Changelog

What we shipped, when.

Every release. Newest first. RSS coming soon.

May 17, 2026

Block C: EDR Moat

Enterprise detection and response — the layer that makes Cisora defensible.

Security

MCP Server Inspection

Proxy and govern Model Context Protocol tool calls. Every MCP server call is inspected, policy-checked, and logged before execution.

Security

Scoped Credential Vault

JIT tokens per tool, AES-256-GCM encrypted at rest, single-use. Credentials expire immediately after the tool call completes.

Feature

Computer-Use Recording

Forensic timeline of agent screenshots and actions. Full frame-by-frame audit trail for computer-use agents with tamper-evident hashing.

Infrastructure

SIEM Export

Splunk, Datadog, Elastic, Sumo Logic, and generic webhook with HMAC signing. Push every event to your existing security stack.

Security

Memory Guard

RAG and vector DB poisoning detection with ML scanning. Detects adversarial embeddings before they influence agent behavior.

Feature

Red Team Eval Suite

41-prompt adversarial corpus, regression tracking, CI/CD integration. Run evals on every deploy — know immediately if a model change breaks your defenses.

May 16, 2026

Block B: Enterprise Infrastructure

The plumbing that gets you into a Fortune 500 security review.

Infrastructure

WorkOS SAML SSO + SCIM

Okta, Azure AD, Google Workspace, and OneLogin. Full SCIM provisioning so your IT team controls access from their IdP.

Infrastructure

Invoice Billing

NET-30/60 payment terms, ACH/bank transfer, PO numbers. The procurement-friendly payment flow that enterprise finance requires.

Compliance

Trust & Legal

DPA, MSA, and BAA templates ready to execute. Sub-processor list published at /trust. Designed for SOC 2 and GDPR compliance reviews.

May 15, 2026

Block A: The Real Circuit Breaker

Inline enforcement — not just logging after the fact.

Feature

Inline LLM Gateway

Streaming proxy for Anthropic and OpenAI with sub-50ms overhead. Sits in the critical path with fail-open semantics so your agents never go down because of us.

Security

Trained Injection Detector

DeBERTa ML model plus 30 regex patterns, with async retroactive blocking. Catches prompt injection that simple pattern matching misses.

Security

Output DLP

14 built-in patterns covering PII and secrets. Alert, redact, or block modes per pattern — tunable per agent and per environment.

Security

Real-time Blocking

Policy engine runs before the upstream model call. Enforced at the gateway layer — not a webhook that fires after the damage is done.

Feature

Auto-instrumentation

One-line setup for LlamaIndex, AutoGen, CrewAI, OpenAI Agents SDK, Mastra, and Pydantic AI. Drop-in support for the frameworks your team already uses.

Earlier releases

v0.2.02026-05-16
Platform
  • Team invitations with role-based access control (owner / admin / member)
  • TOTP-based two-factor authentication on every account
  • Per-agent and per-API-key rate limiting with burst allowance
  • Audit log retention policy with 7 / 30 / 90 / 365-day tiers
Billing
  • Stripe Checkout + customer portal integration for self-service upgrades
  • Usage-based metering on actions and agents with monthly soft limits
  • In-app upgrade banner when trial expires or limits are exceeded
Dashboard
  • Loading skeletons across every dashboard page
  • 7-day sparklines on every stat card with 30-second auto-refresh
  • Mobile-responsive layout with a fixed bottom tab bar on phones
  • Improved empty states with quickstart CTAs on every list page
SDK
  • New framework guides for TypeScript, Python, LangChain, OpenAI, Anthropic, and AWS Bedrock
v0.1.02026-05-15
Platform
  • Public launch — Cisora.io live on AWS ECS Fargate
  • Agent inventory with first-seen / last-seen, type detection, risk scoring
  • Real-time action stream with allow / block / review decisions
  • Trace explorer for distributed agent runs (session_id + trace_id)
Security
  • OWASP LLM Top 10 anomaly detection engine, runs every 5 minutes
  • NHI / credential scanning — fingerprints every key, token, and machine identity
  • Inline policy engine with 11 operators and dot-walking — <5ms enforcement
SDK
  • TypeScript SDK with fail-open semantics, async batching, OpenAI/Anthropic wrappers
  • Python SDK with sync + async parity, LangChain callback handler
Compliance
  • Compliance report generator for SOC 2, ISO/IEC 42001, EU AI Act, NIST AI RMF
  • Public security & privacy pages
Dashboard
  • Initial dashboard with stat cards, recent actions, open incidents
  • API key management with bcrypt-hashed storage and prefix indexing
  • Marketing site: homepage, docs, pricing, compliance frameworks

Want updates when we ship?

Follow our changelog or email contact@cisora.io to be added to the launch list.

Try Cisora →