Axiad Mesh Release Notes

May 27, 2026

Components: mesh-appl-svc v1.3.0, mesh-dashboard v3.7.0, mesh-risk-svc v1.3.1, mesh-baton-svc v1.1.0, mesh-ai-backend v1.1.1 (mesh-admin-svc image tag unchanged; configuration-only update adding six Phase-1 Baton connector templates)

This release expands connector coverage with the Phase-1 Baton (https://github.com/ConductorOne/baton) connectors (Slack, Salesforce, JumpCloud, OneLogin, HashiCorp Vault, GitLab) and adds a tenant-level timestamp display preference for the dashboard. It also hardens platform failure behavior — two services that previously appeared to start successfully with broken plugins now fail fast — and resolves several connector and onboarding defects surfaced during QA of the new Baton and conversational-onboarding work. Export performance and filter-consistency improvements round out the risk-service optimization track.

Features

• PM-18002 — Phase-1 Baton Connectors (Slack, Salesforce, JumpCloud, OneLogin, HashiCorp Vault, GitLab): The first phase of Baton-framework connectors is now available, broadening Mesh's identity and NHI-secrets ingestion coverage. Six Phase-1 connectors — Slack, Salesforce, JumpCloud, OneLogin, HashiCorp Vault, and GitLab — extend risk and correlation coverage across more of the SaaS and infrastructure estate. Connectors run via the Baton subprocess model with KEDA-driven autoscaling. Phase 1 focuses on core identity providers and NHI secrets sources; additional connectors (Snowflake, Kubernetes, 1Password, Cisco Duo, BambooHR, and others) are planned in subsequent phases.

• PM-18056 — Tenant Timestamp Display Preference: Tenant admins can now choose how interactive UI timestamps are displayed across the dashboard — either in the viewer's browser timezone or in UTC — as a tenant-level setting on Admin → Tenant detail. The choice applies consistently across tables, cards, detail panels, tooltips, modals, and log/report status views, using a standardized format of MM DD, YYYY h:mm:ss AM/PM in both modes. CSV exports and downloaded files always remain in UTC — unaffected by the display setting — so downstream processing receives canonical timestamps. Impersonation and support workflows follow the currently active tenant's setting; browser-timezone mode honors DST rules; runtime changes reflect in subsequent renders; and a graceful fallback to platform-standard rendering is applied if the tenant setting is unavailable or invalid. Removes ambiguity around timestamp interpretation for multi-region tenants.

Enhancements

• PM-18078 — Export Query Optimization (Risk Service): Export queries have been re-worked to align with the new risk-service query optimizations (part of the broader "Optimize Mesh Risk Service" initiative, PM-17531), reducing export latency and database load. Customers running large asset or identity exports will see faster, lighter-weight exports.

• PM-18211 — Export API Uses Dynamic Filters — Consistency With Asset List: The Export API now uses the same dynamic-filters mechanism as the Asset List view (part of the "Unify Filters Across Dashboard and Tables" initiative, PM-18172), so the exported data set is consistent with the filtered Asset List view. Eliminates the discrepancy where exported data could differ from the on-screen filtered list — what you filter is what you export.

Bug Fixes

• PM-19322 — mesh-appl-svc Now Fails Fast on Broken Plugin Load: mesh-appl-svc previously started "successfully" even when one or more connector plugins failed to load (ABI mismatch, Go version skew, or mesh_common incompatibility). The service ran, Kafka listeners started, and jobs were dispatched, but affected connectors silently produced no output — with no crash-loop and no alert. The plugin-cache constructor now propagates plugin load failures as an error, the log.Fatal guard in the service entry point is reachable, and the pod crash-loops on a failed plugin load — triggering standard Kubernetes alerting. Eliminates a silent data-loss mode: a broken connector plugin now surfaces as a pod failure rather than a connector that appears healthy but produces nothing.

• PM-19329 — mesh-risk-svc Now Fails Fast on Risk-Engine Plugin Load Failure: The risk-service counterpart of PM-19322: mesh-risk-svc previously started successfully even when risk-engine plugins failed to load, because the plugin loader returned no error on failure. Risk evaluation would silently run with missing engines. The plugin loader now returns and propagates an error on plugin load failure; risk-service startup fails fast (crash-loop with alert) when any risk-engine plugin cannot load, rather than running with a partial or empty engine set. Prevents silent under-evaluation of risk: a missing or incompatible risk engine now blocks startup loudly instead of degrading risk scoring without warning. Triaged together with PM-19322 — same fail-fast pattern across both services.

• PM-19333 — Onboarding "Assistant Is Recovering" Banner No Longer Sticks After Secret Submission: In conversational onboarding, after a secret-input step hit a stale-id error and the agent recovered by emitting a fresh secret-input widget, the banner "secret input couldn't be initialized — the assistant is recovering" stayed on screen even when the user had a working widget in front of them, or had already submitted the secret successfully — making a successful submission appear failed. The onboarding modal's error-banner logic now suppresses the banner when an actionable secret-input widget is present or when the user has already completed a secret submission in the session. The banner is retained only for the genuinely actionable case (no widget present and no prior completion). Removes a confusing dead-end in the primary onboarding flow.

Known Limitations

(No new known limitations were introduced in this release. Previously documented limitations from prior releases remain applicable.)

May 20, 2026

Components: mesh-admin-svc v1.3.0, mesh-ai-backend v1.1.0, mesh-appl-svc v1.2.3, mesh-dashboard v3.6.0, mesh-oauth v1.3.0, mesh-risk-svc v1.3.0, mesh-risk-engines v1.2.9, mesh-conn-azure v1.3.0, mesh-conn-sacunxt v1.2.2, mesh-conn-trinet v1.3.0

This release introduces Conversational Tenant Onboarding, a guided chat-based experience that walks admin users through tenant setup on first login, together with the operational observability that supports it. It also brings the PQC readiness Asset List risk-score tooltip into alignment with the Asset Details tooltip, hardens the ingestion path against silent data loss from partial software-inventory updates, and resolves the two UI regressions reported as Known Limitations in the May 13, 2026 release.

Features

• PM-18467 — Conversational Tenant Onboarding: Admin-capable users logging in for the first time on a tenant with incomplete onboarding are now routed to a dedicated, full-page conversational onboarding experience instead of the main dashboard. A single guided chat flow covers tenant profile and persona capture, detection of existing integrations (including pre-provisioned Azure Entra ID), IdP setup guidance, connector recommendations, validation, first sync, and a completion summary with a personalized dashboard handoff. Onboarding progress is persisted at the tenant level, shared across admin-capable users on the same tenant, and resumable at the exact step after interruption. Only capabilities enabled for the tenant are surfaced — unavailable options are never shown. If an admin skips onboarding, they are routed back into the flow on next login; non-admin users go directly to the dashboard with a notification that onboarding is still incomplete. Validation and first sync run per configured integration before onboarding is marked complete; if one integration fails, onboarding remains resumable with that item flagged for remediation. This significantly reduces tenant time-to-first-value by replacing the multi-page admin configuration wizard with a single guided conversation.

• PM-19268 — Onboarding Observability Enhancements: Adds the operational observability needed to triage the Conversational Tenant Onboarding flow in production. High-signal lifecycle events for the onboarding agent are now emitted at INFO level (previously DEBUG-only) and a new metric label (template_count) supports alerting when no integration templates are loaded. Bounded payload previews and content hashes allow support to correlate user-reported issues to specific conversations without exposing PII: no email addresses, no secret values, and no full LLM message bodies are logged at INFO. Reduces onboarding-flow incident triage from a multi-hour cross-cluster investigation to a single log query.

Enhancements

• PM-17280 — Software-Inventory Data Loss Prevention: Hardens the ingestion path for machine and software-asset records. Previously, partial software-inventory updates arriving after a complete machine-asset update could overwrite the complete record with partial data, silently losing field values. Partial software-inventory updates are now merged into existing records instead of replacing them wholesale, with complete-record fields preserved across the full lifecycle of complete and partial ingestion updates. No change to message ordering semantics — the fix is purely additive on the merge path. Eliminates a long-standing data-loss vector affecting downstream risk scoring, correlation, and reporting.

• PM-18550 — Asset Risk-Score Tooltip Consistency Between Asset List and Asset Details: The risk-score tooltip on the PQC Readiness Asset List now matches the Asset Details risk-score tooltip exactly (header + per-direct-risk lines + inherited-risks summary), and tooltip behavior — appearance, hover targets, dismissal — is harmonized between the two surfaces. Both views now read from the same canonical tooltip source so future updates remain in lock-step automatically. No change to risk-score calculation, normalization, or visual score rendering — only tooltip copy and behavior. Pairs with the PM-19160 fix in this release so that both assets surfaces show the same detailed risk-breakdown tooltip.

Bug Fixes

• PM-17504 — Workday Connector Entity Collector Failures Now Recorded in Checkpoint: Failures in the Workday connector's entity collector were not being reflected in the connector's checkpoint, causing the connector to continuously retry the same failing batch without surfacing the error in operational health signals. Entity-collector failures are now persisted to the connector's checkpoint state and failure reasons are surfaced in connector-health views, enabling alerting on stuck collectors. Retry semantics are unchanged.

• PM-19160 — Asset Details Risk-Score Tooltip Detailed Breakdown Restored: Fixes a regression introduced in the May 13, 2026 release where the risk-score tooltip on Machine assets showed only a generic severity label (for example, Critical Risk) instead of the detailed risk-breakdown content that explained why the asset received its score. Hovering the risk-score circle on the Asset Details left panel now restores the multi-line tooltip with the header "The asset's score reflects:", one line per direct-risk category present on the asset with its count (for example, "Risks associated to this asset: No owner (3)"), and an inherited-risks summary (for example, "Risks inherited from 38 correlated assets (190)"). Severity continues to be conveyed visually by the score-circle color. This was previously listed as a Known Limitation in the May 13, 2026 release.

• PM-19161 — Crypto Asset Details Left Panel Scroll Restored: Fixes a UI regression where, for Crypto assets, the Asset Details left panel had no scroll mechanism — content below the viewport-visible area (typically below the ServiceNow ID field) was clipped and unreachable, hiding the Risks section badges (PQC noncompliant, No linked asset, No owner) and both action buttons (Delegate investigation and View in ServiceNow). The left panel now scrolls cleanly on smaller viewports and renders flat on viewports tall enough to fit all content. All metadata fields, the Risks section, and both action buttons are reachable on standard viewport sizes. This was previously listed as a Known Limitation in the May 13, 2026 release.

• PM-18961 — Software Asset List Version and Product Columns Now Sortable; OS Version Sortable on Machine Asset List: In the PQC Readiness Asset list drawer's Software tab, the Version and Product columns previously did not respond to clicks and could not be sorted. The same issue affected the OS version column on the Machine asset list. All three columns now sort correctly when clicked, with ascending/descending indicators consistent with the other columns.

• PM-19118 — NHI Dashboard Export Stale Job State No Longer Blocks Retries: When the backend briefly returned a 5xx error during the export flow on the NHI Dashboard, the frontend displayed a generic "Export failed" toast but left the export job in an undefined state. Subsequent export attempts then hit 409 Conflict ("A similar export job is already in progress"), leaving users with no way to retrigger or cancel the export from the UI. The UI now enters a "verifying" state and polls the status endpoint on a transient 5xx response instead of declaring failure; the export button is disabled while a job is active with job progress and status surfaced to the user; and 409 responses are now treated as "job already running" — the UI fetches and displays that job's status instead of showing an error toast. Eliminates the dead-end where users could not retry exports after a transient backend hiccup.

Known Limitations

(No new known limitations were introduced in this release. The two known limitations documented in the May 13, 2026 release — PM-19160 and PM-19161 — are resolved in this release. Previously documented limitations from prior releases remain applicable.)

May 13, 2026

Components: mesh-oauth v1.2.7, mesh-dashboard v3.5.2, mesh-risk-svc v1.2.16, mesh-admin-svc v1.2.8

This release delivers two new single sign-on capabilities - Dedicated Tenant Subdomain SSO and SSO Logout on Sign Out - that harden the subdomain SSO flow across silent authentication, session lifecycle, and tenant configuration integrity. It also includes a usability upgrade to the Asset Details page (tabular correlated assets) and minor refinements to the dashboard switch menu.

Features

• PM-18230 — Dedicated Tenant Subdomain SSO: Enterprise Mesh end users can now access their organization through a dedicated tenant URL using the {tenant}.mesh.axiad.io pattern, with no tenant or domain entry required and a fully silent SSO experience when an active Identity Provider (IdP) session is present. Visiting a configured tenant URL auto-binds the session to that tenant. Users with an active IdP session move into Mesh through the existing silent-auth path with zero interaction; users without an active IdP session are redirected to the correct tenant-specific IdP sign-in and returned to Mesh after authentication. Subdomain routing enforces strict tenant isolation, and bookmarked tenant URLs remain reliable across logout, session timeout, and subsequent re-entry. The generic Mesh URL remains available as a fallback discovery flow. Tenant-to-subdomain mappings are managed by Axiad internal operations and support. Configuration prerequisite: the following redirect URL must be added to the Mesh App registration in the IdP configuration: https://{tenant}.mesh.axiad.io/oauth2/callback?domain={domain}.

• PM-18793 — SSO Logout on Sign Out (IdP Session Terminated): Sign Out now performs both the local Mesh logout (existing behavior) and an IdP-level logout (new). The browser-side IdP SSO session at Azure AD or Okta is terminated when a user signs out, after which they are redirected to the Mesh login page. Opening a new tab to the Mesh subdomain URL after sign-out now requires the user to authenticate again (account selection or credential entry) — silent re-authentication is no longer possible following a logout. Silent authentication for normal logins is preserved; only the sign-out path triggers IdP session termination. This enhancement strengthens Mesh security on shared and public computers, aligning Sign Out with the protection users expect, and is delivered consistently across all supported IdPs (Azure AD, Okta, and future OIDC-compliant providers).

Enhancements

• PM-17345 — Tabular Correlated Assets on Asset Details Page: Correlated assets on the PQC Readiness Details page are now rendered in a table layout consistent with the main asset list view, replacing the prior tile layout. The new table supports sorting on all relevant columns (filtering will be delivered in a future iteration), is responsive for large numbers of correlated assets, and applies pagination when the correlated-asset count is large. The result is a cohesive experience across list and details views, and significantly faster scanning of correlations on dense assets.

• PM-18988 — Cleaner Identify Switch Menu: The redundant subheadings displayed beneath each primary entry of the Identify switch menu ("HI dashboard" beneath "Identity risk assessment" and "NHI dashboard" beneath "Crypto-vulnerable asset overview") have been removed. Menu items now show only their primary labels, with item height reduced and padding and vertical alignment recalibrated for consistent spacing. Hover, selected, and focus states are preserved with no visual regressions.

Bug Fixes

(No bug fixes were included in this release.)

Known Limitations

• PM-19160 — Machine asset risk score tooltip shows generic severity label instead of detailed risk breakdown: Hovering over the risk-score circle on a Machine asset on the PQC Readiness Asset Details page currently shows only the generic severity label (for example, "Critical Risk") rather than the prior detailed tooltip that explained the score composition (direct risks associated with the asset and risks inherited from correlated assets). A fix is tracked and will be delivered in an upcoming release.

• PM-19161 — Crypto Asset Details left panel missing scroll: On the Asset Details page for Crypto assets, the left panel no longer offers a scroll mechanism. On standard 1080p and laptop viewports the panel content is clipped at the viewport bottom, hiding the Risks section (such as PQC noncompliant, No linked asset, and No owner badges) and both primary action buttons (Delegate investigation and View in ServiceNow). On a sufficiently tall viewport, or with browser zoom set below 80%, the clipped content becomes visible. A fix is tracked and will be delivered in an upcoming release.

April 22, 2026

Components: mesh-dashboard v3.3.2, mesh-risk-svc v1.2.13, mesh-risk-engines v1.2.7, mesh-risk-hibp v1.2.3, mesh-risk-report-svc v1.2.3, mesh-oauth v1.2.5

This release delivers FAIR (Factor Analysis of Information Risk) reporting for existing deployments, refinements to asset risk score and risk tag explanations, a UI label simplification, platform reliability and performance improvements, and a targeted set of bug fixes across risk scoring, correlation diagrams and software inventory data integrity.

Features

• PM-17721 / PM-17787 — FAIR Reporting for Existing Customers: A full FAIR report is now available for existing deployments, enabling quantitative risk analysis based on industry-standard FAIR methodology. The report generates Annualized Loss Expectancy (ALE) and impact views consumable directly from the Mesh Dashboard.

• PM-17136 — Detailed Explanations for Asset Risk Scores and Tags: Additional refinements have been incorporated into the risk score and risk tag explanation modals introduced in the prior release. Explanation modals are now accessible from the asset detail view and any risk tag or score display, with improved surfacing of policy-based risk explanations - including the outcome of each policy assessment and the specific attributes that did not comply. The explanation experience is now consistent across multiple concurrent risk tags on the same asset.

Enhancements

• PM-18328 — Rename "Product Attribute" Label to "Product": The label "Product attribute" has been renamed to "Product" across the asset list and asset detail views to simplify terminology and align with how users describe software assets in day-to-day workflows.

• PM-17068 — Platform Reliability and Performance Improvements: Improvements to the reliability and throughput of the entity ingestion pipeline. These changes eliminate intermittent processing failures and substantially increase data ingestion performance under concurrent load.

Bug Fixes

• PM-18287 — Risk Score for Assets was calculated Incorrectly: Fixed a defect in the asset risk scoring pipeline that produced incorrect scores for certain assets. Computed risk scores now match the expected values based on the underlying policy assessment and contributing risk factors. Recalculation was verified for Software, Crypto, and Machine asset types.

• PM-18327 — Correlation Diagram Scroll Issue: The correlation diagram on the Human Identity view did not allow users to scroll when the correlated identity list extended beyond the visible viewport. The correlation diagram container now correctly handles overflow, allowing users to view all correlated entities.

• PM-18413 — Connector-Sourced Machine Assets Showed Zero Correlated Entries: Fixed a display bug where certain connector-sourced machine asset views showed zero correlated entries even when the machine had existing correlations visible elsewhere in the UI. Correlation counts now render correctly across the affected asset views.

• PM-17280 — Prevent Data Loss When Processing Partial Software Inventory Updates: Fixed a data-integrity defect where partial software inventory messages overwrote complete machine asset records during ingestion, causing silent data loss. Partial updates now merge into existing records rather than replacing them, preserving fields not present in the partial payload and restoring downstream data integrity for risk scoring, correlation, and reporting.

Known Limitations

• Risk score tooltip is only present in the detailed view and not yet available in the asset list view.

April 9, 2026

Components: mesh-dashboard v3.2.3

This release delivers a UI label update to improve clarity in the asset detail and list views. The "External ID" label has been renamed to "ServiceNow ID" to better reflect the source system context for users working with ServiceNow‑connected assets.

Features

(No new features were included in this release.)

Enhancements

• PM‑18294 — Rename "External ID" Label to "ServiceNow ID": The label "External ID" displayed in the asset list and asset detail views has been updated to "ServiceNow ID," making it immediately clear that the ID originates from the connected ServiceNow instance. This change reduces ambiguity when investigating assets.

Bug Fixes

(No bug fixes were included in this release.)

Known Limitations

• No new known limitations were introduced in this release. Previously documented limitations from prior releases remain applicable.

April 8, 2026

Components: mesh-dashboard v3.2.2

This release is a targeted hotfix that restores the Status column in the Asset List view across all asset types. The column was inadvertently removed as a regression in a recent dashboard update and has now been reinstated.

Features

(No new features were included in this release.)

Enhancements

(No additional enhancements were included in this release.)

Bug Fixes

• PM‑18271 — Status Column Missing from Asset List View: Fixed a regression where the Status column was inadvertently removed from the asset list view across all three asset type tabs (Software, Crypto, and Machine) as part of a recent dashboard update. The Status column has been reinstated to its original position, restoring the ability to view asset status at a glance in the list view.

Known Limitations

• No new known limitations were introduced in this release. Previously documented limitations from prior releases remain applicable.

April 2, 2026

This release delivers four key improvements across the Mesh platform: an AI‑powered agent for natural language asset investigation, detailed risk explanation surfaces for better asset triage, expanded asset attribute visibility, and a critical fix to identity reconciliation and merging logic.

Features

• PM‑17490 — Mesh AI Agent: An AI agent is now available within the Mesh Dashboard, allowing users to interact with Mesh data using natural language queries. Key capabilities include a floating action button accessible throughout the dashboard, free‑form and guided prompt support (e.g., "Show me expiring certificates"), automated privacy filtering and tokenization of sensitive fields, per‑response user feedback, and basic audit logging of AI interactions.

• PM‑17136 — Explanations for Asset Risk Tags: Users can now access explanations for why a risk tag was assigned to an asset, enabling faster triage and more informed remediation. Simple risks display a clear condition statement, policy‑based risks show the assessment outcome along with non‑compliant attributes and triggering policy name, and each risk tag is independently clickable with its own explanation modal. Explanations are accessible from the asset detail view via the Risks section, and risk tags in the asset list view display tooltip summaries on hover.

• PM‑17337 — Surface Key Asset Attributes for Display: The Mesh UI and API now support displaying additional key asset attributes across the asset list and asset detail views. New attributes include OS Version (Machine assets), Product Attribute (Software/Product assets), Mesh Unique Asset ID (all asset types), and External ID (all asset types). If an attribute is not populated for a specific asset, a dash (-) is displayed.

Enhancements

(No additional enhancements were included in this release.)

Bug Fixes

• PM‑17590 — Fix Reconcile SQL Query for User Correlations and Identity Merging: Fixed a bug where user correlation records with a null secondary user ID were not being resolved during reconciliation, even when the corresponding user existed in the risk database. The reconcile SQL query now correctly identifies and updates affected rows, and identity merging proceeds for users whose correlation records were previously skipped.

Known Limitations

• OS Version and Product Attribute data displays a dash (-) for all machine and software assets pending connector update

• Risk explanations are currently available for Software assets only. Machine and Certificate asset detail views do not yet surface a Risks section.

• Risk score click displays a severity label (e.g., "Low Risk") but does not yet provide a full score breakdown.

• Transitive and indirect identity correlations do not auto‑resolve at this time and efforts are underway to address this limitation.

March 27, 2026

This release delivers improvements focused on risk reporting clarity, asset discovery efficiency, and system stability. Additionally, a new advanced filtering experience has been introduced for PQC Readiness assets, and an internal stability fix improves reconcile job scheduling behavior for long‑running tenants.

Features

• PM‑17786 — All risk reporting in Mesh has been updated to ensure reports are credible, auditable, and easily understood by risk-literate stakeholders.

  Key highlights:

  • Replaced Annual Rate of Occurrence (ARO) with Loss Event Frequency (LEF)

  • Updated FAIR components, GraphQL types, backend services, database schema, and UI labels

  • No breaking changes for existing customer integrations

• PM‑17227 — A new single advanced filter box is now available on PQC Readiness asset tables, enabling faster and more precise asset discovery.

  Key capabilities:

  • Unified advanced filter box with column‑specific controls (text, dropdown, range)

  • Supported across PQC Readiness asset types (Software, Crypto, Machine)

  • Real‑time table updates as filters are applied

  • One‑click reset to clear all filters

  • Filter state remains visible and persists until explicitly reset

  • Clear empty‑state messaging with reset option when no results are returned

  Edge‑case handling:

  • Graceful handling of malformed or mixed data (invalid values ignored, unknowns grouped)

  • Maintains UI performance with multiple active filters

  • Filter state preserved during data refreshes unless reset by the user

Enhancements

(No additional enhancements were included in this release.)

Bug Fixes

(No bug fixes included in this release.)

Known Limitations

March 20, 2026

This release introduces a new feature. The feature adds a unified Status column across PQC Readiness asset inventories to improve asset visibility and triage. The bug fix resolves an error blocking customers on corporate networks from accessing the Mesh Status page.

Features

• PM‑17676 — Asset Status Column in PQC Readiness Asset Inventory: A new Status column has been added across all PQC Readiness asset types (software, crypto, hardware) to allow users to quickly view, sort, and filter by operational state. Sorting is alphabetical, with “Unknown” always sorted last to help with triage. Missing fields now default to Unknown. Sorting and filtering operate independently for each asset type.

       Status value mapping per asset type:

Enhancements

(No additional enhancements were included in this release.)

Bug Fixes

• PM‑17373 — Users on the corporate network previously encountered an HTTP 431 error due to oversized request headers caused by accumulated cookies across Axiad subdomains. This has now been resolved so customers can successfully access the Mesh Status page without errors.

Known Limitations

March 13, 2026

This release delivers two critical fixes, improving the reliability of audit log exports and the visibility into audit job outcomes. Administrators can now generate large audit log CSV files without hangs and review complete success/failure audit trails for asset export operations.

Features

(No new features introduced in this release)

Enhancements

Export Job Audit Logging Asset export operations now generate structured audit log entries with a consistent Transaction ID, capturing both initiation and terminal status (success or failure). Each entry includes the actor (user email) and client IP for API-triggered exports.

• New resource type: export_job

• Resource name: asset_export

• Events captured: initiate, success, failure

Bug Fixes

• PM‑17772 — The CSV export on the Audit Logs page previously stalled and never completed downloading, blocking administrators from exporting logs for compliance and reporting. This fix restores reliable, streaming‑based export behavior and ensures export jobs complete across all dataset sizes.

• PM‑17423 — Export job failures were inconsistently or incorrectly recorded in the audit logs, preventing accurate traceability. This fix ensures all export operations (initiate, success, failure) are logged with the correct resource type, transaction ID, and actor attribution.

Known Limitations

March 9, 2026

This release introduces major improvements to the authentication experience across the Axiad Mesh Platform. The primary enhancement is Silent Authentication (Seamless SSO), allowing users with active Identity Provider (IdP) sessions to access Mesh without re-entering their username on subsequent access.

Silent Authentication (Seamless SSO)

Users with an active IdP session who have previously accessed the Axiad Mesh dashboard are now automatically signed in without needing to re-enter their username.

Key capabilities include:

• Automatic silent login when a valid IdP session exists and user previously accessed the Axiad Mesh dashboard

• Support for both OIDC (prompt=none) and SAML (IsPassive=true) silent flows

• Browser‑based detection of third‑party cookie restrictions

• Seamless fallback to interactive login with no user‑visible error

• Multi‑IdP support, including Azure AD (Entra ID) and Okta

Bug Fixes

(No bug fixes included in this release.)

Known Limitations

• Username entry is required on the first visit to the Axiad Mesh dashboard. Automatic sign-in with an active IdP session applies to subsequent visits only.

• Concurrent session control is not introduced in this release.

• IP‑binding for session replay mitigation is not implemented by design to maintain compatibility with mobile/VPN environments.

• Silent Authentication is currently validated with Azure AD (Entra ID) and Okta only. Other IdPs have not been tested in this release.

February 27, 2026

This release focuses on improving dashboard usability, data clarity, and operational reliability. Key updates include multi-select filter capabilities across all dashboard views, and important fixes to user correlation and session management workflows. These improvements are designed to reduce operational friction and enhance visibility into your identity risk posture.

Features

Multi-Select Filters with Active Filter Controls

Dashboards now support selecting multiple filter values simultaneously, giving users greater flexibility when analyzing Human Identity (HI) and Non-Human Identity (NHI) data.

• Select multiple filters at once from any filter dialog

• A "Clear All Filters" control is available at the dashboard level for quick resets

• Active filters are displayed prominently with individual remove buttons, so you always know what filters are applied

• Filters can be removed directly from the asset list drawer without navigating away from your current view

• The dashboard updates in real time as filters are added or removed

• The filter panel adapts responsively when many filters are active

Enhancements

• PM-17371 — The new Public Key Algorithm field replaces the previous "Key Size" field in asset lists and detail pages, combining the algorithm type and key length into a single, readable value.

Bug Fixes

• PM-17427 — Accepting or rejecting weak user correlations through the Profiling Gaps workflow previously failed with an error. This has been resolved. Both accept and reject flows now complete successfully, success notifications display as expected, and profiling gap counts update in real time.

• PM-17353 — Users are now properly redirected to the login page after a session timeout or logout. Looping session‑expiry popups are fully resolved.

Known Limitations

February 20, 2026

This release focuses on user experience improvements within the Mesh dashboard, specifically around navigation and data exploration. The release includes quick access to the Mesh system status page and all-column sorting for asset/identity tables to streamline user workflows and improve operational efficiency.

Features

(No new features introduced in this release)

Enhancements

• PM-17372 —  Axiad Mesh Status Link in User Dropdown Menu An "Axiad Mesh Status" link has been added to the user name/avatar dropdown menu, directing all users to https://status.mesh.axiad.io/ in a new browser tab to preserve their current session. The link is positioned alongside other external resource links (e.g., Axiad Knowledge Center), is accessible via keyboard navigation, available to all roles and tenants by default.

• PM-17138 — All columns in the asset/identity table now support ascending and descending sort order via column header clicks, with real-time table updates, persistent sorting state across refreshes, graceful handling of mixed or malformed data (unknowns grouped at end, invalid entries ignored), an empty state message with reset option when no results are returned, and full compliance with established dashboard UI patterns and accessibility standards.

Bug Fixes

(No bug fixes included in this release.)

Known Limitations

February 13, 2026

This release delivers meaningful improvements across the Axiad Mesh Platform, with a focus on smoother day‑to‑day workflows, stronger system reliability, and enhanced clarity in the dashboard and asset management experiences. Driven by direct customer feedback, these enhancements help organizations ensure a more intuitive, consistent user interface.

Features

(No new features introduced in this release)

Enhancements

• PM-17319 —  Automatically redirects tenants to their preferred dashboard (NHI or HI) using backend metadata, eliminating repeated manual selection.

• PM-17328 — Frontend now shows both Serial Number and Issuer DN for all crypto assets, enabling unique identification of certificates.

• PM-17329 — Backend correlatedAssets query updated to supply serialNumber and issuerDN fields to support precise crypto‑asset identification.

• PM-17344 — Risk tags now show only the risk type (e.g., “PQC noncompliant”), without an appended asset type, improving clarity and reducing redundancy.

Bug Fixes

• PM-17004 — Fixed issue where the platform failed to remember dashboard preference (NHI/HI) between sessions.

• PM-17195 — Filter selection now returns all matching assets (both risky and non-risky) with consistent counts across widgets, filter dialog, and bubble chart.

• PM-17473 — Resolved channel closure race condition in export worker pool, causing production panics and service instability.

Known Limitations

February 6, 2026

This release delivers improvements to cryptographic asset management, search reliability, accessibility compliance, and overall platform stability. Enhancements include improved certificate identification, optimized software correlation, improved export accuracy, corrected search behavior, and UI refinements. These updates ensure more reliable asset workflows and an improved end‑user experience.

Features

• PM-17002 – Added Serial Number and Issuer DN to crypto asset details for unambiguous certificate identification.

• PM-17327 – Updated certificate views to display only active certificates, adding a filter to improve clarity, reduce clutter, and ensure users see only valid certificate records.

Bug Fixes

• PM-17105 – Fixed an issue where the software asset export incorrectly showed “0” in the Installed Machines column, ensuring exported counts now accurately match the values displayed in the UI.

• PM‑17135 – Fixed an issue where software assets did not appear in search results, ensuring all existing software assets are now fully searchable and discoverable.

• PM-17326 – Corrected misleading UI text to ensure labels and descriptions now accurately match functionality, reducing user confusion and improving clarity.

Known Limitations

February 2, 2026

This release enhances the scalability and reliability of the Axiad Mesh platform by significantly improving the risk‑service architecture and modernizing CRM integrations. Two key updates enable independent scaling of high‑volume data processing components. Together, these updates strengthen system performance, operational efficiency, and long‑term maintainability.

Features

Enhancements

• PM‑17079 – Refactored the risk service to support multiple execution modes—full, headless, and serve—using a single container image. This enables independent scaling of ingestion and API servers, improving performance and resource efficiency for high‑volume environments.

Bug Fixes

(No bug fixes included in this release.)

Known Limitations

January 30, 2026

This release delivers enhancements to the Axiad Mesh platform, focusing on expanding configurable reporting capabilities, strengthening Non‑Human Identity (NHI) management, and advancing analytics integration. Key improvements include support for custom report formats, seamless CSV export for NHI data, and enhanced ServiceNow asset name mapping.

Features

• PM‑17137 – Enables Front-end to download reports directly in CSV format without ZIP compression, improving compatibility with restricted environments and increasing flexibility in report generation.

• PM‑17208 – Adds frontend support for CSV export of NHI data using a backend‑generated download URL, with direct redirection to Azure storage for faster and more scalable downloads, without requiring UI changes.

Enhancements

• PM‑17162 – Integrates analytics into the Mesh Dashboard, enabling advanced product analytics, user behavior tracking (with explicit user consent), session replay support, and improved insight into feature usage for data‑driven decisions.

• PM‑17045 – Improves asset identification for machine assets imported from ServiceNow by mapping the “Name” attribute when available or falling back to sys_id when not, ensuring consistent and reliable asset labels.

Bug Fixes

• PM‑17160 – Fixes an issue where cryptographic key sizes were not displayed in correlated asset views, restoring complete and accurate visibility of cryptographic attributes.

Known Limitations

January 23, 2026

This release enhances the Axiad Mesh platform with improved asset ownership visibility, expanded cryptographic asset details for Post-Quantum Cryptography (PQC) readiness analysis, and a streamlined user experience across dashboards and asset views.

Features

Enhancements

• PM‑17059 – Added consistent “Owning Group” presentation across all asset types in both detail and list views, improving ownership clarity.

• PM‑17093 – Machine assets now correctly identify individual ownership when group ownership is not available, preventing incorrect orphan classification.

• PM‑17097 – Backend now returns “Owning Group” information for all applicable asset types to support front‑end display.

• PM‑17058 – Crypto assets now display key size and full signature algorithm across details and list views, aiding PQC analysis.

• PM‑17045 – Machine assets now use “Name” when available or fall back to ServiceNow sys_id to ensure every asset is identifiable.

• PM‑17046 – Prevents blank asset labels by showing the external ID as the display name when no name is provided.

• PM‑16996 – Widget now applies all active filters correctly, ensuring accurate and consistent data representation.

• PM‑17003 – Users can now sort and filter crypto assets by Owner and Installed On columns, enabling deeper analysis and visibility patterns.

Bug Fixes

• PM‑16976 – Resolved an issue where the browser prompted for ServiceNow API credentials instead of honoring SSO authentication.

Known Limitations

January 16, 2026

This release delivers key enhancements to the Axiad Mesh platform, with a strong focus on user experience, performance optimization, and data accuracy. Updates include seamless authentication flows, refined crypto‑asset risk scoring, powerful new data‑sorting capabilities, and significant gains in reconciliation-engine performance.

Features:

• Streamlined ServiceNow Integration: Single sign-on (SSO) authentication for seamless access to crypto asset details

• Faster Reconciliation Processing: Incremental change detection reduces processing time for large environments

• Improved Risk Assessment Accuracy: More precise classification of cryptographic assets

• Enhanced Data Management: New sorting capabilities for asset lists

Enhancements

• PM-16987: Introduces timestamp‑based incremental reconciliation, enabling the system to process only modified records rather than the entire dataset. This improves performance, supports early exit when no changes are detected, and includes fallback logic when full reconciliation is required.

• PM-17003: Adds the ability to sort and filter crypto‑asset lists by Owner and other key attributes, improving navigation and analytical workflows.

• PM-17005: Users can now sort software assets by “Installed Machines,” making it easier to identify software with the highest exposure across environments.

Bug Fixes

• PM-16976: Resolves an issue in which users were prompted for API credentials instead of SSO when opening ServiceNow from Mesh, ensuring a seamless authentication experience.

• PM-17000: Fixes an issue where crypto assets installed on machines were incorrectly labeled as “Orphan NoAsset,” ensuring accurate asset‑to‑machine relationship mapping.

• PM-17001: Removes ambiguous tooltip labels (e.g., “Safe,” “Very Low Risk”) from the risk score display to prevent misinterpretation and improve clarity.

Known Limitations