Big Cranium Logo White.png
TrainingHelp Center
Find the insights and best practices about our product.
General
FAQs
System & Network Requirements
Getting Started
My AI Dashboard Overview
Release Notes
2026.4.2 Release Notes
2026.4.1 Release Notes
2026.3.1 Release Notes
2026.2.2 Release Notes
2026.2.1 Release Notes
2026.1.1 Release Notes
2025.12.1 Release Notes
2025.11.1 Release Notes
2025.10.3 Release Notes
2025.10.1 Release Notes
2025.9.1 Release Notes
2025.8.1 Release Notes
2025.7.1 Release Notes
2025.4.1 Release Notes
2025.3.1 Release Notes
2025.1.1 Release Notes
2024.12.1 Release Notes
AI Manager
My AI Systems
My AI Systems Overview
AI System Details Overview
Adding a New AI System
Self-Attesting to a Compliance Framework
Compliance Scoring
Compliance Agent [Beta]
My AI Supply Chain
Supply Chain Overview
Managing Outgoing AI Card Requests
Responding to an AI Card Request
Publishing an AI Card Without a Request
My Vendors Overview
Artifacts
Bill of Materials
Bill of Materials Overview
Creating a Bill of Materials with CodeSensor
Self-Attest to a Bill of Materials
AgentSensor Overview
Technology Search Overview
Document Library
Document Library Overview
Vulnerability Management
Arena Shield
Arena Shield Overview
Shield YAML Implementation Guide
Arena
AI Arena Overview
Vulnerability Assessment
Vulnerability Management
Vulnerability Assessment Overview
Accessing a Vulnerability Assessment
Adversarial Inputs Detector
Vulnerabilities Overview
Settings
User Manager Overview
Detect AI
Integrations
Accessing a Private VCS
Registering SSH for CodeSensor
Integrating Bitbucket with Cranium
Integrating GitHub with Cranium
Integrating GitLab with Cranium
Integrating Azure DevOps with Cranium
Continuous Monitoring Overview
VCS Service Rate Limits
CloudSensor
CloudSensor Overview
Public API
Public API Overview
Authentication & Generating Credentials
Pagination & Incremental Sync
Rate Limits & Error Handling
Endpoint Reference
Bills of Materials
Technology Vulnerabilities
Arena Models
Arena Model Vulnerabilities
Home
General
Release Notes
2026.4.2 Release Not...
2026.4.2 Release Notes

Release #: 2026.4.2.

Release Date: April 30, 2026


What's New

This release introduces Cranium's public REST API, actionable remediation guidance on model vulnerabilities, AI Card BOM versioning with visual diffs, and automated model classifications.

Public REST API

Cranium's programmatic interface is now generally available. API keys are generated and managed self-service from Settings → API Management, with full tenant isolation ensuring access is scoped exclusively to your organization's data. Rate limiting is enforced with clear error responses when thresholds are exceeded.

The v1 API provides read access to your Bills of Materials, technology vulnerabilities, Arena models, and Arena model vulnerabilities. All list endpoints support cursor-based pagination. Note that v1 is read-only — write operations are not included in this release.

Vulnerability Remediation Guidance

Every model vulnerability now includes remediation guidance describing recommended mitigation steps for the detected attack category. Remediation appears in the Remove Model Vulnerable Attack Categories modal on the Vulnerabilities page and is included as a new column in the model vulnerabilities CSV export. The current release provides generic category-level guidance applicable to all model types. Evidence-backed guardrail recommendations for LLMs are planned for a future release.

AI Card BOM Versioning

AI Cards now maintain a version history of their associated BOM, with a visual diff that highlights exactly what was added, removed, or changed between versions. Each AI Card displays a clear status indicator — "up-to-date" when the BOM is in sync with the source repository, or "out-of-date" when a newer BOM version exists. Both the version history and diff are accessible from the AI Card details view.

This release versions the BOM component of AI Cards only. Governance documents, customer uploads, and other AI Card artifacts remain static and are not versioned. AI Cards without an associated BOM do not receive versioning capability.

Automated Model Classification

Every model in a BOM is now automatically classified with an AI likelihood score (High, Medium, or Low) and a model type (GenAI, Traditional ML, Deep Learning, or Unknown). Model names are normalized using standardized identifiers from HuggingFace and the Cranium model database. Likelihood and category badges display directly on BOM rows, and BOMs can be filtered by model category to isolate specific model types for focused risk assessment. Some models may receive an "Unknown" classification when type cannot be determined with sufficient confidence.

Vulnerability Export Reliability

Vulnerability exports now run as background jobs rather than synchronous, request-bound operations. Large exports no longer block UI threads or time out, and multiple exports can run concurrently without degrading platform performance. Export job status — queued, processing, or complete — is now visible in the platform.


Bug fixes


  • BOM scan date/time not updating on status change: BOM scan timestamps remained stale when status changed to "Queued," displaying the previous scan time instead of the new initiation time.
  • AI Card request contact forcing duplicate organization creation: Swapping the contact on an AI Card request when another contact from the same organization had already published caused a new organization to be created instead of updating the existing one, resulting in duplicate tenant records.
  • Arena filter causing all subsequent requests to fail: Applying any filter in Arena caused all subsequent API requests to fail — even after the filter was cleared — until the page was reloaded.


For questions about this release, contact your Customer Success Manager or visit the Cranium Knowledge Base.


Did this answer your question?