Skip to content

AccuKnox v3.5 Release Notes

Release Date: April 2026

AccuKnox v3.5 delivers major improvements across AI/ML security, dashboard usability, findings workflows, SBOM analysis, cloud onboarding, and localization.

What is New in v3.5

AI/ML Security (ModelKnox and AI-SPM)

  • Expanded coverage across AI/ML security pages.
  • Download support and date-range filters for improved analysis workflows.
  • Dynamic card data and enhanced filtering in Prompt Firewall, including token and integration filters.
  • Owner information added to policy tables.
  • Nested tag filtering support.
  • Microsoft365 added to the Agents page.
  • ModelKnox localization improvements.

Dashboard V3 Enhancements

  • Dashboard pinning support.
  • Incident and Problem creation via SDP integration.
  • Infinite scroll in widget filter dropdowns.
  • Filter count display and single-filter selection support.

Findings and ASPM

  • WAF and Model Audit finding detail views.
  • Runtime-verified artifact support.
  • ONAPP feature rework.
  • Dynamic namespace filtering by cluster.
  • Findings localization for static Findings UI content and Findings detail labels.

Note

Findings localization in v3.5 covers static UI text. Dynamic content returned by upstream APIs is displayed as received.

xBOM — Supply Chain Visibility Across Software, Cryptography, and AI

v3.5 introduces xBOM, a unified framework for generating and managing Bills of Materials across three supply chain layers:

BOM Type Covers
SBOM Software packages and dependencies
CBOM Cryptographic algorithms and libraries
AIBOM AI/ML models and their provenance

xBOM supports compliance with EO 14028 and the EU AI Act and is accessible via three generation methods:

  • knoxctl — Scan filesystems, container images, and AI/ML models interactively from a local UI and push results directly to your AccuKnox tenant.
  • Container Image Scan Action — Integrate AccuKnox's GitHub Action into your CI/CD pipeline to automatically generate SBOMs on every push or pull request.
  • xBOM Scan Action — Generate SBOM, CBOM, and AIBOM from source code, container images, or AI/ML model sources within GitHub Actions workflows.

Generated BOMs are automatically scanned for known CVEs, license issues, and outdated components. Results surface in SBOM > Projects with vulnerability details, remediation tracking, and export support.

Set up xBOM →

SBOM

  • Dependency graph improvements.
  • SBOM compare with diff filtering.
  • CERT-In API integration support for SBOM reporting workflows.
  • New SBOM metadata fields.
  • Findings drawer view updates.
  • Ad-hoc scan support for collectors.
  • SBOM localization.

Alerts

  • Rate-limiting alert integration.
  • Session configuration synchronization when redirecting from cluster views to alerts.

Collectors and API Security

  • API spec generation for both single endpoints and API collections.

CWPP — GKE Autopilot Support

AccuKnox CWPP now supports deployment on GKE Autopilot clusters via the GKE partner workload allowlist. KubeArmor maintains a per-release allowlist that enables privileged workloads (such as those requiring SYS_ADMIN or hostPath mounts) to run within Autopilot's security constraints.

Key highlights:

  • Apply the AllowlistSynchronizer manifest to pull the KubeArmor allowlist from the GKE partner repository.
  • Install KubeArmor via Helm using environment.name=autopilot.
  • Onboard the cluster to the AccuKnox Platform with a standard join token.
  • Enforce Block or Audit mode policies post-onboarding, with violations surfaced in the Alerts section.
  • Monitor egress, ingress, and graphical behaviour views per workload from the platform.

Set up CWPP on GKE Autopilot →

Cloud, CSPM, and Clusters

  • Full Azure organization onboarding flow with edit, delete, and list operations.
  • Tenant ID and region enhancements in Azure onboarding.
  • New Cloud Compliance Report Config.
  • Separate APIs for cluster misconfiguration findings and KIEM findings.
  • Agent version column added in cluster overview.
  • Registry scan image pattern matching now supports character range expressions in tag filters, enabling more granular control over which images are scanned.

Registry Scan: Character Range Expressions in Tag Patterns

Registry scan onboarding now supports bracket-based character range expressions within image tag filters, in addition to the existing wildcard patterns.

Previously, tag filters were limited to wildcard-only patterns such as *:v* or example/*:v1. While these cover broad inclusion and exclusion rules, they could not distinguish between specific version ranges — meaning scans would unnecessarily process images outside your target version set, increasing scan costs.

What's new: You can now use bracket notation (e.g., [1-8]) inside tag patterns to match or exclude images whose tags fall within a defined character range.

Pattern Description Example Matches Example Non-Matches
*:v[1-8]* Tags starting with v, digit 1–8, any suffix image:v1, image:v2.0, repo/app:v8-beta image:v9, image:v10, image:v0.9
-*:v[9]* Exclude tags with v9 prefix Excludes image:v9, image:v9.1

This makes it straightforward to scan only the image versions your team actively maintains, avoiding wasted scan cycles on deprecated or out-of-range tags.

UI Components, i18n, and Platform Usability

  • Component upgrades across Button, Checkbox, ActionMenu, Loader, and AsyncSelect.
  • Design tokens updated to v1.0.12.
  • i18n rolled out across API Security, Policies, SBOM, Rule Engine, Compliance, Reports, Registry Scan, and ModelKnox.
  • New language support added for Japanese and Korean.
  • AI widgets with resizable support.
  • Policy bulk update enhancements.
  • Rule Engine adds Not Seen In condition support.
  • SPARTA feature updates.
  • Simplified pagination across key workflows.

AccuKnox v3.5 improves coverage, usability, and localization across core security workflows while continuing to strengthen enterprise-scale cloud and application security operations.