2026 is well on the way, and we have just released our Mega Product Update email, so this blog will give you the same updates as to what has already gone into production this year and what is planned in the near term. Our team has been tirelessly working behind the scenes shipping updates at pace, and our focus has stayed firmly on building, fixing, and improving the platform.
Since our last update in December, 470 tickets have gone live. That’s an average of 10–15 releases per business day. Huge credit to the release and development teams: we continue to ship at speed, with stability, and without release issues, and this is something we’re immensely proud of.
There’s a lot of noise in the market right now, but our focus hasn’t changed. We’re keeping our heads down, shipping product, and continuing to reduce the cost and complexity of cybersecurity. Service providers remain at the heart of what we do, they’re the unsung heroes of cybersecurity, and supporting them will continue to guide our roadmap.
I’ll leave you to go through the release tickets export, but below is a summary of what’s now live, and what’s coming in the next few weeks and quarter.
As always, I genuinely love hearing from people individually. Feel free to email me directly at terry.lewis@roboshadow.com, I may not reply instantly, but I do get back to everyone usually by the end of the weekend.
The full list of 470 development tickets can be found here.
An MIT study recently highlighted why 80% of AI projects fail, and candidly, this part of RoboShadow has been extremely hard work. Training AI is a bit like raising a child: endless teaching, testing, breaking, and re-testing. It’s still not perfect, but it’s now delivering real value in terms of insights.
Retrofitting AI into a dataset that doesn’t naturally lend itself to AI has been interesting to say the least, but we really are getting there now. It's also very expensive to run (as you flood the context window with all the Cyber Data), so we have no idea how we're going to bill this moving forward; however, we will continue to fund it entirely as R&D for the foreseeable future.
Our goal is to hyper-optimise your most common use cases and rely on using MCP integrations (connecting your own ChatGPT or Claude) to make this accessible to everyone. Don’t worry about the bill to us for now, we’d much rather you use it heavily so we can learn from it. As a sweetener for those who are helping us shape the AI, we’re aiming to offer you lifetime access with no additional billing.
The current vCSO can be found in the right-hand settings menu under vCSO Beta.
AI MCP / vCSO Chat can be enabled in Experimental Features.
Linked here: https://portal.roboshadow.com/vcso
Effectively, we’ve resolved all known global issues related to WinGet application installs in standard environments. What remains are environmental nuances such as antivirus interference, download problems, and controls like ThreatLocker and WDAC stopping installs and updates. We have had a massive purge on this, and all we need now is for you to give us the nuances, so that even if we can’t solve them for you (ie. It's an environmental issue on your end), we can help report and smart message for you.
So do please email me directly at terry.lewis@roboshadow.com and send over your issues, the intel we get from you all is priceless.
A big thanks to everyone who has helped with this – getting this right has taken a lot from myself and the patching team, and if we were to do this again, we’d probably go down the “Published Apps” route. Although WinGet is securely managed by Microsoft, in practice it’s the Wild West in terms of nuances. It’s taken a team of 10 people nearly 2 years to get this to its current state.
The Dark Web Scanner has been refined based on your feedback and now makes it easier to pull in your users from Microsoft 365 and identify which breaches apply to your user base.
We’ve intentionally avoided displaying breached passwords due to global legal ambiguity, instead relying on a Have I Been Pwned–style integration, but made it widely accessible for you also.
Enable "Dark Web Scanner (Multi-User)" in Experimental Features, and please have a play and let us know how you’d like this to integrate further into the rest of the product.
Linked here: https://portal.roboshadow.com/account/darkweb#scanner
This closes one of the biggest gaps you see between RoboShadow and Nessus / Qualys agents. It will effectively show you the vulnerabilities in the user profiles, of which you can now start feeding into your accounts. We are going to do this slowly (hence why you have to enable it), as sometimes these can throw up some false positives and spook people un-necessarily.
Vulnerabilities can live in obscure profiles of users who have not logged on in months or years. The problem is that to access most of these you need system / admin privileges, and if an attacker has admin access, they don’t need vulnerabilities to wreak havoc.
Our commitment remains low-noise vulnerability management, but in early 2026 our priority is ensuring we benchmark against (if not better) than Nessus / Qualys. Previously, you would have to look into the Binary Scanner to see profile level vulnerabilities, but this will now bring the profile CVEs into the mainstream.
Enable “User Applications” in Experimental Features.
We have now put in the EPSS score into CVE rating for Device Vulnerabilities, and we will soon be adding CISA KEV to help you prioritise. Do let us know more areas you want to see these scores.
Linked here: https://portal.roboshadow.com/reports/cves#cves
We apologise for how long this has taken, but the new Mac agent is now live and integrated across dashboards and reporting. It also installs cleanly via RMMs / Intune etc.
While it doesn’t automatically upgrade from the old agent like the Windows Agent does (thanks, Apple), the Linux agent is very close behind, and fully integrated into the rest of the platform too.
Once again, sorry for the delay – this is a high demand item, and if people can give us as much feedback as possible, that would be great.
Enable "Mac Agent" in Experimental Features
You may have noticed that if you log in from an IP address we don’t recognise, you receive an email alert. This is part of a broader set of user security upgrades we’re putting in place.
While we’ve never had a security breach or incident (thanks to our sec team, bug bounty, and pentest partners), we’re now laying the groundwork to give you more powerful controls over your environments. Power without control isn’t particularly useful, so we're building out more controls for locking things down.
We originally didn’t want to allow customers to run scripts or make changes in a way similar to an RMM. However, due to the volume of requests, we’re now moving toward slowly opening this up.
We’ve improved how organisations can be pulled into, managed within, and removed from tenancies.
You are now able to stop co-managed service provider customers from receiving RoboShadow customer success emails.
We’ve added a chip to the Cyber Benchmark page, making it clearer which benchmarks align with Cyber Essentials requirements. A Cyber Essentials filter will also be added to reporting outputs soon.
This is the same as the Ninja Integration - it allows Datto RMM to add agents and organisations into the platform so that the RMM can control the roll out. Documentation isn’t available yet as this integration is brand new, so please contact me directly if you’d like more information.
This feature has been around for a while but hasn’t yet been made mainstream. It provides a time-series view of what remediation work has been completed over time.
Please use the link below as we would love to get some more feedback from you on what you would like in here. We’ve also moved the data filter into the plugin, as opposed to using the date filter at the top of the platform.
Linked here: https://portal.roboshadow.com/remediation-report
We are accounting for the different types of Benchmarks (Intune / Group Policy / Local) so Cyber Heal works and detects core benchmarks automatically. This will allow us to complete delivery of the full “CIS Level 1” benchmarks, which is currently available in the Experimental Features Section.
The long-awaited MSP view is nearly here. This will allow you to view multiple accounts on a single page, making client prioritisation far easier and more intuitive.
This has required some major DB work to get right.
The Shell that we have out there is a success, we are now just filling in the data blanks and will be releasing a fully data-enriched version within a few weeks from now. Sorry again for how long this has taken.
This is a major overhaul of our payments system which will allow you to manage things more on a per device level, and ensure you don’t have to keep upgrading new customers yourselves (this will happen automatically).
For every MSP on MSP Enterprise, we will soon be upgrading all of your professional subscriptions to Enterprise.
Branding Selections will be able to work consistently across all the tenancies for our service providers. This has been an annoying quirk of our architecture which will be sorted soon.
We have a load of features that we’re holding back from fully announcing. But they are going to save a bunch of time and change the way you interact with your data forever. We have 7 AI agents (not chat bots) nearly ready on the production line, and we’re going all in on AI.
Feel free to ask me directly if you want to know more on this, we are just not priming everyone else on the matter just yet.
This will introduce visibility into what failed to install or update via Auto Fix, giving capability for you to manage and understand your failures. We need to do an agent release (scheduled for March), and once that’s in place, we will also be able to communicate the specific event that caused the issue.
Mentioned above the long awaited “Cyber Essentials” report, which will soon benchmark nicely along Qualys and Nessus.
We’re introducing general user audit logs of who did what, and where. We have these on the backend, but we are going to be making these available for you to interact with.
This is another item that crops up from time to time, i.e. where we don’t benchmark well with Nessus or Qualys. These are also in the process of being added at the moment. Soon Nessus and Qualys are going to worry that they are not benching against us!
This has taken a while but will be here very soon; it's just about ready to be done and will first happen with the Vulnerability Assessment Report.
RMM patching rings and organisation management (allowing full patching windows and better management).
RoboShadow is already a major scripting engine, but we don’t publish the ability for you guys to run your own. We get many requests for this, so this is coming soon.
Highly requested ability for people to bring in their preferred Remote-Control tech into the platform. Screen Connect, AnyDesk, Spalshtop + more.
The Binary scanner is where items hide if they get picked up by Qualys and Nessus etc. We have held these back for noise reasons.
Currently we don’t put CVEs from Windows OS issues into the main CVE pool. You see them as a “Security Update”.
As always, please do get in touch with me directly if you have questions. I had a bit of a spell at the tail end of 2025 in growth and “Go to market” (which is very dull and CEO-y), but I’m a product / support guy at heart and I love hearing from users 😊.
Thank you for your ongoing support and feedback, and if you have any questions, please don’t hesitate to reach out to us at hello@roboshadow.com