Escape Monthly Product Updates — December

Alexandra Charikova -

Welcome to the December edition of "What's New at Escape", your monthly roundup of the latest features and updates 👋

Even though the year’s winding down, we’re still rolling up our sleeves and shipping new features to make your experience even better! 

Here’s what you can dive into right now:

  • Discover BOLA and ensure your multi-tenant environments are secure with natural language rules
  • Test scan setup before launch, including complex authentication
  • Enhanced scan failure visibility
  • Connect Escape MCP to any IDE and streamline remediation 

Jump to:

    Learn more about Escape

    Book a demo → Learn more

    Discover BOLA and ensure your Multi-tenant environments are secure

    Tenant Isolation Overview

    You could already validate authorization controls between users with different privilege levels (privilege-escalation testing). Now, with Escape’s first automated pentesting AI agent, you can also verify that users and roles from different tenants can’t access each other’s data (tenant-isolation testing). 

    Whether your app has users with the same privileges across different companies, users in the same company with different privilege levels, or users who need cross-role access, you can test all scenarios with natural-language rules and be confident that your access boundaries are securely locked down.

    Learn more in-depth about this feature

    Ensure accurate scan setup to prevent issues before launch

    We’ve made it easier to double-check your scan settings before you hit launch. With just a click of the “Test Configuration” button, you can now validate key settings like authentication, ensuring everything is set up right and giving you confidence before starting your scan.

    Test scan configuration in Escape

    What you can expect:

    • Streamed Validation: When validating configurations, such as Browser Authentication, screenshots and results are now streamed progressively. This means you can see feedback in real-time, rather than waiting for the entire process to finish, giving you quicker insights and enabling adjustments on the fly.
    • Validate Before Profile Creation: You can now validate your settings before creating a scan profile or integrating it with other systems. This ensures that everything is properly configured, reducing the likelihood of issues when the scan starts.

    How to Use:

    Once you’ve set up your new scan profile in the Escape DAST tool, simply click on the Test Configuration button. This will trigger the validation process, allowing you to review and adjust key settings such as authentication, scheduling, rate limits, and more before finalizing your scan setup.

    Test Configuration Button available

    Enhanced scan failure visibility

    We introduced a new feature that brings instant visibility into scan failures:

    Scan failure notification

    Historically, when a scan failed, it was often unclear why, forcing users to dive deep into logs for answers. This feature allows you to easily identify which scans have failed and understand the reasons behind these failures.

    Key Benefits:

    1. Instant Visibility on Failures: Immediately see which scan profiles have failed, enabling you to prioritize troubleshooting efforts and reduce downtime.
    2. Actionable Insights for Faster Investigation: View detailed failure information, including direct links to event logs, to help you investigate the root causes quickly and efficiently.
    3. Accessible Through API or within the Escape Platform: All failure feedback is available via our public API, making it easy to integrate into your existing tools and workflows. You can also view failure details either on a summary page or as alerts on a list of scan profiles.
    List all scan problems via Escape's Public API
    1. Smarter Configuration Management: Detect misconfigurations or incomplete scan setups early, saving time for both users and support teams in preventing recurring issues.
    Problems with configuration shown on Escape's platform

    Types of Issues Flagged

    With the new scan failure visibility, users will now see failures categorized by key areas, including:

    • Private Location Failures (e.g., unreachable proxies or locations)
    • Authentication Failures (e.g., configuration errors, invalid credentials)
    • Configuration Issues (e.g., rate limits, invalid patterns, permission errors)
    • Schema and Service Unreachability (e.g., invalid GraphQL/OpenAPI schemas, unreachable assets)
    • Timeout and Integration Errors (e.g., scan duration limits, CAPTCHA or security blocks)

    These categories will help you quickly identify the nature of the problem, so you can act swiftly to resolve the issue.

    Next steps

    We encourage all Escape users to provide feedback on the errors being reported to help us refine and improve the feedback mechanism. This ensures that the issues flagged are helpful and relevant! Feel free to reach out to your dedicated Escape contact via in-app chat, email, or on Slack/Teams channels.

    Streamline remediation in any IDE with Escape MCP

    With Escape MCP, remediation just became part of your everyday coding flow. You can now fix vulnerabilities directly in your IDE. No more context‑switching! Discover the step‑by‑step workflow you can plug into your development process and move from alert to action faster than ever.

    Discover the full guide

    More from the recent changelog:

    • New Escape's Public Locations available (West Coast, USA)
    • New "Create New Scan Profile" Form
    • Scan Visualization by Time Period
    • Enhanced Scan Failure Visibility

    Click here if you want to view a full list of updates.

    Stay secure,

    Your Escape team