May 25, 2026
v2.6
Major
6 new agents. Bot comments. Slack. GitLab & Bitbucket.
The biggest single push since launch. Three new intelligence agents, three new infrastructure agents, a proper GitHub App bot, Slack alerts, and multi-platform repo support.
aegis · incident responder · leaked credential
→ Incident type: API Key / Secret Leaked · severity: CRITICAL
! Phase 1: Immediate 3 steps · 0 of 3 completed
○ Phase 2: Investigation 4 steps · locked
○ Phase 3: Prevention 3 steps · locked
Step 1 Revoke the exposed key RIGHT NOW
→ OpenAI API Keys → GitHub PATs → AWS Credentials
Progress: 0 / 10 steps · status: ACTIVE AI summary generated
- Agent Phantom is GA. 4-phase attack simulator (Recon → Initial Access → Exploitation → Impact). Generates a 0–10 risk score and full attack narrative from your real Sentinel findings. Pro plan.
- Agent Nexus is GA. GitHub security posture scanner. Checks branch protection, Actions workflow injection, deploy keys, webhook secrets, collaborator access, and git history for accidentally committed secrets.
- Agent Aegis is GA. Incident Responder. 8 full playbooks covering leaked credentials, data breach, ransomware, account takeover, and more. Step-by-step containment guides with phase tracking and AI-generated summaries.
- Feature secureos-app Bot. PR comments now post from the secureos-app GitHub App instead of your personal account. Looks like a real product. Acts like one too.
- Feature Slack integration. Connect a webhook in Settings and get real-time alerts for critical and high findings routed to your Slack channel. Team plan.
- Feature GitLab & Bitbucket support. Connect repos from GitLab or Bitbucket the same way you connect GitHub. Webhook scanning, MR/PR comments, full agent support across all three platforms.
- Feature Twitter/X share on Spot the Bug. One-click share when you beat a challenge.
- Feature PostHog analytics. Privacy-first, identified users only. We track what we need to fix, nothing else.
May 21, 2026
v0.4.0
Major
Phantom agent + Cipher + Sentinel AI/BOLA rules + Founding Member
The biggest Sentinel update yet — BOLA/IDOR access control detection, AI-specific vulnerability rules, and slopsquatting detection. Plus two new agents: Phantom (AI attack simulator) and Cipher (cryptographic audit). First 20 users get PR Review free forever.
phantom · my-saas-app · attack simulation
→ Phantom running 4-phase simulation...
✓ Phase 1: Recon tech stack: Python/FastAPI/Supabase · 3 exposed endpoints
✓ Phase 2: Initial Access hardcoded secret found · JWT in localStorage
✓ Phase 3: Exploitation BOLA: missing ownership check on /api/repos/{id}
✓ Phase 4: Impact full database read via chained IDOR + injection
Risk Score: 8.4 / 10 · CRITICAL 2 attack chains generated
- Agent Phantom — AI attack simulator. 4-phase simulation (Recon, Initial Access, Exploitation, Impact) with risk scoring 0–10. Pro plan.
- Agent Cipher — Cryptographic audit agent. Inspects all encryption, hashing, key management, and token generation for weaknesses. Pro plan.
- Agent Forge (Launcher) — Pre-launch auditor with 50-point security checklist. Pro plan.
- Rules Sentinel: BOLA/IDOR detection — flags missing ownership checks, sequential ID exposure, admin endpoints without auth.
- Rules Sentinel: AI security rules — prompt injection sinks, hallucinated security comments, destructive ops without confirmation, unvalidated tool call params.
- Rules Sentinel: Slopsquatting detection — catches AI-hallucinated package names in requirements.txt and package.json.
- Rules Sentinel: Rate limiting + JWT localStorage — new patterns for missing rate limits and insecure token storage.
- Feature Scan category filter tabs — filter findings by Access Control, AI Security, Injection, Secrets, and more.
- Feature Feedback button — fixed bottom-left pill with Bug/Suggestion tabs. Submissions saved and emailed to the team.
- Feature Founding Member — first 20 users get a permanent badge and free PR Review on any plan, forever.
- Feature Plan usage page — see current plan, repos used, scans this month, and founding member status.
May 14, 2026
v2.4
Major
Compliance Officer is generally available
Map your codebase against SOC 2, GDPR, HIPAA, and PCI-DSS — automatically. Compliance Officer reads your repos, your data flows, and your existing docs, then tells you exactly which controls you're missing and drafts the policies for the rest.
compliance · my-saas-app · SOC 2 Type I
→ Compliance Officer scanned 847 files, 6 services, 4 third-party integrations
● Encryption in transit covered (via Cloudflare + RDS TLS)
● Access logging covered (structured logs to Datadog)
● Encryption at rest partial (prod yes, staging no)
● Quarterly access review missing (no record found)
● Incident response runbook missing (draft generated · review →)
87% complete · 5 items left · est. 4h to close
- Agent
Compliance Officer is GA. Available on the TEAM plan. Maps SOC 2, GDPR, HIPAA, PCI-DSS controls automatically and drafts missing policy docs.
- Feature
Compliance dashboard. Per-framework progress bars, open items, and an "export evidence" button for auditors.
- Feature
Slack + Discord alerts. Pipe compliance regressions and Sentinel criticals to a channel.
- Rules
Added 3 Sentinel rules for PCI-DSS-specific patterns: PAN in logs, weak crypto for card storage, exposed admin without MFA.
Apr 28, 2026
v2.3
Sentinel learns supply-chain patterns
Auditor now feeds package-history context back into Sentinel. If you import a package that was published last week, has 12 downloads, and matches a name AI tools commonly hallucinate, Sentinel blocks the merge.
- Rules
New rule SECOS-2210: hallucinated / non-existent package names. Blocks merge by default.
- Rules
New rule SECOS-2211: package published in the last 30 days with under 100 downloads.
- Feature
Auditor × Sentinel handoff. Auditor's dependency context now travels with PR comments so reviewers see why a package is flagged.
- Fix
Fixed a case where Sentinel false-positived on parameterized queries inside ORMs that wrap raw SQL.
Apr 9, 2026
v2.2.4
Faster scans · Lovable + Bolt detection
Average scan time is down to 0.9s for a 50-file repo. Sentinel now detects when code was generated by Cursor, Claude Code, Lovable, or Bolt and weights its rules accordingly.
- Feature
Tool fingerprinting. Findings show which AI tool likely wrote the offending block so you can fix the prompt instead of the symptom.
- Fix
Rulepack hot-reloading no longer requires a restart.
- Fix
VS Code extension stopped re-highlighting on every save. Now it diffs.
Mar 22, 2026
v2.2
Major
Scout · the threat model wizard
Before you write a line of code, Scout maps your attack surface. Pick a stack, describe the product, get a STRIDE-style model in 30 seconds. Sentinel then uses it to prioritize every commit.
- Agent
Scout is live. Available on Pro. Try it free
here.
- Feature
Scout writes .secureos/threat-model.md into your repo on first commit. Sentinel reads it on every subsequent scan.
- Feature
15 trust-boundary templates: SaaS, fintech, e-commerce, internal tools, and more.
Mar 1, 2026
v2.1.2
Penetrator gets OWASP Top 10 (2024)
The post-deploy attack agent now runs the latest OWASP Top 10 simulations against your live endpoints. Findings include curl repros so you can verify locally.
- Agent
Penetrator: added 14 new attack patterns covering SSRF, mass-assignment, and prototype pollution.
- Feature
Every finding now ships with a copyable curl repro.
- Fix
Resolved a race where two scheduled scans on the same repo could double-comment a PR.
Feb 11, 2026
v2.1
Educator + per-mistake personalization
Educator now remembers what you got wrong yesterday. Explanations get shorter as your mental model fills in. Free, forever.
- Agent
Educator: per-user explanation depth. First time you see SQL injection you get the full talk; the third time you get the diff.
- Feature
"Why was I flagged?" button on every PR comment. Opens the Educator explanation inline.
Jan 18, 2026
v2.0.1
Free-tier scan caps removed
Sentinel is free, forever. We removed the 100-scan/month cap on the free tier. If you're a solo founder, you should never have to think about it.
- Pricing
Free tier is unlimited. Sentinel, GitHub Action, Educator, and HTML reports have no usage cap.
- Fix
Webhook retries on transient GitHub 502s. No more "scan didn't trigger" support tickets.
Jan 4, 2026
v2.0
Major
SecureOS, the platform
The Sentinel CLI gets a hosted home and 8 sibling agents. From a single tool you can now cover threat modeling, code scanning, supply chain, pen testing, pre-launch checks, incidents, and compliance — all without leaving GitHub.
- Agent
Launched Scout, Architect, Auditor, Penetrator, Launcher, Compliance Officer, Incident Responder, Educator.
- Feature
Hosted dashboard at app.secureos.dev. PR comments, scan history, agent management.
- Feature
Pricing: Free (Sentinel + Educator), Pro $29/mo, Team $99/mo.
Nov 8, 2025
v1.4
35 rules · Sentinel open source
Sentinel CLI hits 35 rules, beats Snyk on AI-introduced patterns in our internal benchmark, and gets open sourced under MIT.