Release Notes - May 2025

Release Notes

• Release Notes - May 2025

• Release Notes - April 2025

• Release Notes - March 2025

• Release Notes - February 2025

• Release Notes - January 2025

Release v4.1.104

May 05, 2025

1. Cyber Risk Quantification Updates v9

This release brings significant enhancements to Cyber Risk Quantification. These updates focus on improving accuracy, granularity, and relevance in risk assessments, enabling organizations to understand better and manage their cyber risk posture.

Key Highlights:

• New Risk Domain: Gen AI Risk

  A new risk domain, "Gen AI Risk," has been introduced to address the emerging risks associated with Generative AI technologies. This domain includes support for loss quantification, new attack outcomes such as Data Corruption, and initial attack methods like LLM Prompt Injection and Training Data Poisoning. AI-specific CAM controls and a NIST AI RMF questionnaire have also been added.
  

• Risk Scenarios Updates

  • APT merged with Nation State for better classification

  • New attack surface—AI System for improved AI risk modeling

  • 3 new Initial Attack Methods and 4 new CAM controls to strengthen AI risk mitigation
    

• Control Updates - FAIR CAM

  • Improved Cloud & App attack surface mapping (DDoS, WAF)

  • Updated Initial Attack Method (IAM) mapping for better control alignment

  • Controls are now fully aligned with FAIR CAM
    

• Loss Updates - FAIR MAM

  • Loss event detection controls now impact FAIR MAM directly

  • DDoS Prevention added as an impact control

  • Annualized Loss is now based on LEF for more precise risk estimation

  • Nested Financial Impact Questionnaire (FIQ)
    

• High Impact Findings

  • The threshold for High Impact Findings has been changed to 9.75+ finding score.

  • These findings will now have an increased effect on likelihood estimation, emphasizing their critical nature.

  • Threat Intel-Informed (TI-IF) Findings have been introduced and will carry greater weight in likelihood estimations. These findings are periodically identified and released by the SAFE Threat Intelligence Team.

Click here to dive deeper into the latest quantification updates.

2. AWS Integration via Electric Eye (GA)

We’ve made the AWS integration in SAFE even better via Electric Eye. Now, all your AWS accounts are added automatically—no manual confirmation step is needed. SAFE also pulls in the AWS asset tags and shows them as custom fields, making it easier to track your assets and manage risk. The integration card now shows both Findings and Assets, while a new Sync History view is available for configured accounts.

3. Threat Intel Updates

• 208 security incidents added in the library for third-party breach notifications.

• 21 new CVEs are marked as Exploitable.

• 102 new Threat Events added to the Threat Center.