You can now collaborate directly inside Intruder by adding comments to individual occurrences, helping your team share context and stay aligned throughout the remediation process.

Comment directly on occurrences - Capture reasoning, investigation notes, remediation details, and updates without leaving the platform.

Built-in collaboration space - All team members can view and contribute to shared comments, reducing duplicated work and improving handovers.

Activity feed for visibility - Every comment includes timestamps and author information, creating a clear audit trail of decisions and progress.

One source of truth - Keep all context and discussion tied to the specific issue, right inside Intruder, rather than scattered across external tools.

You can now export Emerging Threat Scan results directly from Intruder, making it easier to report on emerging threats and track remediation progress.

📄 Download ETS results as CSV – Export all checks in a single click, ready to share with engineering teams, leadership, or auditors.

🎯 Filter-aware exports – Your CSV respects the filters you apply, so you only download the checks that match your selected criteria.

🧩 All key fields included – Each export contains check name, scanning engine, CVSS rating, CVE, timestamps, duration and result to support both operational reviews and executive reporting.

We’ve upgraded our subdomain discovery engine to give enterprise customers far broader and more accurate visibility of their attack surface.

This enhancement ensures you see everything attackers might be able to find. By expanding our data sources and using DomainTools passive DNS database Intruder delivers industry-leading visibility.

Enterprise customers can immediately benefit from deeper discovery, stronger assurance, and improved threat detection across their entire external perimeter.

Head over to the subdomain discovery page to see newly identified subdomains.

We’ve upgraded our Slack and Teams integrations to give you clearer, more actionable updates when a remediation scan completes.

🔍 Clear remediation outcomes – Notifications now tell you whether a remediation scan passed, was partly remediated, or failed, so you know immediately how much progress has been made.

📉 Occurrence-level detail – Each message shows how many occurrences were fixed out of the total, giving teams instant visibility into what still needs attention.

🔗 Quick access to full results – Every notification includes a deep link back to the Intruder portal so you can jump straight to the scan details if needed.

💬 Consistent across channels – Slack and Teams now show the same level of detail as email and in-portal notifications, ensuring a unified experience regardless of how your team works.

This improvement removes the guesswork from remediation workflows, reduces unnecessary portal visits, and strengthens the usefulness of our integrations for engineering and security teams.

Haven't integrated Slack or Teams yet? Simply visit the Integrations page to find out more.

We’ve updated how CVSS scores are displayed so you can now see exactly which version has been used, right where you need it.

We’ve added the CVSS version number next to each score directly in the issues panel. CVSS scores now display with their version (e.g. 9.8 (Critical, v3)) so you can immediately see which scoring standard was applied.

This enhancement makes it easier to:

Most modern vulnerability feeds still rely on CVSSv3.1, which remains the most widely supported and comprehensive version. While CVSSv4 has been released, adoption is limited and still not complete meaning coverage is inconsistent and therefore CVSSv3.1 remains the best choice for accuracy and consistency today.

No configuration is required the CVSS version now appears automatically across all relevant views for every customer.

Previously, when you ran a vulnerability scan that included more targets than you had infrastructure licenses for, Intruder would automatically allocate any surplus application licenses to those extra targets.

This ensured maximum coverage but sometimes caused unexpected license usage. Similarly, when an Emerging Threat Scan (ETS) ran, Intruder would assign both infrastructure and application licenses automatically.

With this update, you now have full control over this behaviour.

You can decide whether surplus application licenses are automatically assigned to infrastructure targets during a scan. This gives you greater transparency, predictable license allocation, and better cost control.

You can now manage automatic license assignment directly in your settings:

We've given your Intruder dashboard a brand new look that makes it easier to monitor your security posture at a glance.

📊 Cleaner data visualization - We've redesigned the interface to put your most important security metrics front and center, so you can assess your exposure in seconds.

⚡ Faster navigation - A streamlined layout means less clicking and scrolling to find what you need, so you can jump straight to the issues that matter most.

📄 Export your data with ease - New export functionality lets you download your dashboard data as PDF or CSV files, making it simple to share reports with stakeholders or keep records for compliance.

Modern applications increasingly rely on OAuth authentication to secure their APIs and web services. Previously, if your applications used OAuth, you had to implement time consuming workarounds to allow Intruder to fully scan your applications.

With this release, we've added OAuth authentication support to our scanning capabilities. This means you can now comprehensively test applications and APIs that require OAuth tokens for access - giving you complete visibility into vulnerabilities across your entire authenticated attack surface.

We've expanded our authentication options to include OAuth 2.0, the industry-standard protocol used by countless modern applications. When setting up a scan, you can now:

To add OAuth authentication to a target, simply:

You'll need your OAuth client credentials and token endpoint URL to get started. Our scanner will handle the rest, automatically managing token generation and renewal throughout the scan.

This feature is available across all plans. To enable DAST scanning of your application you will need an Application License, if you already have one it will be assigned to the target when you configure the OAuth login details - if you don't have one you can purchase one from the billing page, or speak to your Customer Success Manager.

If you have any trouble setting up OAuth, reach out through the support chat.

Managing security across multiple cloud providers has traditionally meant juggling different tools, dashboards, and reports. Security teams often miss critical misconfigurations because they're buried in provider-specific consoles or require specialized knowledge to identify. This fragmented approach leaves gaps in your security coverage and makes it harder to prioritize what needs fixing first.

We've expanded our Cloud Security feature to support all three major cloud providers - AWS, Azure, and Google Cloud - giving you complete visibility into your cloud security posture from a single dashboard.

Our enhanced Cloud Security feature now automatically checks your AWS, Azure, and Google Cloud accounts for security misconfigurations and weaknesses - going beyond just scanning the assets hosted there.

You can now link at the tenant level with the Azure integration so you can quickly discover all associated subscriptions. You no longer need to integrate individual accounts/subscriptions/projects, or rotate multiple secret keys when they expire.

Key improvements include:

If you haven't yet added a cloud integration you can do so by:

If you already have a cloud connector configured you will need to update your permissions to allow Intruder to carry out Cloud Security scans.

We have guides for AWS, Azure, and Google Cloud available in our help center.

As soon as you enable cloud security scans Intruder will automatically kick off continuous cloud security scans (which you will see on your Scans page), and the results will populate in the Issues page (which you can filter to view Cloud results only).

This enhancement is available now for all customers on our Cloud, Pro and Enterprise plans.

Tracking which issues have been sent to Jira and when just got easier. Our enhanced Jira integration now gives you clear, in-app visibility into every Jira push, so you can stay on top of remediation progress without leaving Intruder.

The improved Jira functionality adds in-app visibility and better traceability between Intruder issues and Jira tickets. You can now:

Whenever an issue has been pushed to Jira, you’ll now see a Jira icon beside it. Hovering over the icon reveals when the issue was sent and includes a direct link wich opens corresponding Jira ticket in a new tab.

At the bottom of the issue details, you can now see a full history of all Jira pushes listed in chronological order. This includes cases where the same issue has been pushed multiple times.

These improvements apply across the Current, Fixed, and Snoozed tabs, so you can trace an issue’s full lifecycle regardless of its status.

This update gives teams better visibility and control over their remediation workflow helping you:

No setup is required! these improvements are live for all customers using the Jira integration.

If you haven’t yet connected Jira, you can do so by:

For more information on the Jira integration, visit our help article here.