Skip to main content
SQUIRRELOPS

Changelog

Release notes.

Summary of recent releases. Detailed change log available on request.

v1.0.52026-05-24

Defense-in-depth hardening release.

v1.0.4 shipped the capability. v1.0.5 hardens the perimeter around it. This release closes 14 issues from a comprehensive internal audit of the runtime and build pipeline. 815 tests pass on the release branch.

  • SSRF protection on the hosted-model adapter (rejects userinfo, IDN homoglyphs, private/loopback IPs).
  • Decompression-bomb defense on profile loading: large members stream to disk with inline hashing instead of into RAM.
  • Tar-smuggle defense: explicit member-type allow-list rejects sparse, hardlink, and LONGNAME entries.
  • CSV-injection defense on exported reports.
  • Input-size caps on the local model backend (8 KiB / 16 messages).
  • Numerical safety guards on the ML classifier (no more NaN cascades routing benign traffic to high-severity buckets).
  • Tighter regex bounds across the detection pipeline (preventing pathological-input compute blowup).
  • Six additional quality fixes around training reproducibility and report sanitization.
v1.0.42026-05-12

AI Deception capability ships.

The first release of the AI Deception product line. Two-layer detection in front of a fine-tuned decoy model, reproducible profile bundles, per-tenant tuning, and a full adversarial test-suite release gate. Cleared internal red-team validation with 98.5% threat capture and zero false positives.

  • AI Deception product line shipped: two-layer detection (rule-based + ML) sitting in front of a fine-tuned decoy model.
  • 98.5% threat capture on the internal adversarial test suite (66 of 67 attack turns).
  • Zero false positives on benign traffic.
  • 121 tracked credentials issued per 87-turn campaign.
  • Per-tenant detection rule overlays — additive only; baseline preserved; audit-logged.
  • Reproducible profile bundles — bit-identical rebuilds verified across runs.
  • Cryptographic signing of every profile bundle.
  • OpenAI-compatible HTTP endpoint for transparent in-line deployment.

Want the detailed change log?

The per-commit change log, internal audit findings, and security advisories are shared with pilot customers under NDA.

Request the detailed change logSee the security overview →