Big Cranium Logo White.png
TrainingHelp Center
Find the insights and best practices about our product.
General
FAQs
System & Network Requirements
Getting Started
My AI Dashboard Overview
Release Notes
2026.4.2 Release Notes
2026.4.1 Release Notes
2026.3.1 Release Notes
2026.2.2 Release Notes
2026.2.1 Release Notes
2026.1.1 Release Notes
2025.12.1 Release Notes
2025.11.1 Release Notes
2025.10.3 Release Notes
2025.10.1 Release Notes
2025.9.1 Release Notes
2025.8.1 Release Notes
2025.7.1 Release Notes
2025.4.1 Release Notes
2025.3.1 Release Notes
2025.1.1 Release Notes
2024.12.1 Release Notes
AI Manager
My AI Systems
My AI Systems Overview
AI System Details Overview
Adding a New AI System
Self-Attesting to a Compliance Framework
Compliance Scoring
Compliance Agent [Beta]
My AI Supply Chain
Supply Chain Overview
Managing Outgoing AI Card Requests
Responding to an AI Card Request
Publishing an AI Card Without a Request
My Vendors Overview
Artifacts
Bill of Materials
Bill of Materials Overview
Creating a Bill of Materials with CodeSensor
Self-Attest to a Bill of Materials
AgentSensor Overview
Technology Search Overview
Document Library
Document Library Overview
Vulnerability Management
Arena Shield
Arena Shield Overview
Shield YAML Implementation Guide
Arena
AI Arena Overview
Vulnerability Assessment
Vulnerability Management
Vulnerability Assessment Overview
Accessing a Vulnerability Assessment
Adversarial Inputs Detector
Vulnerabilities Overview
Settings
User Manager Overview
Detect AI
Integrations
Accessing a Private VCS
Registering SSH for CodeSensor
Integrating Bitbucket with Cranium
Integrating GitHub with Cranium
Integrating GitLab with Cranium
Integrating Azure DevOps with Cranium
Continuous Monitoring Overview
VCS Service Rate Limits
CloudSensor
CloudSensor Overview
Public API
Public API Overview
Authentication & Generating Credentials
Pagination & Incremental Sync
Rate Limits & Error Handling
Endpoint Reference
Bills of Materials
Technology Vulnerabilities
Arena Models
Arena Model Vulnerabilities
Home
General
Release Notes
2025.10.3 Release No...
2025.10.3 Release Notes

Release #: 2025.10.3

Release Date: November 4, 2025

What's New

Release 10.3 strengthens vulnerability management capabilities and infrastructure resilience across the Cranium platform. This update introduces quantitative risk assessment for AI models, compliance-focused vulnerability tracking, and enhanced service continuity during high-demand periods.

Model Vulnerability Display with Attack Success Rates

Security teams can now view quantitative risk metrics directly in the Vulnerability Assessment without navigating to Arena. Each model displays its attack categories with success rates showing the percentage of successful attacks versus total attempts. Severity levels automatically classify as Critical, High, Medium, or Low based on Shield testing results.

Expanding a model row reveals individual attack categories with their specific success rates and severity classifications. The vulnerability count header now combines both model and technology vulnerabilities for a complete risk overview. This consolidation reduces model assessment time from over 15 minutes to under 2 minutes.

Close and Ignore Model Vulnerabilities

Document remediation decisions by marking attack categories as closed or ignored. Each action requires justification text and records the user and timestamp for audit purposes. The system recalculates the parent model's vulnerability score when child vulnerabilities are closed. All actions appear in the Resolved vulnerabilities tab for tracking security decisions over time.

Important: Vulnerability status does not persist across model rescans. Closed or ignored vulnerabilities reset when you rescan the model. Status persistence is planned for a future release.

Package Version Visibility for Technology Vulnerabilities

Technology vulnerabilities now show the specific package version affected by each CVE and the programming language. Teams can determine whether their deployed version is vulnerable without additional research. The interface displays exact version numbers when possible and labels inferred versions when the scanner estimates based on dependency files.

SBOM Document Upload

Upload Software Bill of Materials files in JSON format (CycloneDX and SPDX) directly to AI Cards through the Document Library. Multiple SBOMs can attach to a single AI Card, with automatic versioning on duplicate uploads. SBOM files inherit existing document permissions and access controls.

This release provides centralized storage for compliance documentation. Automated SBOM parsing and vulnerability correlation are planned for early 2026.

Improved Service Reliability

Intelligent failover maintains uninterrupted service during provider rate limiting or availability issues. The system automatically routes requests to alternative providers without user intervention across CodeSensor, Vulnerability Assessments, Arena, and Compliance Agent. Scans and assessments continue processing during high-demand periods without delays or failures.

Bug Fixes & Other Improvements

  • Fixed CodeSensor failures when reaching GitHub API rate limits. The scanner now automatically waits for the limit window to reset and continues without manual intervention.
  • Correct AI Card publish reminder email timing. Reminders now send at proper intervals: 14 days, 7 days, 3 days, and 1 day before the deadline.
  • Adjusted help button positioning to prevent overlap with the settings menu on smaller screen resolutions.

For questions about these updates, contact your Customer Success Manager or visit the Knowledge Base.

Did this answer your question?