Blog/Announcement

Announcing RedVeil 2.0

A major step forward for AI-powered penetration testing — internal network testing, segmentation testing, asset inventory, compliance framework mapping, a refreshed UI with full theming, and dozens of fixes across the platform.

May 1, 2026Announcement
#release#product-update#internal-testing#segmentation-testing#asset-inventory#compliance#ui-refresh

Today we are releasing RedVeil 2.0 — the largest update to the platform since launch. This release is the result of months of work across engineering, security research, and design, and it expands what RedVeil can test, how teams manage their security programs inside it, and how the product looks and feels day to day.

This post is a high-level tour of what's new. Each headline feature will get its own deep-dive blog post over the coming weeks, with full technical documentation, walkthroughs, and example workflows.

Internal Network Testing

Until now, RedVeil's autonomous agents have focused on what attackers see from the outside — web applications, public APIs, external infrastructure, and cloud-facing services. With 2.0, that scope expands inward.

Internal Testing brings the same validated, agent-driven methodology to the assets that live behind your perimeter: internal services, lateral movement paths, Active Directory, file shares, internal APIs, and the long tail of forgotten hosts that quietly accumulate inside every network. Connect a lightweight RedVeil agent to the network environment you want assessed, scope the engagement, and let the agents work.

The same principles apply: every finding is validated through controlled exploitation, every result includes proof-of-concept evidence and reproduction steps, and every report is audit-ready. The difference is that you now get that depth on the parts of your environment that traditional external pentests never reach.

A dedicated post on Internal Testing — including collector deployment, scoping patterns, and example findings — is coming next week.

Segmentation Testing

Network segmentation is one of the most common compliance and architecture controls — and one of the most challenging to verify regularly. Segmentation Testing in RedVeil 2.0 automates that verification.

Define your segments (PCI cardholder data environment, production vs. corporate, OT vs. IT, tenant isolation boundaries, etc.) and RedVeil's agents will systematically attempt to traverse between them, document every successful path, and surface any unexpected connectivity. Results map directly to controls in PCI DSS, NIST, ISO 27001, and other frameworks where segmentation is required.

For teams maintaining a PCI scope reduction strategy or zero-trust architecture, this turns segmentation from a once-a-year audit exercise into a regular, evidence-backed control.

Asset Inventory

Penetration testing has always lived next to a parallel problem: knowing what you actually have. RedVeil 2.0 introduces Asset Inventory — a living source of truth for every target your team can test, organized into different surfaces.

Add a list of domains, IPs, CIDRs, or URLs and Asset Inventory routes each one to the right surface automatically. Then point any number of projects at the inventory instead of restating scope every time you start an engagement.

Asset Inventory ships with two equally first-class management surfaces from day one:

  • In the platform. Manage every inventory and exclusion from Settings → Asset Inventory.
  • From the pentest-agent CLI. Every action is a pentest-agent asset subcommand, so the same inventory you manage in the dashboard can be wired directly into any CI pipeline that already knows what you own.

It also ships with an org-wide exclusion list that travels with every project automatically. Project scopes are pre-validated against the list before any scan starts, so you never accidentally run against a system that was meant to be off-limits.

A dedicated post on Asset Inventory — including the bulk-input format, exclusion patterns, and CLI workflows — is live today.

Compliance Framework Mapping

Reports in RedVeil have always been audit-ready. With 2.0, they become framework-aware.

Every finding is now mapped to the relevant controls across four frameworks at once:

  • NIST SP 800-53 — the federal control catalog that underpins FedRAMP, FISMA, and a growing number of enterprise frameworks.
  • MITRE ATT&CK — the adversary tactics and techniques matrix that turns "we have a vulnerability" into "here's how a real attacker would use it."
  • CWE — Common Weakness Enumeration, for code-level and architectural classification.
  • OWASP — Top 10, API Top 10, or Mobile Top 10, picked automatically based on the project type.

Every mapping ships with a confidence score and a short rationale grounded in the finding text — so reviewers can see why a control was selected, not just that it was. Export the whole thing as a Compliance Mapping CSV, drop it into your audit workpaper or GRC platform, and skip the manual translation step entirely.

UI Refresh with Themes and Customization

RedVeil 2.0 ships with a fully redesigned interface. The information architecture is cleaner, navigation is faster, and the most common workflows — launching a scan, triaging findings, generating a report — take fewer clicks than before.

The bigger change is theming and customization. Open Settings → Appearance and you can:

  • Pick from a wide range of themes — Light, Dark, and System, plus curated special styles like Hacker, Corporate and more.
  • Swap typography between a clean sans-serif and a developer-friendly monospace for teams that want their dashboard to feel more like a terminal.

The refresh is rolling out to all workspaces today and is fully backward compatible with existing projects, scans, and reports.

Fixes and Improvements

In addition to the headline features, RedVeil 2.0 includes a long list of fixes and quality-of-life improvements landed over the last release cycle, including:

  • More reliable handling of long-running scans against large external surfaces.
  • Faster project list rendering for organizations with thousands of tests.
  • A range of smaller UI, API, and CLI fixes reported by customers since the last release.

What's Next

RedVeil 2.0 is available to all customers today. Existing projects, scans, findings, and reports carry over with no migration required — the new capabilities simply appear in your workspace.

Over the next few weeks we'll be publishing detailed posts on each of the headline features:

  • Internal Testing — deployment, scoping, and example engagements.
  • Segmentation Testing — methodology and compliance mapping.
  • Asset Inventory — three-surface model, org-wide exclusions, and CLI workflows.
  • Compliance Framework Mapping — how the engine works and how to use it for audits.

If you want to see any of this in action, book a demo or jump straight into your workspace at app.redveil.ai. For teams running RedVeil through agents and CI, the pentest-agent CLI has been updated to support all of the new 2.0 capabilities — including internal scans, asset operations, and framework-scoped reports.

Thanks to every customer who shaped this release with feedback, bug reports, and feature requests. RedVeil 2.0 is built on what you told us you needed next.

Previous

How AI Agents Can Run Penetration Tests With RedVeil

Next

No next article

Ready to run your own test?

Start your first RedVeil pentest in minutes.

Start your pentestBook a demo