Release Notes - May 2025

Release Notes

• Release Notes - June 2025

• Release Notes - May 2025

• Release Notes - April 2025

• Release Notes - March 2025

• Release Notes - February 2025

• Release Notes - January 2025

Release v4.1.105

May 22, 2025

1. Aggregate Control Maturity Trend

You can now view historical trendlines for Aggregate Control Maturity, which provide insight into how overall maturity scores have evolved over time.

2. See what changed for aggregate control maturity

Now, clicking on any point within the Aggregate Control Maturity trendline opens a "See What Changed" view, offering detailed insights into what influenced the changes.

3. AI Feature Control Setting

A new AI Features setting has been introduced to give customers control over AI functionality in their SAFE environment. By default, this setting is enabled, allowing full access to all AI features. If disabled, the following capabilities will be turned off: SafeX, AI Summary, Widget Explainability, AI-powered Questionnaire uploads, and AI-guided creation workflows. Additionally, disabling this setting will hide the entire Third-party section from the SAFE platform.  

Refer to Settings for more details.

4. Threat Intel Updates

• 283 security incidents added in the library for third-party breach notifications.

• 31 new CVEs are marked as Exploitable.

• 130 new Threat Events added to the Threat Center.

5. Deprecation Notice for AWS Integration

Customers currently using the AWS integration will now see a “Deprecating Soon” label on the integration card. This includes a direct link to the Migration Guide to help you transition to the updated AWS integration via Electric Eye.

Release v4.1.104

May 05, 2025

1. Cyber Risk Quantification Updates v9

This release brings significant enhancements to Cyber Risk Quantification. These updates focus on improving accuracy, granularity, and relevance in risk assessments, enabling organizations to understand better and manage their cyber risk posture.

Click here to dive deeper into the latest quantification updates.

Key Highlights:

• New Risk Domain: Gen AI Risk

  A new risk domain, "Gen AI Risk," has been introduced to address the emerging risks associated with Generative AI technologies. This domain includes support for loss quantification, new attack outcomes such as Data Corruption, and initial attack methods like LLM Prompt Injection and Training Data Poisoning. AI-specific CAM controls and a NIST AI RMF questionnaire have also been added.
  

• Risk Scenarios Updates

  • APT merged with Nation State for better classification

  • New attack surface—AI System for improved AI risk modeling

  • 3 new Initial Attack Methods and 4 new CAM controls to strengthen AI risk mitigation
    

• Control Updates - FAIR CAM

  • Improved Cloud & App attack surface mapping (DDoS, WAF)

  • Updated Initial Attack Method (IAM) mapping for better control alignment

  • Controls are now fully aligned with FAIR CAM
    

• Loss Updates - FAIR MAM

  • Loss event detection controls now impact FAIR MAM directly

  • DDoS Prevention added as an impact control

  • Annualized Loss is now based on LEF for more precise risk estimation

  • Nested Financial Impact Questionnaire (FIQ)
    

• High Impact Findings

  • The threshold for High Impact Findings has been changed to 9.75+ finding score.

  • These findings will now have an increased effect on likelihood estimation, emphasizing their critical nature.

  • Threat Intel-Informed (TI-IF) Findings have been introduced and will carry greater weight in likelihood estimations. These findings are periodically identified and released by the SAFE Threat Intelligence Team.

Click here to dive deeper into the latest quantification updates.

2. AWS Integration via Electric Eye (GA)

We’ve made the AWS integration in SAFE even better via Electric Eye. Now, all your AWS accounts are added automatically—no manual confirmation step is needed. SAFE also pulls in the AWS asset tags and shows them as custom fields, making it easier to track your assets and manage risk. The integration card now shows both Findings and Assets, while a new Sync History view is available for configured accounts.

Refer to the Migration Guide to transition your existing AWS integration to the new AWS integration powered by Electric Eye.

3. Threat Intel Updates

• 208 security incidents added in the library for third-party breach notifications.

• 21 new CVEs are marked as Exploitable.

• 102 new Threat Events added to the Threat Center.