Big Cranium Logo White.png
TrainingHelp Center
Find the insights and best practices about our product.
General
FAQs
System & Network Requirements
Getting Started
My AI Dashboard Overview
Release Notes
2026.4.2 Release Notes
2026.4.1 Release Notes
2026.3.1 Release Notes
2026.2.2 Release Notes
2026.2.1 Release Notes
2026.1.1 Release Notes
2025.12.1 Release Notes
2025.11.1 Release Notes
2025.10.3 Release Notes
2025.10.1 Release Notes
2025.9.1 Release Notes
2025.8.1 Release Notes
2025.7.1 Release Notes
2025.4.1 Release Notes
2025.3.1 Release Notes
2025.1.1 Release Notes
2024.12.1 Release Notes
AI Manager
My AI Systems
My AI Systems Overview
AI System Details Overview
Adding a New AI System
Self-Attesting to a Compliance Framework
Compliance Scoring
Compliance Agent [Beta]
My AI Supply Chain
Supply Chain Overview
Managing Outgoing AI Card Requests
Responding to an AI Card Request
Publishing an AI Card Without a Request
My Vendors Overview
Artifacts
Bill of Materials
Bill of Materials Overview
Creating a Bill of Materials with CodeSensor
Self-Attest to a Bill of Materials
AgentSensor Overview
Technology Search Overview
Document Library
Document Library Overview
Vulnerability Management
Arena Shield
Arena Shield Overview
Shield YAML Implementation Guide
Arena
AI Arena Overview
Vulnerability Assessment
Vulnerability Management
Vulnerability Assessment Overview
Accessing a Vulnerability Assessment
Adversarial Inputs Detector
Vulnerabilities Overview
Settings
User Manager Overview
Detect AI
Integrations
Accessing a Private VCS
Registering SSH for CodeSensor
Integrating Bitbucket with Cranium
Integrating GitHub with Cranium
Integrating GitLab with Cranium
Integrating Azure DevOps with Cranium
Continuous Monitoring Overview
VCS Service Rate Limits
CloudSensor
CloudSensor Overview
Public API
Public API Overview
Authentication & Generating Credentials
Pagination & Incremental Sync
Rate Limits & Error Handling
Endpoint Reference
Bills of Materials
Technology Vulnerabilities
Arena Models
Arena Model Vulnerabilities
Home
General
Release Notes
2026.3.1 Release Not...
2026.3.1 Release Notes

Release #: 2026.3.1

Release Date: March 12, 2026

What's New

Release 2026.3.1 delivers a redesigned Vulnerability Assessment experience, a new Vendor Compliance Dashboard with automated notifications, and infrastructure improvements to scan reliability.

Vulnerability Assessment landing page

A new top-level Vulnerability Assessment page provides a single, filterable view of AI risk across all BOMs. Each row represents one BOM based on its latest completed assessment. Security teams can answer "where are my critical vulnerabilities?" in seconds rather than clicking through individual BOMs.


The page supports multi-select filtering and an artifact toggle updates severity counts and filter results in real time without a page reload. BOMs with no completed assessment display a "Run Assessment" prompt directly in the table. Both model vulnerabilities (by attack category) and technology vulnerabilities (by package CVE) are available as separate tabs, each with resolve and restore actions that capture a reason for auditability.


A CSV export option is available directly from the landing page. The export respects the current filters, sort order, and visible columns, and includes a column picker and BOM selector so the output matches downstream system requirements. This provides a ready path for importing vulnerability data into SIEM, GRC, or ticketing platforms while native integrations are in development.

Vendor compliance dashboard and automated notifications

A new My Vendors tab in the AI Manager gives enterprise customers an aggregated view of third-party AI Card compliance. A KPI bar at the top shows total vendors, total AI Cards, and counts for pending, declined, and overdue cards. Below it, a searchable vendor card grid supports sorting by name or most recently updated, with pagination options.


Clicking into a vendor opens a detail page showing all AI Cards with version history, associated BOMs, AI models used (tagged by severity), applicable compliance frameworks, and recent documents. Only AI Cards received through the publish/receive workflow appear in the dashboard. Direct uploads are not included.


The platform now automatically notifies vendors by email when a monitored AI System changes and the vendor's published AI Card is out of date. The notification lists affected AI Systems and stale AI Cards with a direct link to update. If the vendor does not update within seven days, an escalation email is sent to the customer. Vendors receive one notification per detection event with no repeated emails until the deadline passes.

Datasets and Infrastructure tabs removed from Vulnerability Assessment

The Datasets and Infrastructure tabs have been removed from the Vulnerability Assessment view. No underlying vulnerability data exists for these artifact types yet, and removing the empty tabs provides a cleaner interface.

Scan reliability improvements

Under-the-hood infrastructure work in this release improves scan reliability and status accuracy across the platform. A new job orchestration layer provides centralized tracking of scan jobs with durable state management, replacing a previous architecture that had no unified job registry. These changes are not visible in the UI today but lay the foundation for future scan monitoring and retry capabilities.

Bug Fixes

  • Detect AI scans were prematurely marked as "Success" while repositories were still scanning. Scan status now only transitions to "Success" after all repository scans and count updates are fully committed.
  • Arena, Shield, and Vulnerability Assessment used different methodologies to calculate vulnerability likelihood, producing inconsistent scores for the same vulnerability across views. A single unified calculation now weights each attack category equally, producing consistent scores regardless of where a vulnerability is viewed. Existing scores may shift as a result of this change (learn more in the Arena article).
Did this answer your question?