Releases

Introducing a new long-running thorough (plan) mode alongside the existing fast mode. Fast mode remains the default for quick, focused, and iterative tasks. Thorough mode is for depth: the agent asks clarifying questions about your target and objectives, builds a comprehensive plan, spins up parallel sub-agents for each part of the plan, and executes end-to-end. It takes longer and uses more credits, but it is built for broad-scope reconnaissance, multi-phase penetration tests, deep reverse engineering, and large research objectives where a quick pass would miss things. Available from the mode selector in the task UI and via the API.

A dedicated issues section at /issues with a persistent vulnerability database behind it. Browse, filter, and act on every finding your agents discover, with full details, timeline, and linked tasks on each issue. Agents read from and write to the same database, and they only file issues after a validation step, so the data starts clean. Every issue has two actions: "Challenge & Verify" re-tests exploitability by spinning up a new task against the finding, and "Escalate" pushes exploitation depth further, both available individually or as bulk actions.

Your feedback shapes future results. Mark something as a false positive, flag it as out of scope, or add business context, and agents carry that forward into every subsequent run. Over time, the system gets better at filtering noise, respecting your scope boundaries, and recognizing patterns you have already triaged. The same data feeds regression testing, so previously resolved issues are automatically re-checked in future tasks.

This release adds new agent tools across planning, issue management, SSH access, and centralized network traffic analysis.

Slack is now a native working surface for Neo, not just a notification channel. Connect your workspace from the integrations page with one-click OAuth, mention Neo in any channel or DM, and agents run security tasks, post concise summaries, and attach output files directly in the thread. Follow-ups maintain full thread context, so you can investigate a target, ask follow-up questions, and continue deeper work without re-explaining anything. Any request you would make in the Neo UI can be made from Slack. For setup instructions and usage details, see the Slack integration docs at https://docs.neo.projectdiscovery.io/integrations/slack.

Built specifically for red teaming operations. After working with multiple red teams over the past few months building custom tools and custom agents, we are releasing an official Red Team Operator agent designed to handle real-world post-exploitation workflows. It ships with nine curated offensive tools pre-installed in every sandbox (Impacket, BloodHound, NetExec, pypykatz, Hydra, John the Ripper, Kerbrute, Chisel, and Responder) and knows how to chain them strategically based on what it discovers at each step. The agent handles credential harvesting, lateral movement, privilege escalation, and domain enumeration end-to-end, pivoting between tools automatically as new information surfaces. Available in every account, all tools pre-configured and ready the moment the sandbox starts.

Connect to remote targets over SSH directly from the sandbox using key-based or password authentication. Agents can run commands, transfer files, and inspect remote systems as part of their task workflow. Configure SSH credentials from the secrets panel at neo.projectdiscovery.io. For setup instructions and usage details, see the SSH connections docs at https://docs.neo.projectdiscovery.io/concepts/ssh-connections.

Set any agent to unlisted visibility to share it via a private link without publishing it to the directory. Anyone with the link can install and run it. Revoke access at any time by switching visibility back to private.

GPT-5.5 and Kimi K2.6 are available from the model selector. Auto model selection routes each step of a task to the most suitable model based on the type of work. Multi-model support lets a parent agent and its sub-agents use different models within the same task, so you can balance cost and capability. Model preferences can be set at the project level.

The orchestrator now parallelizes sub-agent execution for speed. Instead of running one at a time, sub-agents for reconnaissance, scanning, and validation execute concurrently, and a redesigned trace UI lets you follow each one independently. Multi-step tasks finish significantly faster without any changes to how you set them up.

Agents now re-test discovered issues to confirm they are exploitable before they reach your dashboard. Each verified finding includes a structured proof-of-exploit with the exact steps, payloads, and responses used. This catches false positives before they show up in your issues list, so the data you review has already passed a second check.

Built-in agent tools for domain reconnaissance: wildcard domain search for phishing hunts, passive DNS to surface associated and typosquat domains, and subdomain enumeration with auto-export into downstream tools. Passive DNS discovery works without generating traffic to targets, so reconnaissance stays invisible.

A dedicated sub-agent with 135+ Ghidra tools for binary analysis, decompilation, and reverse engineering. Analyze binaries through natural language: decompile, extract strings, trace control flow, identify function signatures, and map cross-references. The agent runs entirely inside the isolated sandbox with no local setup required, and files can be shared between the Ghidra agent and other sandbox agents to chain binary analysis into downstream vulnerability assessment.

Save, search, and share prompts across your team. Type / in the chat to find and insert a prompt inline. Fork any prompt to create your own variation when a teammate has a good base but you need to adjust the scope or technique. Prompts are searchable by title and content, scoped to your team.

Add your own API keys for Google Vertex AI, Amazon Bedrock, or Vercel. Keys are available to all team members once configured. The model list updates dynamically based on which providers your team has enabled, so you only see models you can actually use. Usage tracking works the same regardless of provider. This is an enterprise feature. Contact your sales representative or account engineer to enable it.

Share task results via a public link. The recipient sees the full conversation, file outputs, and metadata in a clean read-only view with no Neo account required. All tool renderers work in the shared view: browser screenshots, mermaid diagrams, working memory blocks, and subdomain results render as expected. Secrets and private files are automatically redacted.

Create a workspace with role-based access, shared tasks, shared secrets, and a single environment everyone works from. Invite members by email or enable auto-join for anyone with a verified company domain. Three roles control access: admins manage billing and settings, members run tasks and manage secrets, viewers observe task output without modifying anything.

Every sandbox now ships with a local Chromium browser. For offline testing, locally deployed applications, or targets that need to be accessed without leaving the sandbox network, agents can use the built-in browser to navigate pages, fill forms, take screenshots, and interact with web applications directly inside the execution environment. No external browser service required.

The usage dashboard breaks down credit consumption by task, model, and agent, with date range filtering and per-task drill-down. Team-level tracking lets admins spot trends and manage spend across the organization. Credit balance and remaining allocation are visible at a glance from the settings page.

Connect sandboxes to internal networks via VPN so agents can reach private hosts, staging environments, and network segments that are not publicly accessible. VPN sessions are scoped to the sandbox lifecycle: established on sandbox start, torn down when the task ends. Configure VPN connections from the secrets panel using standard credentials.

Each sandbox now enforces process-level user isolation. Agent processes run under a dedicated user context, preventing cross-task interference and ensuring file permissions are scoped correctly. This also fixes edge cases where stale file locks or lingering processes from a previous task could affect the next one.

Sonnet 4.6 is now available for all user tiers, and Opus 4.6 is available with tag-based model access. Both models support Anthropic prompt caching, which reduces latency and cost on repeated tool calls within the same task. Model access is controlled via user tags set by admins.

Tasks now check credit balance before execution and at each step. If your balance is insufficient, the task stops cleanly with a clear message instead of failing mid-run. Per-task usage breakdowns in the usage dashboard show exactly where credits were consumed.

The main agent can now suggest and delegate work to specialized sub-agents mid-task. When the main agent encounters a problem that would be better handled by a different agent (browser analysis, file operations, network scanning), it proposes the delegation and transfers context automatically.

Configure and manage connector integrations directly from within the chat interface. Link external services, set tool permissions, and check connection status without leaving the task view.

Agents now maintain structured working memory that persists across steps within a task. Instead of losing context as conversations grow, agents track key findings, decisions, and intermediate results in a memory block that stays accessible throughout the entire run. This is particularly important for long-running tasks where early discoveries inform later decisions.

Agents can now search and index files within the sandbox as structured knowledge. Upload reference material, previous reports, or target documentation, and agents query it during tasks to make better-informed decisions. Knowledge is scoped to the sandbox and available to all agents operating within it.

Generate API keys directly from Neo to authenticate programmatic access without depending on a third-party auth provider. API keys work with the full REST API for task creation, status polling, and result retrieval.

Connect external tools and services to Neo via the Model Context Protocol. Connector agents bridge MCP-compatible servers into the sandbox, giving agents access to external APIs, databases, and custom tooling as native tools during task execution.

When an agent tool call fails due to a malformed input or schema mismatch, the tool repair processor automatically corrects the call and retries. This reduces task failures from transient tool errors without requiring manual intervention.

Secrets used during task execution are now redacted at the tool level before being stored or displayed. This applies to all output surfaces: task history, shared views, and streamed responses. Redaction is automatic and requires no configuration.

Set any task to run on a recurring schedule. Define the frequency, and Neo executes it automatically with the same agent configuration, secrets, and scope each time. Useful for continuous monitoring, periodic reconnaissance, or regression testing against targets that change frequently.

Share any completed task via a public link. The recipient sees the full conversation, tool outputs, and file artifacts in a read-only view. Secrets and sensitive content are automatically redacted before sharing.

Browse and install community-built agents from the public directory. Each agent comes with a description, pre-configured tools, and a system prompt tuned for a specific workflow. Install an agent and it is ready to use in your next task.

Agents can now generate Mermaid diagrams inline during tasks. Architecture maps, flow charts, mind maps, and sequence diagrams render directly in the conversation and are exportable as images.

Browse, upload, download, and edit files inside sandboxes directly from the task UI. The file navigator supports search, inline editing, and handles large file counts without freezing.

The entire task interface, including the chat, process trace, file navigator, agent directory, and schedules, now works on mobile. Layout, padding, and navigation have been rebuilt for smaller screens.

Browse, share, and install agents from a public directory. Create your own agent with a custom system prompt and tool configuration, then publish it for others to use. Agents can be shared as unlisted (private link) or listed in the public directory. Installing an agent makes it available in your task UI immediately.

Upload documents, reports, and reference material into a searchable knowledge base. Agents query the knowledge base automatically during tasks to inform their approach with target-specific context, prior findings, or scope documentation. Knowledge is indexed and available across tasks.

ProjectDiscovery Cloud Platform tools are now natively available inside every sandbox with auto-injected API credentials. Agents can run subdomain enumeration, port scanning, and vulnerability scanning through PDCP without manual API key configuration.

Agents can recall relevant context from previous tasks. When starting a new task, the agent searches past conversations and findings for relevant information, so repeated work against the same target builds on prior knowledge instead of starting from scratch.

Share completed tasks via a public link with automatic secret redaction. All sensitive values, API keys, credentials, and redact phrases are stripped from the shared view before anyone sees it. The shared view includes the full conversation, tool outputs, and file artifacts in a clean read-only format.

GPT-5.1 is available from the model selector. Haiku 3.5 is available as a fast, cost-efficient option for chat mode and lightweight tasks.

The main agent can now spawn specialized sub-agents during a task based on what it discovers. Instead of relying only on pre-configured sub-agents, the orchestrator creates new ones with custom tool sets and instructions tailored to the specific problem at hand. This means the agent adapts its approach as the task unfolds rather than following a fixed plan.

Stop any running task cleanly from the UI. The abort signal propagates to the sandbox and all active sub-agents, terminating processes and releasing resources. Aborted tasks retain their conversation history and any files produced up to that point.

A lightweight conversation mode for quick questions that do not need a full sandbox session. Chat mode uses a fast, cost-efficient model for general questions, research, and planning without spinning up infrastructure. Switch between chat and task mode depending on what you need.

Models from OpenRouter are now available in the model selector. Access Grok 4 Fast, Kimi K2, and other models through a single integration. Model availability updates as OpenRouter adds new providers.

Agents can now perform web searches and analyze web images as part of their workflow. The web research tools let agents gather open-source intelligence, check for public disclosures, and pull context from documentation without leaving the task.

Sandboxes now recover automatically from transient infrastructure failures. If a sandbox process crashes or loses connectivity, it restarts and restores state without failing the task. This eliminates a class of task failures that were caused by infrastructure, not by the agent.

Every task runs in an isolated sandbox pre-loaded with a comprehensive security toolchain. Nuclei, nmap, curl, sqlmap, masscan, ffuf, and ProjectDiscovery tools are installed and available out of the box. Agents use these tools directly through natural language without any setup, and all execution stays contained within the sandbox boundary.

A dedicated browser agent can navigate web applications, interact with pages, extract endpoints, take screenshots, and capture network requests. The browser runs in a remote session and the agent operates it through structured tools for clicking, typing, navigating, and extracting content.

Tasks run through a multi-agent system where a main orchestrator delegates work to specialized sub-agents. Dedicated agents handle reconnaissance, browser interaction, sandbox operations, and vulnerability verification. Each sub-agent has its own tool set and context optimized for its specialty.

Agents ship with dedicated tools for XSS vector testing and out-of-band (OAST) interaction verification. The XSS agent uses a curated knowledge base of context-aware payloads, and OAST tools confirm blind vulnerabilities through callback detection.

Agents can consume OpenAPI specifications and MCP servers as tool sources. Point an agent at an API spec or MCP endpoint and it gains access to every operation defined in it, with authentication support for protected APIs.

Sandboxes now run on dedicated cloud infrastructure instead of shared compute. Each sandbox gets its own isolated environment with dedicated resources, persistent storage, and no time-to-live limits. This means longer-running tasks complete without being interrupted, and sandbox performance is consistent regardless of platform load.

A dedicated verification flow for XSS and open redirect vulnerabilities. Instead of reporting potential injection points, agents now attempt to confirm exploitability by testing context-aware payloads against the target. Verified findings include the payload used and the response that confirmed the vulnerability.

Agents can now confirm blind vulnerabilities using out-of-band application security testing (OAST). Callback-based detection verifies that payloads triggered execution on the target, even when the response itself does not reveal the vulnerability. Essential for blind SSRF, blind XXE, and similar classes.

A curated knowledge base of XSS vectors indexed by injection context. Agents search this knowledge base to find payloads appropriate for the specific context they encounter (attribute, script block, event handler, URL parameter), rather than trying generic payloads.

Gemini 2.5 Pro is available from the model picker. GPT-5 High is also now available as a higher-capability variant of GPT-5 for tasks that benefit from deeper reasoning.

If your browser disconnects or you navigate away during a running task, you can return and the stream resumes from where it left off. No output is lost, and the task continues running in the background regardless of your connection.

GPT-5 is available as a model option. A new model picker in the task UI lets you choose which model to use before starting a task. Your selection is remembered across sessions. Models can be switched between tasks based on the complexity of the work.

Sandbox tool output now streams to the UI in real time. Instead of waiting for a tool to finish before seeing output, you can watch command execution, scan progress, and script output as it happens. This is especially useful for long-running tools like nuclei scans or network enumeration where you want to see results as they come in.

A dedicated summarizing agent processes sub-agent output into concise, structured summaries. When a sub-agent completes its work, the summarizer extracts key findings, strips noise, and presents results in a format the orchestrator can act on efficiently.

Agents now manage long conversations with a rolling context window that keeps the most relevant recent messages and compacts older ones. This prevents context overflow on long-running tasks and lets agents maintain coherence across many steps without losing track of important findings.

Set environment variables that are injected into the sandbox at runtime. API keys, tokens, and credentials are available to agents and tools without hardcoding them in prompts. Variable keys are included in the agent context so it knows what credentials are available.

Agents can read and analyze PDF files uploaded to the sandbox. The UI renders file previews inline, supporting PDFs, images, and code files with syntax highlighting. Larger file uploads are now supported.

Every task runs inside an isolated sandbox with shell access, Python scripting, and a pre-installed security toolchain including Nuclei and ProjectDiscovery tools. Describe what you want in natural language, and the agent plans and executes the work autonomously, running tools, writing scripts, and analyzing output step by step.

Tasks are handled by a multi-agent swarm where a main orchestrator delegates work to specialized sub-agents. Each sub-agent has a focused role and tool set. The orchestrator decides which agent to invoke based on the task requirements, and sub-agents pass results back for the orchestrator to synthesize.

Agents can list, read, write, and edit files inside the sandbox. File artifacts are stored in the cloud and available for download from the conversation. The UI shows file previews inline, including document previews and code with syntax highlighting.

Agents can search the web as part of their workflow. Useful for CVE research, checking public disclosures, finding documentation, and gathering open-source intelligence about a target.

Provide custom instructions that persist across tasks. Use them to set scope boundaries, preferred tools, output format preferences, or target-specific context that the agent should always consider.