What's New

Release 2026.2.1 delivers industry-first AI security detection capabilities and enhanced platform reliability for vulnerability management workflows.

Zero-day AI attack detection

Cranium now detects evidence of malicious AI-driven code propagation following our public disclosure of a novel attack vector targeting AI coding assistants. The detector identifies two critical attack signatures: self-propagation patterns exploiting trusted tools like Cursor, Windsurf, and GitHub Copilot, and invisible text embedded in code files indicating malicious manipulation.

This represents the first detection capability for AI-mediated supply chain attacks that could propagate silently across enterprise codebases. Traditional security scanners cannot identify these threats because they don't resemble conventional vulnerabilities. The detector integrates with existing Vulnerability Assessment workflows and surfaces findings in the "Other Vulnerabilities" tab as "Zero-Day AI Attack Evidence" entries.

Detection focuses on Python codebases initially, with additional language support planned. The system looks for specific attack signatures rather than normal AI tool usage, so legitimate use of coding assistants won't trigger alerts.

Regional model improvements

Claude Sonnet model upgrades across APAC, EU, and AU regions bring all global deployments to the latest version. The enhanced model provides improved accuracy and faster response times for AI-generated vulnerability summaries and risk assessments.

Bug Fixes

Resolved inconsistent vulnerability counts between list and detail views
Eliminated repository cloning errors in vulnerability assessments
Added dropdown pagination for large repository collections (50+ BOMs)
Improved GitHub App authentication workflow setup process
Fixed missing storage container issues causing BOM scan failures
Corrected vulnerability count displays in table summaries

Did this answer your question?