
  • 🆕 AI permissions and roles — a new AI section in the navigation with dedicated access controls.
  • ⚡ Added a new API type to capture and classify AI spans in discovery.

Vulnerabilities & Findings

  • 🆕 Single-vulnerability export with reproducible commands — export an individual finding along with the commands needed to reproduce it.
  • 🆕 Bulk actions on the vulnerabilities pages for faster triage.
  • 🆕 Mandatory closure comments — closing a vulnerability manually now requires a comment (minimum 80 characters) to preserve an audit trail.
  • ⚡ Added more filter conditions, including by endpoint method, on the vulnerabilities screen.
  • ⚡ Export endpoints and vulnerabilities to PDF and CSV, with filters.
  • 🐞 Resolved an issue where deleting a single finding removed all findings.
  • 🐞 Fixed missing Jira ticket URLs in findings after ticket creation.

Sensitive Data

  • 🆕 Category-level sensitive data export — export sensitive data for selected categories, and generate per-application PII reports in PDF or CSV.
  • 🆕 Application-level data exposure view — see the top users with data at the application level.
  • 🐞 Corrected duplicate endpoint entries that appeared for each sensitive data type in the endpoint list.
  • 🐞 Fixed endpoint counts that changed between pages in the sensitive data views.

Reporting & Notifications

  • 🆕 Unified notification service — all notifications were consolidated into a single service for consistency and reliability.
  • 🆕 Digest reports — added scheduled digest report building and delivery, including API changelog digests.
  • 🆕 Endpoints/Vulnerabilities PDF export with copilot comments.
  • ⚡ Vulnerability and changelog notifications are now more readable and include severity and direct links to the affected item.
  • ⚡ Slack notifications were improved, including authenticated/external status on endpoint alerts.
  • ⚡ Digest report timestamps now include the time of generation.

Sensors & Deployment

  • Broader traffic capture — the eBPF sensor now supports capturing GnuTLS-based API traffic.
  • ⚡ Sensor status now reflects recent activity windows (last 10 minutes / 24 hours / last activity) for clearer health visibility.
  • ⚡ Improved reliability of sensor and satellite metrics reporting, and ordering of sensors and satellites in the Deployments view.

Integrations

  • 🆕 Azure AD SSO support — sign in with Azure Active Directory.
  • 🆕 Checkmarx integration improvements — auto-refresh for Checkmarx apps, scheduling fixes, and UI improvements.
  • ⚡ Descope SSO configuration errors are now handled gracefully with improved error logging.

Platform, Administration & Access

  • 🆕 Light/Dark theme switch across the dashboard.
  • 🆕 Organization ownership controls — transfer or change the organization owner, and delete an organization completely from the admin portal.
  • 🆕 Role enable/disable controls at the organization level.
  • ⚡ Completed the end-to-end user onboarding flow for adding users to an organization, with case-insensitive email handling.
  • ⚡ Added the ability to verify unverified users from the admin portal.
  • ⚡ Applications can now be marked as external or internal.
  • ⚡ Added skeleton loaders and refined styling for a smoother dashboard experience.
  • 🐞 Resolved an issue that prevented deleting invited users.
  • 🐞 Fixed user authenticator credential inputs to trim stray whitespace from keys and values.