The issues table now includes a comment status filter, so you can instantly cut through a long list and see only the issues that have - or haven't - been commented on.

You can already see at a glance which issues have comments via the icon in the table - but when you're working through a large set of issues, spotting what still needs attention isn't always easy. This filter lets you jump straight to the undocumented items, so nothing gets missed.

Scan reports can now include the full raw scanner output as an additional column in the CSV export. This gives technical teams direct access to the underlying data produced by each scan, without needing to use the API or extract it manually.

Until now, the raw scanner output wasn't exportable without using the API. This change makes that data available directly from the report download, in a format that's immediately usable without additional workarounds.

You can now create and update scheduled scans directly through the public API, bringing scan scheduling in line with the rest of your automated workflows.

- Use the new endpoint to retrieve your existing schedules or create new ones.

- Use to fetch or modify a specific schedule.

For teams running automated security workflows, managing scan schedules through the portal creates an unnecessary manual step. These endpoints mean you can build, adjust, and maintain your scan schedules entirely through the API - keeping your setup consistent, repeatable, and fully under version control.

See the updated API Documentation here

Your GregAI conversations are now automatically saved, so you can pick up exactly where you left off at any time. Whether you switch context, navigate elsewhere in the portal, or come back the next day, your chat history is waiting for you.

Security investigations rarely happen in one sitting, and useful insights shouldn't disappear the moment you navigate away. With persistent history, GregAI becomes a genuine part of your ongoing workflow rather than a one-off tool - so the context you build up over time stays with you.

You can now view Cyber Hygiene Scores at the tag level, giving you more granular insight into your security posture across different parts of your estate.

Previously, Cyber Hygiene Scores were only available at the overall account level, making it difficult for larger teams to understand performance across different parts of their estate.

With tag-level visibility, you can now track progress more meaningfully, hold teams accountable, and demonstrate improvements with greater clarity.

This update makes Cyber Hygiene Scores more actionable for both enterprise teams managing complex environments and smaller teams focusing on specific systems.

The scan details page now gives you a clear, stage-by-stage view of exactly what your scan is doing as it runs. You get a live breakdown of each phase from preflight through to final report, with real-time updates as your scan moves forward.

- A step-by-step view of the full scan lifecycle, so you always know exactly where your scan is up to:

- The milestone view also surfaces when the scan started and how long it has been running, giving you the full picture at a glance.

Long-running scans can be hard to keep tabs on, especially when you need to report back to a team or flag something to support. With milestone-based progress, you always have a clear answer to "where is this scan up to?" - which means less uncertainty during complex assessments and faster diagnosis if something needs attention.

You can now customize your Slack and Microsoft Teams notifications, giving you full control over which alerts are sent and when. This helps your team stay focused on what actually needs attention while reducing unnecessary noise.

Previously, Slack and Teams integrations sent every notification by default, which could overwhelm channels with low-signal updates.

With custom notification settings, you can tailor alerts to your team’s needs, keeping communication channels clean, relevant, and actionable.

You can now snooze multiple occurrences of the same issue in one action, making it much faster to manage high-volume findings without losing visibility of future risks.

Only the occurrences you select will be snoozed. Any new occurrences for the same issue will continue to appear, ensuring you don’t miss emerging risks.

You can now permanently exclude apex domains from your subdomain detection results helping you remove irrelevant or unwanted domains from your workflow.

If you’ve added any subdomains as targets, they will remain in your targets list even if you permanently exclude the apex domain. Only future discovery of subdomains beneath that apex stops - nothing you’ve previously added as a target will be removed.

You can exclude discovered subdomains using the bulk-select and Exclude actions. Doing so will clear those subdomains but the apex domain will remain active and any newly discovered subdomains identified in future will continue to appear.

Find out more about subdomain discovery clicking

here

.

You can now collaborate directly inside Intruder by adding comments to individual occurrences, helping your team share context and stay aligned throughout the remediation process.

Comment directly on occurrences - Capture reasoning, investigation notes, remediation details, and updates without leaving the platform.

Built-in collaboration space - All team members can view and contribute to shared comments, reducing duplicated work and improving handovers.

Activity feed for visibility - Every comment includes timestamps and author information, creating a clear audit trail of decisions and progress.

One source of truth - Keep all context and discussion tied to the specific issue, right inside Intruder, rather than scattered across external tools.