Pensar Release Notes - February 2026

Pensar v3.3.0 is here with a redesigned Console dashboard, a fully autonomous authentication agent for pentests, GitHub Enterprise Server support, priority scanning, and a long list of improvements and fixes.

UI Design Updates

We've updated the underlying design system for the Console dashboard — this includes an updated design for the project dashboard page to prioritize issue data.

The issues tab in the project page has been updated to enable faster issue triaging based on criticality of vulnerability and the risk score/sensitivity of the endpoint where the vulnerability was found. This makes remediation triage much easier.

Autonomous Authentication Agent

We've introduced a new Authentication Subagent that can independently discover, authenticate, and maintain sessions against target applications during penetration tests — including full browser-based login flows.

When a pentest target requires authentication, the agent now autonomously:

Navigates login pages using a headless browser powered by Playwright, interacting with JavaScript-rendered forms, OAuth consent screens, and multi-step login flows without human intervention.
Detects the authentication scheme (form-based, JWT, Basic, OAuth, API key) and selects the appropriate strategy — falling back to browser automation when HTTP-only requests aren't sufficient.
Extracts and persists tokens from cookies (including httpOnly), localStorage, and sessionStorage, then exports ready-to-use headers for all downstream testing agents.
Documents the full auth flow on first success (login URL, field selectors, CSRF handling) so subsequent runs skip discovery entirely.
Identifies barriers like CAPTCHA, MFA, rate limiting, and invite-only registration — and reports them to the coordinator rather than attempting unsafe bypasses.

The subagent supports four intent modes: Authenticate (use provided credentials), Register (create test accounts when no credentials exist), Token Verification (validate pre-existing tokens), and Test Edge Case (targeted tests like session expiry or rate limiting).

A dedicated Auth Bypass Agent works alongside it, testing for privilege escalation, IDOR, and parameter manipulation once a valid session is established.

New Features

GitHub Enterprise Server. Organizations using self-hosted GitHub instances can now connect them to Pensar for scanning and issue tracking.
Priority scanning. Choose between Priority mode (critical endpoints only, risk score > 6) and Full mode (all endpoints) when launching a pentest.
Endpoint risk scores. Every scanned endpoint now receives a calculated risk score with rate-limit awareness for smarter triage.
Grouped scan view. Scan endpoints are organized by application with collapsible sections and per-app status badges (completed, in progress, errors, paused).
Enhanced sandbox testing. Sandbox tests now run as background jobs with real-time agent log streaming and improved configuration directly from project settings.

Improvements

Faster issues page. The issues list uses TanStack Query for cached data fetching and automatic background updates, significantly reducing load times.
Reliable report downloads. Download links are generated on-demand via presigned URLs, eliminating expired link issues.
Scan safety guard. Pentests are blocked from launching while reconnaissance is still running, preventing conflicting operations.
Workspace naming. Workspaces can now be given custom display names.
Improved report styling. Refined cover page layout for a more polished appearance.

Fixes

Fixed issue count mismatch between the issues page and project dashboard.
Fixed team invitation and "add users to project" dialogs.
Fixed assignee dropdown and @mentions in issue comments.
Resolved logout and redirect errors across authentication flows.
Reduced page payload sizes by removing embedding data from server-rendered responses.

Breaking Changes

Authentication upgraded. All users will need to re-authenticate after this update.
Automated reports removed. Scheduled weekly/monthly reports have been retired. On-demand report generation is unaffected.

UI Design Updates

We've updated the underlying design system for the Console dashboard — this includes an updated design for the project dashboard page to prioritize issue data.

Autonomous Authentication Agent

When a pentest target requires authentication, the agent now autonomously:

Navigates login pages using a headless browser powered by Playwright, interacting with JavaScript-rendered forms, OAuth consent screens, and multi-step login flows without human intervention.

Detects the authentication scheme (form-based, JWT, Basic, OAuth, API key) and selects the appropriate strategy — falling back to browser automation when HTTP-only requests aren't sufficient.

Extracts and persists tokens from cookies (including httpOnly), localStorage, and sessionStorage, then exports ready-to-use headers for all downstream testing agents.

Documents the full auth flow on first success (login URL, field selectors, CSRF handling) so subsequent runs skip discovery entirely.

Identifies barriers like CAPTCHA, MFA, rate limiting, and invite-only registration — and reports them to the coordinator rather than attempting unsafe bypasses.

A dedicated Auth Bypass Agent works alongside it, testing for privilege escalation, IDOR, and parameter manipulation once a valid session is established.

New Features

GitHub Enterprise Server. Organizations using self-hosted GitHub instances can now connect them to Pensar for scanning and issue tracking.

Priority scanning. Choose between Priority mode (critical endpoints only, risk score > 6) and Full mode (all endpoints) when launching a pentest.

Endpoint risk scores. Every scanned endpoint now receives a calculated risk score with rate-limit awareness for smarter triage.

Grouped scan view. Scan endpoints are organized by application with collapsible sections and per-app status badges (completed, in progress, errors, paused).

Enhanced sandbox testing. Sandbox tests now run as background jobs with real-time agent log streaming and improved configuration directly from project settings.

Improvements

Faster issues page. The issues list uses TanStack Query for cached data fetching and automatic background updates, significantly reducing load times.

Reliable report downloads. Download links are generated on-demand via presigned URLs, eliminating expired link issues.

Scan safety guard. Pentests are blocked from launching while reconnaissance is still running, preventing conflicting operations.

Workspace naming. Workspaces can now be given custom display names.

Improved report styling. Refined cover page layout for a more polished appearance.

Fixes

Fixed issue count mismatch between the issues page and project dashboard.

Fixed team invitation and "add users to project" dialogs.

Fixed assignee dropdown and @mentions in issue comments.

Resolved logout and redirect errors across authentication flows.

Reduced page payload sizes by removing embedding data from server-rendered responses.

Pensar Release Notes - February 2026

UI Design Updates

Autonomous Authentication Agent

New Features

Improvements

Fixes

Breaking Changes

Share this article

Written by

Pensar Release Notes - February 2026

UI Design Updates

Autonomous Authentication Agent

New Features

Improvements

Fixes

Breaking Changes

Share this article

Written by