Release notes

What's new in Northbeams.

New detections, features, and fixes shipped across the browser extension, desktop app, CLI agent, and dashboard. Updated every release.

Contextual PII detection, in beta and watch-only

A host-side language model now reads prompts for sensitive content that fixed patterns miss, the kind that only reads as sensitive in context. It is beta, watch-only, and off by default. When an admin turns it on it observes and labels for review, it does not block and it does not redact. Nothing about what reaches the model changes until you ask it to.

  • Contextual, not just patterns. Flags sensitive content a regex cannot, judged from the surrounding text rather than a fixed format.
  • Watch-only. Observes and labels. It never blocks, never redacts, and never alters the prompt that reaches the model.
  • Opt-in, per workspace. Off by default. An owner switches it on, the same posture redaction had when it first shipped.
Desktop Sentinel+

SIEM streaming: Splunk and Microsoft Sentinel, self-serve

Northbeams now streams governance events straight into your SOC. Connect Splunk through its HTTP Event Collector, or Microsoft Sentinel through the Log Analytics API, from a new SIEM tab in Settings. Paste your endpoint and key, run the built-in connection test, and blocked prompts, MCP tool blocks, and model-policy blocks start landing in the console your analysts already watch. No services engagement needed.

  • Splunk. HTTP Event Collector. Events arrive under the northbeams:governance sourcetype, ready for the searches and dashboards you already run.
  • Microsoft Sentinel. Log Analytics Data Collector API. Events land in the NorthbeamsGovernance_CL table in your workspace.
  • What gets forwarded. Blocked and warned prompts, MCP tool blocks and warnings, and model-policy blocks, each tagged with severity and the policy that fired.
  • Self-serve, with a test button. Configure both from Settings and verify the connection before you rely on it. Credentials are stored per workspace, and a SIEM outage never blocks event capture.
  • Privacy held. Events carry categorical labels and already-redacted snippets, never raw prompt content.
Dashboard Integrations Sentinel+

Firefox extension, at parity with Chromium

Northbeams now ships a dedicated Firefox extension, with the same prompt-level detection and on-device redaction the Chromium extension already gives you. Install it from northbeams.com/download/firefox. Firefox-only and mixed-browser teams are no longer a blind spot for the browser surface.

  • Full parity. The same on-device classifier, the same supported AI tools, the same send-redacted action you get on Chrome, Edge, Brave, and Arc.
  • One-click install. A signed .xpi served from northbeams.com/download/firefox, paired to your workspace the same way the Chromium extension is.
Browser

In-product feedback, wider AI coverage, and send-redacted

Feedback on detections is live in the dashboard now. The browser-extension improvements are rolling out through the Chrome Web Store: a one-tap send-redacted action, coverage for Google AI Mode and Bing Copilot, and early Hebrew detection.

  • In-product feedback. Flag a detection as a false positive or a miss from the warning itself. Workspace owners toggle feedback collection, and admins review what their users reported in the dashboard. Live now.
  • Send redacted. When the classifier flags sensitive content, send the masked version of the prompt in one tap instead of editing it by hand. The original text never leaves the device. Rolling out via the Chrome Web Store.
  • Wider AI coverage. Detection now reaches Google AI Mode and Bing Copilot in the browser, with the desktop agent as the authoritative capture path. Rolling out.
  • Hebrew and identity detection. Hebrew name, organisation, and place detection at an F1 of 0.93 on our benchmark corpus, plus passport numbers and dates of birth, alongside the existing credential, PII, source-code, and customer-data categories. Live in the desktop daemon, rolling out in the extension through the Chrome Web Store.
Browser Desktop Dashboard Sentinel+

White-label multi-tenant console for MSP and MSSP partners

Partners can now run Northbeams under their own brand. The multi-tenant console takes white-label branding, partners set it up self-serve and invite their clients, and every client gets a white-labelled Evidence Pack. Branding stays confined to each client tenant.

  • White-label branding. Put your own name and logo on the console and the client-facing Evidence Pack. Your clients see your brand, not ours.
  • Self-serve setup and client invites. Configure branding and invite client tenants yourself, with a partner onboarding guide to roll out across a book of clients.
  • Per-client isolation. Branding and data stay walled off inside each client tenant. Your own tenant and the demo sandbox are never overwritten by a client brand.
Dashboard Sentinel+

The catalogue passes 500 AI tools

The AI tool catalogue now covers more than 500 tools across browser, desktop, CLI, and MCP, up from 80 at the start of the year. New tools reach every endpoint within hours, with no Chrome Web Store re-review and no reinstall. The live count and methodology stay published on the coverage page.

  • 500+ tools, four surfaces. Chat assistants, AI coding agents, image and video generators, and MCP servers, each with a risk rating and a recommended posture.
  • Pushed, not shipped. New signatures reach existing installs through remote config, usually within hours of being added.
Browser Desktop MCP

Model governance: allow, warn, or block by LLM model

Admins can now set policy on the specific models their team uses, not just the tools. Allow, warn, or block individual LLM models and providers, enforced on-device in the proxy path. Off by default, per workspace, the same posture as redaction. Block an unapproved model and the prompt never reaches it.

  • Per-model rules. Allow, warn, or block by model ID or provider, so an approved tool running on an unapproved model is still caught.
  • Enforced in path. The decision happens on-device in the proxy, not after the fact. A blocked model never receives the prompt.
  • Off by default. Per-workspace and admin-controlled, and surfaced in SIEM as model-policy events when it fires.
Desktop MCP Sentinel+

The dashboard, rebuilt as an AI analyst

The Monitor dashboard is now built around an AI analyst instead of a wall of tables. Ask it a question in plain language, get a briefing back, and act on the decisions that need you from a review queue. A new information architecture organises everything around Brief, Decisions, Surfaces, and Evidence.

  • Ask in plain language. A natural-language command bar answers questions about your AI usage and risk, and runs the action for you.
  • Decisions, not dashboards. High-stakes calls land in a human-in-the-loop queue. You approve or reject, the system carries it out.
  • A clearer map. Brief, Decisions, Surfaces, and Evidence, so the daily question of what changed and what needs you has an obvious home.
Dashboard

Real-time prompt redaction now live on Sentinel

The classifier no longer just watches. It rewrites. Credentials, PII, source code, and customer data are masked on-device before the prompt leaves the browser or the MCP Gateway. Claude and ChatGPT receive the redacted prompt. You receive the audit log. If redaction fails for any reason, the fallback alert is metadata-only. No unredacted content is ever sent off the laptop.

  • Outbound prompt redaction (browser extension). Before a prompt is submitted to Claude, ChatGPT, Gemini, or any catalogued AI tool, the on-device classifier identifies sensitive content across five categories: credentials, PII, source code, customer data, legal. Matches are replaced with [REDACTED:type] tokens.
  • MCP argument redaction (MCP Gateway). When a coding agent like Cursor or Claude Code invokes a tool through an MCP server, sensitive argument values are redacted on the laptop before the call leaves. The MCP server receives the call without the secret.
  • Metadata-only failure alerts. If redaction can't complete (LLM unreachable, adapter crash), the workspace receives an alert with only the provider, phase, and error category. The original unredacted prompt is never sent to our servers.
  • Audit event fields. Every event now carries redactionApplied, redactedEntityCount, and redactedCategories[]. Exportable to SIEM via the Fleet integration.
  • Slack alert routing. Workspace admins can route redaction events to a Slack channel for real-time visibility. Severity-gated to avoid noise.
Browser MCP Dashboard Sentinel+

Tool catalogue v0.4.0: 80+ tools, with deeper Asia-market and AI-coding coverage

The biggest single catalogue expansion since launch. 30+ new tools added across chat assistants, AI coding, and image generation. The catalogue now covers 80+ tools across browser, desktop, and CLI surfaces. Asia-market coverage gets a particular bump (Kimi, Qwen, Doubao, Ernie, Yuanbao, ChatGLM, Hailuo, Grok). Coding tool coverage adds Windsurf, Tabnine, Codeium, Sourcegraph Cody, Amazon Q Developer, Continue, Zed, Cline, and more.

  • +16 chat assistants. Kimi (Moonshot), Qwen Chat, Doubao, Ernie Bot, Yuanbao, ChatGLM, Hailuo/MiniMax, Grok (xAI), DuckDuckGo AI Chat, plus refreshed signatures for DeepSeek, Mistral Le Chat, and Poe.
  • +14 AI coding tools. Windsurf, Tabnine, Codeium, Sourcegraph Cody, Amazon Q Developer, JetBrains AI, Continue, Zed, Cline, Augment Code, Blackbox AI, Magic Patterns, Tempo, Create.
  • Image and video gen refresh. Sora, Krea, Magnific, Recraft, Adobe Firefly, Ideogram, Civitai signatures added or refreshed.
  • Risk re-classification. Each tool is tagged high-risk (personal account), unknown, or sanctioned (IT-approved). Workspace admins can re-classify per-tool in the dashboard.
  • Pushed via dynamic catalogue updates. No Chrome Web Store re-review needed. Existing extensions picked up the new signatures within 6 hours.
Browser Desktop CLI

Auto-update system, Windows installer hardening, and trial onboarding copy

The extension now updates its detection catalogue without a Chrome Web Store release. You get new tool signatures within 6 hours of us pushing them, no user action needed. The Windows installer went through two stability passes to fix a task scheduler race condition and a property mismatch that caused silent rollbacks on some machines.

  • Dynamic catalogue updates (extension). New AI tools are pushed to the extension within 6 hours via remote config. No Chrome Web Store re-review cycle, no reinstall prompt.
  • Browser extension force-install via MDM. Sentinel workspaces can now push the extension to all managed browsers through Intune or Jamf without asking users to install manually.
  • Auto-update system for the desktop app. The Mac and Windows apps now check for updates on launch and install them silently in the background.
  • Windows installer stability. Fixed a task scheduler property mismatch (CAQuietExec) and a JAVA_HOME path issue that caused the installer to fail silently on some Windows configurations.
  • Signup onboarding copy. The signup page now leads with the 14-day Sentinel trial framing rather than generic account creation language.
Browser Desktop Dashboard

Git commit attribution, Slack alerts, LLM intercept, and discovery sessions

Five new Sentinel features shipped in one sprint. The biggest one: Northbeams now links each AI session to the git commit that preceded it, so you can see which code shipped with which AI assist. Slack webhook alerts let you route policy violations to the channel that owns the tool.

  • Git commit attribution (Sentinel). Each AI session is linked to the most recent git commit in the same repo at session time. Lets engineering managers trace AI-assisted code to the session that produced it.
  • Slack incoming-webhook alerts. Route policy violation alerts, new tool discoveries, and high-risk detections to any Slack channel. Severity filter and rate-limiting built in so you don't flood oncall.
  • LLM usage intercept (Sentinel). Token counts and model usage captured per session, per user. Feeds the LLM cost dashboard at /usage.
  • Discovery sessions. AI activity is now grouped into sessions (contiguous windows of tool use) rather than individual events. The session view makes it easier to understand what a user was doing, not just which tool fired.
  • Discovery alerts. Get notified in the dashboard feed when a net-new tool is seen for the first time in your org.
  • Remote config push. Governance policies and catalogue updates are now pushed to endpoints rather than pulled on a schedule. Policy changes reach all endpoints within minutes.
Desktop CLI Dashboard Sentinel+

On-device image and PDF OCR, jailbreak detection, and 10-language support

The extension now classifies content from image uploads and PDF pastes, not just typed text. Sensitive data in a screenshot pasted into ChatGPT is caught with the same signal quality as typed text. Jailbreak and prompt-injection attempts are detected and surfaced in the incident feed.

  • On-device image OCR. When a user uploads an image to an AI tool, the extension extracts text in-browser using a local OCR model and runs it through the classifier. No image data leaves the device.
  • PDF text extraction. PDF pastes and uploads are parsed in-browser before classification. Works on scanned PDFs via a zero-retention cloud fallback (AWS Bedrock Claude Haiku) when on-device extraction fails.
  • Jailbreak and prompt-injection detection. Common jailbreak patterns ("ignore previous instructions", DAN-style overrides, prompt-injection in documents) are flagged in the incident feed as a separate event category.
  • Multi-language prompt classification. The classifier now detects sensitive data patterns in 10 languages including French, German, Spanish, Portuguese, Japanese, and Chinese. Useful for teams with non-English speakers using AI tools.
  • Security: Content-Security-Policy on the dashboard. CSP headers added to the Next.js app to prevent XSS and injection attacks. All OAuth popup flows updated to work within the new policy.
Browser Dashboard

MCP Gateway, analytics hub, LLM cost dashboard, and CSV export

Northbeams now governs MCP servers configured in Claude Desktop, Cursor, and Claude Code. The MCP Gateway wraps server configs to intercept and log tool calls without changing how the AI client works. The analytics hub at /analytics gives Sentinel orgs cross-team breakdowns, enforcement heatmaps, and department rollups.

  • MCP Gateway (Sentinel). The desktop app discovers and wraps MCP server configs in Claude Desktop, Cursor, and Claude Code. Every MCP tool call is logged, categorised, and available in the dashboard feed. Unwrapped automatically on downgrade.
  • LLM token and cost dashboard. The /usage view shows token consumption and estimated cost per user, per model, per week. Helps finance and engineering understand AI spend before it hits the invoice.
  • Analytics hub (Sentinel). Cross-cutting trend views, enforcement-effectiveness charts, and department-level rollups at /analytics. Exportable to CSV for board packs and QBRs.
  • CSV export (Lighthouse+). The AI Discovery Report and incident feed are both exportable to CSV. One click from the dashboard.
  • Behavioural anomaly detection (Sentinel). Unusual patterns in session frequency, prompt volume, or tool switching are flagged in the feed with an anomaly score. Useful for spotting exfiltration attempts.
Desktop MCP Dashboard Sentinel+

Desktop AI app monitoring, CLI agent, RBAC, and signed audit logs

The Mac and Windows desktop agent now watches four AI desktop apps (Claude Desktop, ChatGPT Desktop, Cursor, Granola) and two CLI tools (Claude Code, Aider). Per-user session attribution works across all four surfaces. Signed audit logs are exportable in one click for SOC 2, HIPAA, and EU AI Act evidence packs.

  • Desktop app monitoring (Sentinel). The Mac and Windows sentinel process watches Claude Desktop, ChatGPT Desktop, Cursor, and Granola. Session start/end, model used, and prompt volume captured without reading prompt content.
  • CLI agent monitoring (Sentinel). Claude Code and Aider sessions are detected via process watch and correlated with the git repository in scope at session time.
  • Immutable signed audit logs. Every event in the dashboard feed is cryptographically signed and timestamped. Export to JSON or PDF for compliance evidence packs. Available on Lighthouse+.
  • RBAC and multi-user invites (Lighthouse+). Invite teammates with viewer or admin roles. Org owners can manage roles from Settings.
  • MDM deployment (Sentinel). The Mac .pkg and Windows .msi are deployable via Intune, Jamf, and Kandji with managed policy support. No per-seat manual install needed.
  • Email digests. Daily org-level AI summary delivered to the org owner each morning. Shows new tools, blocked prompts, and top users for the previous 24 hours.
Desktop CLI Dashboard