We're back with another big release, and this time the team are very excited to announce that we've taken the RoboShadow Mac and Linux Agents out of Experimental Features. They are now globally available in Beta 🎉
We are well aware that this release has been a long time coming and we want you all to know that your support means the world to us. We've spent a lot of time working towards a very solid foundation to build and release these agents (2 years in the making), so rest assured that as with everything we release, our mission is to deliver the highest standard at the lowest cost possible for you.
This comes alongside other highly requested features in this release:
Custom Range & Schedule in External Scanner
This release marks a major milestone for the team, and we're excited to share the progress we've made so far, with even more improvements already on the way. And we're not just stopping there, so stay tuned for our upcoming releases; they'll be packed with improvements and expanded coverage as we continue driving towards feature parity with leading solutions such as Qualys and Nessus.
We've included guided video tutorials to take you through these features, and you can find a list of more upcoming features at the bottom, but as always, don't hesitate to reach out to us directly at hello@roboshadow.com or terry.lewis@roboshadow.com if there's anything you'd like to ask about in particular.
In other news, please have a browse through our YouTube channel / LinkedIn page - we've been putting out a lot more content in terms of videos, interviews, articles etc. And there's a lot more exciting content coming out soon that I believe will be very insightful for our users, so make sure to keep an eye out.
We can only ask that you keep all of the feedback coming. It's how we build, improve and deliver strong results for you all, and we appreciate each and every bit of feedback - whether it's positive or negative.
Over the past months, many of you have been using these agents through our Experimental Features, helping us shape and improve them along the way, and we're delighted to now bring both agents out of experimental and into public release in Beta.
The RoboShadow Mac Agent and Linux Agent provide full vulnerability visibility across macOS and Linux devices, right alongside your Windows fleet, giving you a complete view of your endpoint security posture from a single platform.
|
Capability |
Mac Agent |
Linux Agent |
|
Vulnerability scanning & CVE matching |
✅ |
✅ |
|
Device visibility (hostname, serial, IP, OS) |
✅ |
✅ |
|
Hardware inventory (model, processor, memory, BIOS) |
✅ |
✅ |
|
Software inventory (installed applications) |
✅ |
✅ (APT, RPM, Snap, Flatpak + manually installed binaries) |
|
Firewall status monitoring |
✅ (macOS firewall, GateKeeper, stealth mode) |
✅ (UFW, iptables, ip6tables, nftables, firewalld) |
|
Antivirus detection |
— |
✅ (17 products including CrowdStrike, SentinelOne, Defender, ClamAV, and more) |
|
Disk & storage reporting |
✅ |
✅ (including LUKS encryption and Samba share detection) |
|
OS update tracking |
✅ (available & installed updates) |
✅ (APT & YUM/DNF security and OS updates) |
|
Ubuntu Pro / ESM detection |
Coming Soon |
✅ |
|
ARM64 (Apple Silicon / aarch64) support |
✅ |
✅ |
Once you've installed the agent, your Mac and Linux devices will appear in your device lists and reports. You can filter by operating system across Device Vulnerabilities, Hardware, Software, Antivirus, Disks, and OS Updates.
Note: These are read-only, visibility-first agents, that scan and report. They don’t make changes to your devices. Automated remediation remains Windows-only for now, as macOS patching is best handled via Apple Business Manager, and we’re working on apt-get update functionality for Linux in the near future. LAN scanning, CIS Benchmarks, and remote commands are also not available for Mac/Linux.
Watch Charlie’s video tutorial here:
AI App Upgrades (or you may have heard us refer to it as AI AppGet) can be enabled through Experimental Features, and is designed to automate the remediation of software vulnerabilities for applications that don't currently have a standard WinGet upgrade path. By leveraging AI to research and source verified installation packages from trusted sources, this feature ensures that your device environment stays secure and up-to-date, even for niche or proprietary software.
Watch Charlie’s video tutorial here:
Note: Please view the results of the research before pushing out an update via AI Fix, to ensure that you're happy with the package that will be installed on the machine.
RoboGuard Scheduled Scans allow you to automate your external security audits by setting up recurring vulnerability scans. So instead of manually triggering a scan, you can define specific intervals to ensure your external-facing assets are consistently monitored for threats.
This feature helps in maintaining compliance and ensures that new vulnerabilities are detected promptly without requiring manual intervention. The scheduling engine now allows you to define both the frequency of the scan and the exact timing (yearly, quarterly, monthly, weekly, down to the day and hour), and once a schedule is set, RoboGuard will automatically initiate the external scanner at the coordinated time.
Watch Charlie’s video tutorial here:
Note: The system operates on UTC (Coordinated Universal Time). Before finalising your schedule, double-check your local time zone against UTC to ensure the scan runs at your intended local time.
The AutoFix CIS Benchmarks feature is designed to automate the remediation of security configuration gaps - you can now enable this through Experimental Features. Based on the Center for Internet Security (CIS) standards, this feature allows administrators to automatically resolve non-compliance issues across devices and Microsoft 365 environments. Automating these fixes means that organisations can ensure they maintain a continuous security posture without manual intervention, significantly reducing the window of vulnerability when a device or account falls out of compliance.
Because this is a powerful capability that makes changes to your live Microsoft 365 tenant, we want to give you the full picture before you switch it on, including a safety note about avoiding lockouts:
Some of the most valuable benchmarks, particularly those that create or tighten Conditional Access and authentication policies, are also the ones most capable of locking people out if your environment isn't ready for them.
🚨 The single most important rule: make sure your tenant already meets the benchmark's requirements before you apply the fix.
Examples:
And one last note: AutoFix requires that your Microsoft 365 connection has write access, so if you’ve connected to RoboShadow as read-only, then remediation is intentionally blocked and you’ll only see assessment results.
Watch Charlie’s video tutorial here:
The CISA Prioritisation and KEV integration in AutoFix is now fully released and allows IT administrators to automate software updates based on the risk level of detected vulnerabilities.
With this, you can tell a rule to only patch applications affected by CVEs that appear on CISA's catalogue of vulnerabilities confirmed to be exploited in the wild, cutting through the thousands of potential CVEs to focus your remediation on real, active attack vectors.
That, combined with a CVSS severity threshold, gives you a precise, risk-based patching strategy: for example, one rule that auto-patches anything Critical and on the KEV list immediately, and a separate, more relaxed rule for lower-severity updates. As always, the goal is to deliver upgrades that mean less noise, less decision fatigue, and far more confidence that every automated fix is addressing a genuine threat.
Watch Charlie’s video tutorial here:
Note: The rule for apps only fires when the CVE clears your CVSS threshold. This is the key behaviour to flag to users. If you enable both KEV and a CVSS threshold, they combine with AND logic: a CVE must be on the KEV list and score at or above your threshold to trigger a fix. Severity bands are Critical (9.0–10.0), High (7.0–8.9), Medium (4.0–6.9), Low (0.1–3.9), and you can fine-tune within a band (e.g. 7.5).
As promised, we've now enabled User Apps for all organisations by default. You can still disable this feature as you please.
User Applications covers any applications that are installed in the context of a user, providing complete visibility. We've made this progression to give you better posture out of the box and simplify your operations. Browsers and comms tools are the biggest day-to-day attack surface and the most frequent CVE/KEV churn, and predominantly install per-user. Excluding them by default leaves the worst offenders unpatched.
They will be included in the Software and CVE pages, so be aware that you’ll likely see a spike in CVEs – this is completely normal as the data increases.
We’ve made upgrades to this so that you can now use AutoFix on User Apps, as well as the one-click fix button. We’ve also added in an option to stop AutoFix from updating User Apps if any issues are detected – you can enable this for select / all AutoFix rules as you wish via AI AutoFix Rules.
All of your User Apps are now synced against WinGet so you can update them in exactly the same way as usual.
How to access the feature:
Most of you will already be aware of this, but we just wanted to include a reminder that RoboShadow now supports TOPdesk as a native PSA integration. This feature allows IT teams and MSPs to streamline their vulnerability management by automatically synchronising security data with TOPdesk.
RoboShadow will automatically generate a ticket in TOPdesk when a vulnerability that meets your specified criteria is detected, and once we verify that applications have been patched and the vulnerability is resolved, the corresponding ticket will be automatically closed. You can also define exactly what vulnerabilities trigger a ticket based on their CVSS score, to prevent 'alert fatigue'.
Watch Charlie’s video tutorial here:
We’ve also made upgrades across several areas:
As always, our team is on hand if you’d like further guidance or want a second pair of eyes before you enable anything. Please do give these features a try and let us know what you think; as we keep iterating to you all, your feedback is what shapes where this feature will go next!
Thank you for your ongoing support and feedback, and if you have any questions, please don’t hesitate to reach out to us at hello@roboshadow.com