Skip to Content
Changelog

Changelog

Track what’s new, improved, and fixed in each SecureHive release.

v1.5.0 — May 18, 2026

AI Governance Module

A comprehensive AI Governance module that gives security leaders full control over AI adoption — from use case registration and risk assessment through approval workflows and compliance reporting. Includes configurable risk tiers, role-based review workflows, automated compliance scoring across ISO 42001, EU AI Act, and NIST AI RMF, plus branded board-ready reports.

Highlights

  • AI Governance: register AI use cases, assess risk with configurable tiers and questionnaires, route through approval workflows, and track compliance
  • Workflow integration: AI use cases flow through the same configurable workflow engine used across the platform — assign reviewers, set SLAs, and track approvals
  • Compliance & reporting: automated compliance scoring across ISO 42001, EU AI Act, and AI Security Standard with branded monthly and quarterly board reports
  • Shadow AI preview: coming in v1.6 — lightweight browser extension and desktop companion to detect unauthorized AI tool usage across your organization
  • Statement of Applicability: framework-mapped SOA generation with dynamic risk tier filtering for ISO 42001, EU AI Act, and NIST AI RMF controls

Features

  • AI Use Case Lifecycle (Governance) — Register, categorize, and manage AI use cases through their full lifecycle — from initial submission through risk assessment, review, and approval. Each use case captures purpose, data classification, risk tier, and business value.

    • Use case registration with category, data classification, risk tier, and value estimates
    • Configurable risk tiers with color coding and per-tier default workflows
    • Risk questionnaire with weighted scoring across 5 categories (15 default questions)
    • Status lifecycle: Draft, Submitted, In Review, Approved, Rejected, Retired

  • Approval Workflow Integration (Workflows) — AI use cases integrate with the platform workflow engine. Configure default workflows per risk tier, assign reviewers, set SLAs, and track approval progress — all using the same workflow infrastructure as other modules.

    • Per-tier default workflow assignment on submission
    • Workflow override support for individual use cases
    • SLA tracking and compliance metrics on the dashboard
    • 17 AI Governance-specific roles across 7 categories (Management, Execution, Review, Compliance, Legal, Approval, Stakeholder)

  • Compliance Scoring & SOA (Compliance) — Automated compliance scoring across ISO 42001, EU AI Act, and AI Security Standard. Statement of Applicability generation with dynamic risk tier filtering for framework-specific controls.

    • Weighted compliance score across three frameworks
    • SOA framework mapping with per-tier control applicability
    • Control test pass rate and coverage percentage per framework
    • Dynamic risk tiers with color-coded indicators throughout the UI

  • Executive Dashboard & Reports (Reporting) — Real-time AI governance dashboard with KPIs, adoption trends, value realization, and risk posture. Branded, print-ready monthly and quarterly board reports with SecureHive branding.

    • Executive summary: total use cases, approval rate, avg time to approve, compliance score
    • 6-month trend analysis, department-level adoption breakdown
    • Branded PDF reports with KPI cards, styled tables, and print-optimized layout
    • Quarterly board report with compliance posture score and RAG indicators

  • Shadow AI Detection (Preview) (Security) — Coming in v1.6: a lightweight browser extension (Chrome + Edge) and desktop companion agent to detect unauthorized AI tool usage. Connects detections directly to governance workflows for closed-loop policy enforcement.

    • Browser extension detecting 100+ web-based AI tools across 8 categories
    • Desktop companion monitoring native AI applications on Windows and macOS
    • Configurable data collection levels (Minimal, Standard, Detailed) for privacy compliance
    • Webhook integration available now for existing DLP and CASB tools

Improvements

  • Settings Architecture (high impact) — Comprehensive AI Governance settings with 9 configuration tabs: Risk Tiers, Categories, Data Classification, Approval Lanes, Workflow Stages, Risk Questionnaire, Team, Integrations, and Default Workflows.
  • Report Branding (medium impact) — All reports use SecureHive brand styling with Oswald logo, amber accent bars, and print-optimized A4 layout.

v1.4.0 — April 16, 2026

Security Portfolio & capability intelligence

A new Security Portfolio module maps deployed security technologies to capabilities, risk scenarios, and program coverage — so leaders can see gaps, overlap, and where investments line up with outcomes.

Highlights

  • Security Portfolio: register technologies, maintain a capability library (tenant + shared patterns), and link tools to capabilities and risk scenarios
  • Technology detail: capabilities matrix, linked audit controls and artifacts, NIST CSF-style domain overlay where configured, and an audit log for changes
  • Operations: filterable register, CSV export, dedicated capability catalog page, RBAC subject security-portfolio (read, create, update, delete, manage)
  • AI-assisted setup (where enabled): suggest capabilities, extend the tenant capability library, and suggest risk scenarios to speed onboarding

Features

  • Security Portfolio register (Governance) — Tenant-scoped register of security technologies with status, criticality, ownership, and vendor links. List and detail views with deep links into capabilities and coverage.
  • Capability library & mapping (Governance) — Define and reuse security capabilities across the tenant, align technologies to capabilities, and maintain a dedicated capability catalog alongside global reference patterns.
  • Coverage, controls, and accountability (Risk & audit) — Per-technology views for linked audit controls, artifacts, risk-scenario coverage, and domain overlays — plus an audit log of portfolio changes for governance.
  • AI-assisted portfolio suggestions (Platform) — Optional AI queries to suggest capabilities for a technology, propose additions to the tenant capability library, and suggest risk scenarios — reducing cold-start time for new tenants.

v1.3.0 — March 14, 2026

Splunk & Microsoft Sentinel & Mission Control

SIEM integrations and Mission Control: Splunk ES and Microsoft Sentinel connected to incident management. Mission Control is SIEM-agnostic with severity/urgency tags, enriched alert details, and direct links to source systems.

Highlights

  • Splunk ES integration: notable events, Mission Control alerts and incidents; connect Splunk to incident management and create SecureHive incidents from alerts
  • Microsoft Sentinel: client credentials (tenant, app, secret) with backend token management; ARM Log Analytics query for all regions
  • Mission Control: SIEM-agnostic (Severity for Sentinel, Urgency for Splunk) with theme-aligned tags; compact action buttons with tooltips
  • Incident and alert links: Azure portal incident URL in actions; enriched alert details on incident page
  • Presentations: Gamma integration and AI dialog to create tailored board decks from customer data for stakeholder and board reporting

Features

  • Microsoft Sentinel Integration (Security Operations) — Connect Microsoft Sentinel to Mission Control and incident management. Use client credentials for secure, backend-managed tokens; view incidents and alerts, create SecureHive incidents from alerts, open incidents in Azure portal from actions.
  • Splunk ES Integration (Security Operations) — Connect Splunk Enterprise Security to Mission Control and incident management. View notable events, alerts, and incidents; create SecureHive incidents from Splunk. ES instance configuration in integration settings.
  • Mission Control & SIEM-Agnostic UI (Security Operations) — Mission Control supports multiple SIEMs. Severity (Sentinel) and Urgency (Splunk) with theme-based badge colors. Compact action buttons with tooltips; Open in Azure in actions column.
  • Presentations from Customer Data (Platform) — Create tailored board presentations from customer data for stakeholder and board reporting. Gamma integration for export; an AI dialog guides you to build tailored presentations (focus, audience, narrative style).

v1.2.0 — March 8, 2026

Incident Management & Maturity Model

Two major features: full incident management lifecycle (create, triage, assign, track) and the maturity model with CIS Controls framework support.

Highlights

  • Incident Management: full lifecycle — create, triage, assign, and track security incidents; coordinate response and keep stakeholders informed
  • Maturity Model: CIS Controls framework support — license from marketplace, assess by domain, questionnaire-style UI with search and collapsible domains
  • Track maturity levels and applicability (e.g. IG1, IG2, IG3); link assessments to issues and improvement plans
  • Unified framework schema and CSV import ready; CMMC, NIST CSF, ISO 27001 coming soon

Features

  • Incident Management (Security Operations) — Full incident lifecycle: create, triage, assign, and track security incidents. Streamlined workflows to coordinate response and keep stakeholders informed. Link incidents to maturity capability assessments and other modules.
  • Maturity Model & CIS Framework (Compliance) — New maturity model module with framework-based assessments. CIS Controls framework support: license from marketplace, assess capabilities by domain, track maturity levels and applicability (IG1/IG2/IG3). Questionnaire-style assessment UI. Other frameworks (CMMC, NIST CSF, ISO 27001) coming soon.

v1.1.0 — March 6, 2026

Platform Evaluation

New Platform Evaluation module: compare candidate security platforms with weighted criteria, multiple evaluators, score matrix, criteria library, and optional AI-suggested criteria.

Highlights

  • Platform Evaluation module: compare candidate platforms (e.g. EDR, SIEM) with weighted criteria
  • Evaluators and observers; score matrix and weighted totals
  • Criteria library, add-from-library, and optional AI-suggested criteria
  • Criteria proposal workflow (request, approve, reject)
  • Complete evaluation with selected platform and rationale; link to strategy project

Features

  • Platform Evaluation (Platform) — Compare candidate security platforms (e.g. EDR, SIEM) with configurable criteria, weights, and multiple evaluators. Score matrix, weighted totals, criteria library, and optional AI-suggested criteria. Link evaluations to strategy projects and record selected platform with rationale.

v1.0.0 — January 18, 2026

Initial Production Release (Beta)

SecureHive reaches beta. A modular platform with comprehensive CISO observability, unified approval workflows, and strategy-to-execution visibility — built for how security leadership actually works.

Highlights

  • Modular platform: Governance, Strategy, Risk, Audit, Policy, Vendor Risk, Trust, Incident Response
  • Comprehensive CISO observability and unified risk posture visibility
  • Unified approval workflow system (Policy, Strategy, Charter, Issues)
  • Feature flags, version display, and changelog documentation
  • Executive and board-ready dashboards; real-time analytics

Features

  • Modular Platform & Unified View (Platform) — Modular architecture that scales from startups to enterprise. Every module works seamlessly together, giving you a unified view of your security posture.
  • Comprehensive CISO Observability (Observability) — Unified visibility across risk posture, compliance metrics, and strategy-to-execution. Executive and board-ready dashboards with real-time analytics and automated risk scoring.
  • Unified Approval Workflow System (Workflows) — Configurable approval workflows across Policy, Strategy, Charter, and Issues — with automated assignments, notifications, and task routing for efficiency.
  • Feature Flags (Platform) — Feature flags context and hooks for React/Next.js to enable gradual rollouts and A/B testing.
  • Version Display (UI) — Components for displaying application version information to users.

Improvements

  • Performance optimizations across the platform
  • Improved error handling and user feedback
  • Release documentation and support materials

Fixes

  • Stability and edge-case fixes ahead of beta

v0.0.3 — September 15, 2025

Enterprise readiness & compliance

Enterprise SSO, advanced compliance, unified approval workflows, and CISO dashboard foundations. Platform is ready for internal and early-access use.

Highlights

  • Enterprise SSO (SAML 2.0, OAuth 2.0)
  • Advanced compliance (ISO 27001, SOC 2, NIST, GDPR, HIPAA)
  • Unified approval workflow system (Policy, Strategy, Charter, Issues)
  • CISO dashboard and risk posture visibility foundations
  • Risk registry, audit workflows, and reporting

Features

  • Enterprise SSO Integration (Security) — Seamless integration with SAML 2.0 and OAuth 2.0 identity providers.
  • Advanced Compliance Frameworks (Compliance) — Support for ISO 27001, SOC 2, NIST, GDPR, and HIPAA with automated compliance tracking.
  • Unified Approval Workflow System (Workflows) — Configurable approval workflows for Policy, Strategy, Charter, and Issues — automated assignments, notifications, and task routing.
  • CISO Dashboard & Risk Posture Visibility (Observability) — Unified view of risk posture, goals, projects, and compliance. Foundations for executive and board-ready dashboards.
  • Risk Registry & Audit Workflows (Compliance) — Central risk registry and structured audit cycles with evidence tracking.
  • Reporting Foundations (Reporting) — Reporting APIs and templates for compliance and audit reports.

Improvements

  • API performance and rate limiting
  • Security hardening and audit logging
  • Documentation and deployment tooling

Fixes

  • SSO and tenant context edge cases
  • Compliance evidence and export fixes

v0.0.2 — May 15, 2025

Multi-tenant & compliance foundations

Multi-tenant data isolation, compliance control library, and module-aware architecture. Design system and SSO integration work begins.

Highlights

  • Multi-tenant data isolation
  • Compliance control library and evidence tracking
  • Module-aware architecture (Governance, Strategy, Risk, Audit, Policy, Vendor Risk, Trust)
  • Approval workflow foundations and design system

Features

  • Multi-Tenant Architecture (Architecture) — Complete data isolation and tenant-specific configurations for enterprise customers.
  • Compliance Control Library (Compliance) — Structured controls and evidence tracking for multiple frameworks.
  • Module-Aware Platform Architecture (Platform) — Modular architecture that scales from startups to enterprise. Foundation for Governance, Strategy, Risk, Audit, Policy Lifecycle, Vendor Risk, and Trust modules.
  • Tenant Context & Audit Trail (Security) — Tenant-scoped context and audit trail for all operations.
  • Design System & Components (UI) — Shared design system and reusable UI component library.

Improvements

  • Database schema and query optimization
  • Authentication and session handling
  • API structure for tenant isolation

v0.0.1 — February 15, 2025

Project kickoff & foundation

Development started in early 2025. Repository, tooling, multi-tenant schema, and compliance framework scaffolding — laying the groundwork for a modular CISO platform.

Highlights

  • Project initialization and dev environment
  • Multi-tenant data model and schema design
  • Compliance framework scaffolding (ISO, SOC 2, NIST, GDPR, HIPAA)
  • CI/CD and repository setup; foundation for modular modules

Features

  • Multi-Tenant Data Model (Architecture) — Schema and data model design for tenant isolation and scalability.
  • Compliance Framework Scaffolding (Compliance) — Structure for ISO 27001, SOC 2, NIST, GDPR, and HIPAA controls and mapping.
  • Application Shell & Routing (Platform) — Next.js app shell, routing, and base layout for docs and app areas. Foundation for strategy-to-execution and module navigation.

Improvements

  • Repository and monorepo tooling
  • Development and build pipeline
  • Environment and configuration management
Last updated on
WebhooksFAQ