Nuevo 2026.6.8

Plexicus 2026.6.8: AI Pentest, Rebuilt Codex Remedium & Enterprise Security

Launch AI-powered penetration tests from the UI, experience a fully rebuilt AI remediation engine with live streaming, and benefit from a comprehensive enterprise security hardening pass.

🚀 What’s New

  • AI Pentest (DAST): A new AI Pentest tab lets you launch wizard-guided penetration tests against your verified domains directly from Plexicus — no external tooling required. Results, vulnerability reports, and real-time screenshots are captured and stored automatically throughout the scan.
  • Rebuilt Codex Remedium Engine: The AI remediation engine has been completely rebuilt on top of a new code-native foundation. It now streams live progress logs to the Terminal panel as it works, saves fix diffs even when a partial failure occurs, and surfaces clear retry controls when something goes wrong.
  • In-App Subscription Management: You can now purchase, upgrade, and manage your subscription plan directly inside Plexicus. Quota usage is shown live in the UI and enforced at the action level — no surprises.
  • ServiceNow Connector: ServiceNow is now available as a ticketing integration under Settings, alongside existing Jira and other connectors.

🛠 Improvements

  • Periodic Scan Screenshots: During a running AI Pentest, Plexicus now captures screenshots of the target application at regular intervals, giving you a visual record of what changed as the scan progressed — not just a snapshot before it started.
  • Audit Log: A comprehensive, tamper-evident audit trail now records logins, 2FA events, password changes, and policy modifications. Each entry is hash-chained to make the log immutable.
  • Rule Versioning & Changelog: Security rules now carry version metadata and a built-in changelog, making it straightforward to track when a rule was updated and what changed.
  • Taint Trace Visualization: Findings that involve data flow vulnerabilities now display a full taint trace — showing the exact path from source to sink in your code.
  • False Positive Detection: AI-powered false positive detection now runs automatically as part of the remediation workflow, reducing noise in your findings list.
  • Superadmin Experience: Superadmin accounts now bypass feature gates so administrators can always access the full platform regardless of the active plan.
  • Scan Receipt Durability: Scan results are now persisted to object storage before processing begins, ensuring no findings are lost if a downstream step fails.

🔒 Security

This release includes a dedicated security hardening pass across the platform:

  • Strengthened protection against server-side request forgery (SSRF) on OAuth discovery and external URL inputs
  • JWT tokens removed from redirect URLs; SAML login flows now enforce CSRF protection
  • Rate limiting on authentication endpoints now fails closed — a limiter outage no longer grants unrestricted access
  • Finding filter inputs are now allowlisted and regex patterns are properly escaped
  • Subscription quota decrements are now atomic, eliminating a class of race conditions
  • All soft-deleted findings are consistently excluded from every read path across the platform
  • Error reporting no longer captures personally identifiable information

🔧 Fixes

  • Pentest timer: The elapsed time counter on the AI Pentest detail page now shows hours correctly and accounts for timezone offsets
  • Scan stuck: A new Finalize Now action appears on repositories where a scan has stopped progressing, letting you unblock without contacting support
  • AI remediation: The remediation panel no longer shows an incorrect status after a failure; diffs are preserved and a retry button is shown
  • Branch selection: Choosing a specific branch when connecting a repository from your SCM is now correctly applied to the scan
  • Findings tabs: Clicking Cloud, Registry, or SCM findings tabs now shows an appropriate coming-soon message instead of a blank page
  • Onboarding: Users who haven’t installed the GitHub App now see a clear prompt and install link when no repositories are found
  • PDF reports: CVSS and EPSS score fields in exported reports no longer show errors when values are missing
  • SSO wizard: The step indicator in the SSO configuration wizard now displays correctly at every stage
  • Login page: One-click OAuth sign-in buttons are shown first; the email/password form is collapsed behind a toggle to reduce clutter
  • Email notifications: Scan completion emails now show the correct recipient name and accurate scan timing
  • API docs: Interactive API documentation is now accessible in all non-production environments
  • Connector management: Saving and deleting connectors now works correctly for all account types
  • Remediation details: The Details tab now consistently shows the AI-generated description and remediation guidance
Todos los cambios ¿Solicitud de función?