Changelog

What's new in SecureOS

Follow our progress as we build the security layer for vibe-coded apps.

v1.0.0MajorJune 3, 2026

Meet Levin — one AI security engineer replaces the dashboard

NewLevin is now the product. After login you land in Levin — one autonomous AI security engineer you talk to in plain language ('scan my-repo', 'am I SOC2 ready', 'secure my app'). The old multi-page agent dashboard is gone; Levin does it all.
NewSecurity company model — Levin works like a CISO directing departments (AppSec, Red Team, Incident Response, Threat Intel, GRC), each commanding real scanners. You watch the org work an engagement, live.
NewScoped intent — a narrow command does exactly that ('scan' runs the scanner, nothing more); broad goals ('secure my app') mobilize the whole team. No more wrong-tool surprises.
NewContext-aware triage — Levin profiles what your repo IS before scanning, then judges each finding in that context, so false positives are filtered before you see them.
NewFindings as cards — severity cards open a side panel with the CVE/CWE, vulnerable code, the fix, and why it matters for your repo. Documents (privacy policy, ToS) come back as downloadable artifacts; compliance as a control matrix.
NewExpanded coverage — IaC (Checkov), containers (hadolint/Trivy), AI/LLM-security, supply-chain (typosquats, SBOM), mobile, live cloud posture, and gated offensive tools (nmap/nuclei) for assets you own.
NewProactive & autonomous — scheduled scans, per-repo memory ('what changed since last scan?'), a false-positive learning loop, and opt-in autonomous remediation bounded by your policy.
NewKnowledge base — cross-engagement correlation: 'we've seen this SSRF 47 times', systemic-issue rollups, and posture trend over time.
NewTrust layer — every step shows its reasoning, you can stop or steer Levin mid-task, and an internal immune system defends Levin's own agents from malicious inputs.
ImprovedNative settings inside Levin — billing, API keys, alerts, integrations, cloud accounts, and autonomy, no redirects.
v0.4.0MajorMay 21, 2026

Phantom agent + Cipher + Sentinel AI/BOLA rules + Founding Member

NewPhantom agent — AI attack simulator. Runs 4-phase attack simulation (Recon, Initial Access, Exploitation, Impact) and generates risk score 0-10 with full attack chain breakdown. Pro plan.
NewCipher agent — cryptographic audit tool. Inspects all encryption, hashing, and key management decisions in your codebase. Pro plan.
NewForge agent (Launcher) — pre-launch security audit with 50+ checks across secrets rotation, auth hardening, HTTPS enforcement, database security, monitoring, and dependencies.
NewPR Review bot — secureos-bot now posts findings as inline comments on pull requests. Founding Members (first 20 users) get PR Review free forever.
NewSentinel: BOLA/IDOR detection — flags missing ownership checks, sequential ID exposure, admin endpoints without auth checks.
NewSentinel: AI-specific vulnerability rules — prompt injection sinks, hallucinated security comments, destructive ops without confirmation, unvalidated tool call params, slopsquatting package detection.
NewSentinel: Rate limiting detection — flags endpoints missing rate limiting middleware.
NewSentinel: JWT localStorage storage detection — flags auth tokens stored in localStorage.
NewScan results: category filter tabs — filter findings by Access Control, AI Security, Injection, Secrets, and more.
NewFeedback button — fixed bottom-left pill with Bug/Suggestion tabs. Submissions saved to database and emailed to the team.
NewPlan usage page — see current plan, repos used, scans this month, and founding member status.
NewGitHub App prompt — settings page now surfaces GitHub App installation for PR review.
ImprovedFounding Member badge — first 20 users get a permanent badge and free PR Review on all plans.
ImprovedFree plan now allows up to 4 connected repositories (up from 1).
ImprovedPage transitions and repo connect flow improvements.
v1.3.0MajorMay 20, 2026

Launcher agent + Slack alerts + GitHub App bot

NewLauncher agent — pre-launch security audit with 40+ checks across secrets, auth, HTTPS, database, monitoring, and dependencies. Pro plan.
Newsecureos-bot now posts PR comments instead of the user's personal GitHub account
NewSlack alerts for Pro/Team users — connect a webhook in Settings to get critical findings in Slack
NewTwitter/X share button on Spot the Bug results
NewPostHog analytics — privacy-first, only identifies logged-in users
NewIaC scanner — Sentinel now checks Dockerfile, docker-compose, nginx.conf, and Kubernetes YAML for misconfigs
NewDocs page at /docs with full agent reference and security checks table
ImprovedSettings page with Slack integration and plan status
v0.3.0MajorMay 20, 2026

PR Review + Apply suggested fix

NewPR Review — SecureOS now automatically scans pull requests and posts findings as GitHub comments
NewApply suggested fix — one click commits security fixes directly to your GitHub repo
NewMark as false positive — dismiss findings that don't apply to your codebase
NewFinding detail pages with CWE IDs, confidence scores, and likely attacker profiles
NewLifecycle tracking — see which commit introduced each vulnerability
ImprovedFinding cards now show vulnerable code diff with red/green highlighting
ImprovedOracle agent now explains why each finding is dangerous in plain language
v0.2.0MajorMay 19, 2026

Scout + Auditor + Playground

NewPlayground — scan any public GitHub repo without signing up
NewScout agent — AI threat modeler powered by Llama 3, maps attack surfaces before you write code
NewAuditor agent — dependency vulnerability scanner using OSV.dev, checks for known CVEs
NewEmail alerts — get notified instantly when critical vulnerabilities are found
NewPer-repo dashboard with agent status, scan history, and security score
NewSecurity Score — 0-100 score based on findings across all connected repos
ImprovedWebhook auto-scan — push to GitHub → SecureOS scans automatically
ImprovedSidebar with collapsible agents list and keyboard shortcuts
v0.1.0LaunchMay 19, 2026

Initial Launch

NewSentinel agent — 38 security checks covering injection, secrets, auth, crypto, and more
NewGitHub OAuth login — connect your GitHub account in one click
NewRepository connection with automatic webhook installation
NewManual and automatic scanning on every git push
NewScan results with expandable finding cards showing fix suggestions
NewStatic fix suggestions for all 38 security patterns
NewRailway backend + Vercel frontend + Supabase database
Stay updated
Connect your GitHub to get notified about new features and security improvements.
Connect GitHub — it's free