v0.47.0
β¨ New- Threat Model Beta: Cotool builds a dynamic threat model on your behalf and makes it available as a skill to your agents.
- Dynamically provisioned sub-agents are now available in chat and agents by default. These increase performance (latency and improve context use)
- Support for AWS Google Cloud CLI support in sandbox chats and agents. Integrate us directly into your cloud infra for detection and response
- Expanded Armis support with site listing, site-scoped asset search, and a smoother authentication flow
- Tool selection is faster with new Select all and Clear all actions in the tool selector modal
- Prompt version history now sorts newest versions first
- Improved handling for Anthropic context reduction errors in long or tool-heavy conversations
- Vectra investigations now fail more gracefully when data is temporarily unavailable
v0.46.0
β¨ New- Added Armis, Nightfall, Vectra, and CircleCI integrations
- Parallel tool calling: Agent turns now execute tool calls in parallel for faster multi-tool workflows
- Expanded GitHub workflows with PR review and inline comment retrieval, clearer progressive disclosure, and more resilient environment summarization
- Improved Microsoft Graph admin investigations with richer user profiling
- Expanded Wiz investigation coverage across issues, cloud resources, network exposures, configuration findings, detections, users, and application endpoints
- Improved chat usability with one-click copying for assistant messages and code blocks
- Improved Okta system log search reliability and rate-limit handling
- Fixed GitHub pagination limits that could previously truncate results for large repositories
- Fixed Slack directory refresh jobs when required scopes are missing
v0.45.0
β¨ New- Improved Detection Agent experience: no base-queries, just runbooks
- Added Twingate integration
- Added WhiteIntel integration
- Reworked detection authoring and tool configuration for a smoother builder experience
- GitHub integration now supports repository rulesets
- SentinelOne now supports endpoint lookup and secure file fetches from agents
- Chat and home page now remember your selected tools more reliably
- Added invite-based account onboarding and bootstrap setup flow
- Various bug fixes and perf improvements
v0.44.0
β¨ New- Slack tool actions can be configured to only operate on approved channels
- CrowdStrike NG SIEM integration for querying next-generation SIEM data directly in Cotool
- Socket integration now supports listing alerts
- IOC indicators on threat intelligence detail pages can now be exported as CSV
- Improved file attachment handling during memory extraction for more reliable context capture
- New and improved tool section UX
- Various minor UI fixes
v0.43.0
β¨ New- Acceptance criteria for response agents: add acceptance criteria to your agents to get notifications when they go off-trajectory
- Universal CMD+K command bar for quickly navigating agents, chats, and actions from anywhere in the app
- Custom RSS feed management for threat intelligence β add and manage your own feeds
- Faster chat loading with optimistic prefetching of message history
- Reddit r/cybersecurity added as a built-in threat intelligence source
- Copy-to-clipboard button added to markdown code blocks in the agent details panel
- File downloads in chat β the agent can now surface generated files directly in the conversation timeline
- Detection authoring now shows the full agent run experience with streaming output
- Fixed chat requests being rejected when some tools were temporarily unavailable
- Fixed filtering on the agent runs list
- Improved our slack integration
- Fixed sandbox desktop file browser height
v0.42.0
β¨ New- Redesigned home page
- Desktop view and file browser for sandbox environments
- Full-text search across agent run
- Agent-to-agent trigger indicators and bulk-editing on the Agents page
- Redesigned threat intelligence detail page with improved research layout and feed filters
- Chat lifecycle audit logs for tracking chat events
- Improved prompt version history with date-sorted versions and scrollable containers
- Fixed Linear OAuth token refresh and re-authentication flow
- Fixed Sublime detection sidebar branding
- Fixed Detection Suggestion custom instructions character limit bug
v0.41.0
β¨ New- Everything Computer: sandbox mode is now on by default in all agents and chats.
- Skills: Create reusable instruction packages that can be shared across agents, with support for importing and exporting Agent Skills
- GPT-5.4 is now the default model for new chats
- Suggested Detections now supports instructions, manual βRun nowβ controls, and clearer job status visibility
- Improved long-chat reliability with automatic context compaction and better handling for tool-heavy conversations
- Code blocks in chat now include a one-click copy button
- Fixed Datadog querying and detection authoring issues caused by custom
@field handling - Fixed TheHive alert update behavior and related integration issues
- Misc Bug Fixes
v0.40.0
β¨ New- Wait tool: Agents can now pause and automatically resume on a schedule, enabling timed workflows and delayed actions
- Detection suggestion review and query generation: Overhauled detection authoring with suggestion refinement and query validation
- GPT-5.4 model support
- Enhanced detection editor sidebar with improved Datadog log utilities
- Improved Code42 event retrieval
- Eval harness now surfaces critical issue status reporting with evaluation score
- Detection run results now link directly to the agent that generated them
- Better sandbox file handling
- Improved agent run reliability
- Fixed issues with browserbase integration in sandbox mode
v0.39.0
β¨ New- Detection Hits Page: A centralized feed of all hits across your detection agents View here
- Freshworks integration for managing tickets
- Response agent output hooks: Configure where your response agentβs structured output gets delivered after each run. From the response agentβs settings page, add one or more output destinations β Slack channels, webhooks, or PagerDuty β and Cotool will automatically POST the run metadata and structured output to each destination every time it executes.
- GPT-5.3-Codex model support
- LLM judge now flags critical issues for review
- Ability to disable Datadog detection rules directly from the editor
- Fixed Slack Markdown rendering
- Fixed OAuth login redirect after authentication
- Improved Notion experience when not authenticated
- Misc bug fixes
v0.38.0
β¨ New- Improved Detection rule authoring experience
- Sublime Security ActionMessage analysis for enriched alert context
- Slack user group search tool for finding and messaging groups
- Claude Sonnet 4.6 (with 1 million token context length) support
- Improved Slack Trigger experience
- Added Material Security mark-in-progress support
- Misc bug fixes and performance improvements
v0.37.0
β¨ New- Detection Rule Authoring: Complete experience overhaul with inline result previews and draft, proposal, and publishing workflows
- Linear Agents: @mention or assign Cotool directly in Linear issues to trigger agents with real-time streaming responses, live progress updates, and conversation continuity in your issue threads
- Sandbox mode for response agents with sandboxed computer-use capabilities
- Claude Opus 4.6 model support (released Feb 5, 2026)
- Intel Feed tool support for automated detection rule exploration
- Faster load times for chat messages and agent execution history
- Github tools now include closing and merging PRs
- Enhanced Linear trigger setup and webhook configuration experience
- Improved detection agent output formatting
- Deep linking to detection agents from execution history
- Dynamic tool list rendering in chat interface
- Fixed detection authoring entity tabs and agent instruction input
- Fixed multiple agent loop error handling issues for better user-visible messaging
v0.36.0
β¨ New- Tines Cases integration
- RunReveal integration
- New Audit Logging UI / UX
- Detection agents now display query hit counts for better visibility
- Minor detection agent improvements
- SumoLogic environment mapping enhancements
- Agent builder UI improvements
- Fixed custom Databricks & MCP server logos display
- Fixed title truncation and button labels in UI
- Fixed structured outputs rendering in chat
- Fixed diff generation for prompt suggestions
v0.35.0
β¨ New- Suggested Detections Tab: Cotool now automatically suggests good detection rule candidates to improve coverage in your environment
- RunReveal integration for log analysis and detection authoring
- MCP Resources support for attaching context from MCP servers to chats
- Enhanced Slack tooling: Slack now supports file attachments alongside sent messages (screenshots, charts, pdfs, etc.)
- Code42 integration improvements
- More reliable evaluations
- Fixed share option appearing incorrectly on agent pages
v0.34.0
π¬ Slack Improvements π¬- Replying to Cotool in a thread will continue the existing agent run
- You can now DM Cotool and it will create a private chat which can be continued in π§΅
- The full details are here. You will have to reauth the Slack integration to use the DM feature.
- PagerDuty integration (also is supported as a Detection Agent Destination)
- API key authentication support for custom MCP servers
- Slack threads with Agents are now re-entrant
- GPT-5.2 is now the default model for new chats
- Enhanced sandbox code execution display in chat event drawer
- Improved email parsing for triggers with better decoding and formatting
- Fixed Slack integration issues for large organizations
- Fixed trigger save errors when configuring agent triggers
- Fixed miscellaneous alert display issues
v0.33.0
β¨ New- Chat sharing for collaboration on agent conversations
- Slack as a detection output destination
- Slack confirmations allowing agents to request user approval before taking actions
- GPT-5.2 model support
- Enhanced agent template capabilities with tool associations
- Increased frontend timeout values for long-running operations
- Fixed Scanner tool definition backwards compatibility issue
v0.32.0
β¨ New- Sumo Logic integration
- Enhanced Scanner indexing with improved detection suggestions
- In-agent Scanner validation for detection authoring
- Admin controls to disable login methods (Google, password, SAML)
- Fixed GitHub create PR tool
- Fixed Formal integration
v0.31.0
β¨ New- Tags for agents and detections with sortable, filterable tables
- Custom scheduling cadence for detection agents
- Google Admin integration for detection authoring
- Agent run infrastructure is more durable
- Detection agents can now use other agents as tools
- Improved reasoning token streaming and updated reasoning UI behavior
- Detection authoring experience improvements
- Chat interruption handling with improved UI feedback
- Agent details full screen button now has a tooltip
- Schedule status chips for detection agents
- Improved detection and agent list pages with better table controls
- Various visual UI and UX fixes
- Fixed missing fields in detection builder
- Fixed memories CSV export error
v0.30.0
β¨ New- Agent templates for quick setup and common use cases
- Output destinations for detection agents
- Toggle to enable or disable detection agents
- Unsaved changes warning now appears across all pages
- Fixed streaming state not updating correctly in chat
- Fixed execution plan display in chat message timeline
v0.29.0
β¨ New- π Our Agentic Detections Platform is out in Beta π: Our detection platform allows for users to specify complex detections which go beyond rule-based detections to catch complex threats in their environment.
- Check out the detections tab in Cotool to see detection suggestions for your environment!
- TheHive: Create case from alert capability
- Improved Splunk querying capabilities
- Enhanced datetime handling utilities
- Fixed Jira 204 response handling
- Fixed detection authoring for Scanner
v0.28.0
β¨ New- Slack integration now supports targeting groups and channels in addition to individual users
- Enhanced Splunk query validation with parser that identifies invalid fields
- Added listApps tool and improved detection tools for Splunk integration
- Improved subagent tools display and UX in chat interface
- Added updatedAt filter to TheHive listCases and updated listAlerts
- Fixed Unix timestamp conversion in datetime utilities
- Fixed table component rendering issues
- Fixed trigger email rename functionality
- Fixed agent run deletion from chat page
v0.27.1
π Improvements- Enhanced theHive integration with improved filtering capabilities
- Fixed persistent context compression notice remaining visible across chat navigation
- Fixed navigation bug after deleting a chat
- Fixed memory handling for code42 integration
- Agent triggers are now automatically deleted when their parent agent is deleted
v0.27.0
β¨ New- Claude Opus 4.5 model now available for agent conversations
- Improved structured output schema handling with dedicated JSON schema types
- Added comprehensive documentation for structured outputs
- Refreshed tool environment map UI for better usability
- Improved pie chart component consistency
- Fixed login page styling issues
- Fixed βshow raw outputβ button in tool result drawer
- Fixed automatic saving and scrolling in schema builder JSON mode
- Fixed Crowdstrike integration errors
v0.26.0
β¨ New- Structured outputs for agents: Define JSON schemas to receive structured responses from agent runs
- GPT 5.1 model support
- Formal integration for infrastructure access management
- URLScan now prefers private scans by default for enhanced privacy
- Improved retry configuration for better reliability
- Restored tool call ordering for consistent execution
- Enhanced timeout logging for background jobs
- Reduced MITRE map file size for improved performance
- Fixed prompt suggestions type handling and checkpoints
- Fixed socket connection stability issues
- Fixed sending messages from the side panel
- Fixed various agent loop bugs
v0.25.0
β¨ New- Role Based Access Control is now live!!! See the documentation for how to get started
- Enhanced Splunk query refinement and tool prompts
- Context counter now displays warning when approaching limits
- Detection documentation published
- Splunk timeout configuration now available in frontend
- Webhook details now displayed when editing
- Fixed JSON repair handling for empty objects and nullable fields
- Fixed icon display issues in documentation
v0.24.0
β¨ New- Integration enable/disable feature: You can now enable or disable integrations from the tools details page without removing credentials
- Enhanced Splunk search with pagination, automatic query timeout (with query cancelation) after 2 minutes
- Removed Splunk wildcards on index parameter and prefix wildcards to prevent performance degradation
- Made endTime parameter required for SentinelOne PowerQuery
v0.23.0
β¨ New- Built-in Managed Investigation Agent with Intel Feed exposure checking
- Planning mode selector in agent creation UI
- Filter built-in agents from agent builder UI
- User email now included in application logs
- Google Drive auth now displays authenticated user
- Delete user button added to accounts page
- Cron-triggered agent run titles are now static
- Fixed SentinelOne and agent system prompt issues
- Streamlined Google Drive authentication flow
- Fixed type errors in agent loop
- Removed
anytype usage for better type safety - Agent loop no longer throws unhandled errors
- Fixed missing tools in agent execution loop
v0.22.0
β¨ New- Elasticsearch integration with MITRE mapping
- Sublime Security MDM documentation tool
- Account listing functionality
- theHive comment function requirements clarified
- Visual feedback when saving settings
- Fixed ephemeral authentication failure issue
v0.21.0
β¨ New- Confluence documentation integration
- Agent performance metrics in logs and lists
- Scanner environment job with dedicated UI
- Added support for observables in theHive
- API documentation improvements
- Fixed 400 error responses
- Removed LRU cache from tool credentials
- Fixed insights page default graph and tab
- Fixed documentation generation
v0.20.0
β¨ New- Mintlify documentation site
- MITRE rule mapping optimization
- Chat access permissions simplified
- Fixed memory tool association bug in UI
- Fixed missing chat retrieval bug
v0.19.0
β¨ New- Scanner environment job and UI
- Consolidated and deduped prompt suggestions
- Updated Linear webhook configuration
- Fixed document search authentication issues
- Fixed chat repository issues
- Fixed token counter for LLM judge
v0.18.0
β¨ New- AI-powered agent suggestions feature
- Evaluation scores in agent run detail headers
- Context manager applied to LLM judge evaluations
- Fixed API documentation rendering
- Fixed possible recursive agent reference issue
v0.17.0
β¨ New- Task planning in chat and agents
- Extended agent execution loop retry policy
- Wiz integration with projectId filtering
- Improved model selector UI
- Fixed context error when generating agents from chat
- Fixed Document Parser 404 responses
- Multiple database query fixes
v0.16.0
π Improvements- Linear status detection for better model understanding
- More aggressive context window management
v0.15.0
β¨ New- LLM judge scoring in agent details UI
- Context manager implementation
- User deletion capability for admins
- Fixed visual bugs in agent evaluation UI
- Fixed chat interruption error display
- Fixed Splunk and Hive schemas for Gemini/OpenAI
- Fixed time conversion tool for OpenAI
v0.14.0
β¨ New- Organization insights dashboard with metrics
- Slack message writing guidance
- Fixed time conversion tool schema for Gemini
v0.13.0
π Improvements- Token counter improvements
- Fixed webhook trigger errors
- Fixed 404 error handling
- Fixed null/undefined content checks
v0.12.0
β¨ New- Tool cache versioning
- Jira tool updates
- Reasoning token saving for Anthropic models
- Fixed agent follow-up in agent details
v0.11.0
β¨ New- Agent details page redesign
- Stop chat during tool call execution
- Token counter and context window improvements
- Agent linking to sub-agents
- Fixed critical error display
- Fixed Document Parser image parsing
- Fixed deleted chat error
v0.10.0
β¨ New- Chat title updates now stream in real-time
- Error classification and handling improvements
- Token counting accuracy
- Fixed SentinelOne 504 errors
- Fixed Linear tool null pointer exception
- Fixed thumbs feedback icon in light mode
v0.9.0
β¨ New- Material Security integration
- Sentry error tracking improvements
- Scanner query timeout extended
- Splunk tool descriptions
- Fixed sliding context window implementation
v0.8.0
β¨ New- Intel Feed integration
- Sentry error tracking
- Memory tool improvements
- Splunk mapping with retry logic
- Fixed SentinelOne issues
- Fixed object generation flakiness
- Fixed memory bugs
v0.7.0
β¨ New- Email trigger functionality
- SentinelOne MITRE mapping
- Splunk mapping optimizations
- Fixed email trigger issues
v0.6.0
β¨ New- Time conversion tool
- Detection authoring capabilities
- Fixed agent system prompt bug
- Fixed tool schema parsing
v0.5.0
β¨ New- Scheduled job execution
- Slack attachment parsing
- IP lookup tool error handling
- Fixed detection counts
- Fixed Splunk issues
- Fixed browser-use error rendering
v0.4.0
β¨ New- Memory management in UI
- Splunk exploration capabilities
- SentinelOne tool enhancements
- Fixed chat migration issues
- Tool call loop error handling improved
- Fixed Scanner implementation
v0.3.0
β¨ New- SAML login audit logging
- Scanner integration with MITRE mapping
- Splunk integration with MITRE mapping
- SentinelOne PowerQuery functionality
- Auto-provision access for SAML logins
- Agent description notice improvements
v0.2.0
β¨ New- SAML authentication support
- Hive integration
- Splunk integration
- Increased Claude Sonnet context window
- Fixed Hive authentication