What's New in CISO Assistant — Week 12, 2026 (v3.14.5 – v3.15.0)

A landmark week for CISO Assistant — three releases culminating in v3.15.0, which brings a built-in chat mode, a framework builder, and a visual risk matrix editor among other major additions.

Chat Mode

Built-in chat (v3.15.0) — CISO Assistant now includes a chat mode directly within the application. Users can interact conversationally with the platform, making it faster to navigate, query, and act on GRC data without leaving the interface. This feature is currently in alpha — expect rough edges and rapid iteration in upcoming releases.

Framework Builder & Questionnaire Respondent

Framework builder and revamped questionnaire respondent mode (v3.15.0) — A new framework builder lets organisations create custom frameworks directly inside CISO Assistant. Alongside it, the questionnaire respondent experience has been completely overhauled, making it easier for internal and external respondents to complete assessments. The framework builder is available through experimental mode for now — enable it in your settings to try it out. Note: this is a breaking change — check the release notes if you have custom integrations relying on the previous questionnaire API.

Risk Management

Visual editor for risk matrix (v3.14.5) — Risk matrices can now be designed and modified through a visual drag-and-drop editor, replacing the previous form-based approach. This makes it significantly more intuitive to define probability/impact grids and colour-code risk levels.

Improvements to matrix management (v3.15.0) — Additional fixes and refinements to the new matrix editor, including better handling of edge cases and score toggling with average-of-averages calculation support.

Risk scenario edit page layout (v3.14.5) — The risk scenario editing view has been reorganised for a cleaner, more logical layout.

Universal Search

Fuzzy search across the platform (v3.14.5) — A new universal search bar with fuzzy matching lets users find any object — controls, risks, assets, frameworks — from a single entry point. Partial matches and typos are handled gracefully, dramatically reducing the time spent navigating between sections.

Compliance & SoA

Statement of Applicability generation (v3.15.0) — Users can now generate a Statement of Applicability (SoA) directly from CISO Assistant, pulling together control selections and justifications into a structured document ready for auditors.

Select controls from suggestions (v3.15.0) — When mapping controls, the UI now offers relevant suggestions that can be selected in-line, speeding up the process of building out compliance mappings.

Sync applied controls to reference controls (v3.15.0) — Applied controls can now be synchronised back to their reference control definitions, keeping organisational control catalogues consistent with what is actually deployed.

Data Wizard

Vulnerability import (v3.14.6) — The data wizard now supports importing vulnerabilities, joining the existing import capabilities for assets, controls, and risks. This closes a key gap for organisations that manage vulnerability data in external scanners or spreadsheets.

Cost field on applied controls (v3.15.0) — The applied control import record now includes a cost field, aligning the data wizard with the cost-tracking features introduced in previous releases.

GDPR & Personal Data

Batch input for personal data (v3.15.0) — The GDPR module now supports batch input operations for personal data entries, along with several additional improvements to the data processing workflow.

EBIOS RM

• Return button added to the Ebios study view, and owners are now filterable (v3.14.5).
• Navigation button from stakeholder view back to workshop 3 (v3.14.6).
• Multiple UI improvements on the EBIOS RM report (v3.15.0).

UX Improvements

Expand/collapse requirements tree (v3.15.0) — The requirements tree can now be fully expanded or collapsed with a single click, making it much faster to navigate large frameworks.

AutocompleteSelect handles large sets (v3.14.5) — When many items are selected, the autocomplete component now displays a compact “+N” indicator instead of overflowing the field.

Calendar view improvements (v3.15.0) — The calendar view has received visual polish for better readability.

Better boolean value display (v3.15.0) — Boolean fields now render with contextual meaning and a neutral colour option, replacing the previous raw true/false display. This is a breaking change for custom components that relied on the old rendering.

Better threats aggregation rendering (v3.15.0) — The threats aggregation view has been improved for clarity.

Internationalisation

Korean language support (v3.14.5) — CISO Assistant is now available in Korean, thanks to new contributor @SeungWoonSong.

Framework & Library Updates

• PASSI (v3.15.0) — Added support for the PASSI (Prestataires d’Audit de la Sécurité des Systèmes d’Information) framework, contributed by new community member @Arthur314159.

Security & Authentication

OIDC list handling and recursion depth (v3.14.5) — The OIDC email claim lookup now handles list-type claims and adds a maximum depth to the recursive search, preventing runaway lookups with deeply nested token structures.

Bug Fixes

• Guard against missing approver on approval workflows (v3.14.5).
• Risk donut chart values are now consistent (v3.14.5).
• Django settings usage standardised across the codebase (v3.14.5).
• Fallback path management for libraries corrected (v3.14.6).
• Asset security objectives offset fixed at import (v3.14.6).
• Sync-to-actions extended result behaviour corrected (v3.14.6).
• Applied controls can now be filtered by multiple statuses simultaneously (v3.15.0).
• Risk assessment folder checking is more consistent (v3.15.0).

New Contributors

• @SeungWoonSong — Korean language support (v3.14.5)
• @Arthur314159 — PASSI framework library (v3.15.0)

Welcome aboard!

For the full list of changes, see the v3.14.5 – v3.15.0 releases on GitHub.