· intuitem · News · 3 min read
What's New in CISO Assistant — Week 07, 2026 (v3.12.1 – v3.12.4)
Findings-to-threats linking, generalised 'pick existing' pattern, MCP context improvements, campaign feature flags, and a wave of translation and UX fixes.
Four incremental releases this week focus on deepening the risk and findings model, polishing the assessment workflow, and improving the AI-assisted MCP experience.
New Features
Many-to-many findings-to-threats relationship (v3.12.1) — Findings can now be linked to multiple threats, and vice versa. This makes it much easier to trace a single finding back to every threat scenario it is relevant to, or to see all findings associated with a given threat.
Generalised “pick existing” pattern (v3.12.1) — The UX pattern for selecting an existing object (instead of creating a new one) has been extended across the application. Anywhere you previously had to create a new record, you can now search for and attach an existing one — reducing duplication and improving data consistency.
Labels and qualifications filter on risk scenarios (v3.12.4) — Risk scenario lists can now be filtered by label and qualification, making it faster to zoom in on the scenarios that matter for a particular review or report.
Findings assessment progress (v3.12.1) — Findings assessments now show a progress indicator, giving you an at-a-glance view of how much work remains.
Requirement node implementation-group updates (v3.12.2) — You can now update the implementation group of individual requirement nodes, giving auditors finer control over scoping after an audit has been created.
Respondent mode lock management (v3.12.2) — When respondent mode is active, locking behaviour is now handled correctly, and progress tracking is honoured when enabled.
Campaign feature flag (v3.12.4) — Campaigns can now be toggled on or off via a feature flag, letting organisations that do not use them keep the interface uncluttered.
MCP & AI Integration
Better MCP context management (v3.12.3) — When working with a large number of audits, the MCP context payload is now more efficient, and audit updates through the MCP channel are more reliable.
Framework & Library Updates
- Moroccan Law 05-20 to ISO 27001:2022 bidirectional mapping — Community contributor @Qnadia continues to expand Moroccan compliance coverage with a reverse mapping, completing the round-trip between the two frameworks.
UX Improvements
- Incident labels and formatting — Incidents now support labels and have improved visual formatting.
- Clickable table links — Links inside table cells are now independently clickable without triggering navigation to the row’s detail page.
- Compact yearly task review — The yearly tasks view uses a more compact layout, fitting more information on screen.
- Unreachable-object error messaging —
loadDetailnow checks reachability and surfaces a clear error when an object cannot be accessed, instead of failing silently. - Conflict management strategy (Pro) (v3.12.4) — The generalised conflict strategy from the data wizard is now available on more import paths.
Bug Fixes
- Missing translation handling for risk levels and requirement fields has been addressed across multiple locales.
- The progress select control is now visible on standard requirement-assessment views (v3.12.3).
- Metric-instance staleness checks work correctly, preventing stale data from lingering in dashboards.
- IAM enforcement has been tightened on multiple API paths.
- The perimeter-enable condition now evaluates correctly in edge cases.
- Audit page loading time has been improved (v3.12.2).
For the full list of changes, see the v3.12.1 – v3.12.4 releases on GitHub.
