Release notes

What's new in Northbeams.

New detections, features, and fixes shipped across the browser extension, desktop app, CLI agent, and dashboard. Updated every release.

May 2026

Extension 0.9.1 · App 0.6.1

New

Auto-update system, Windows installer hardening, and trial onboarding copy

The extension now updates its detection catalogue without a Chrome Web Store release. You get new tool signatures within 6 hours of us pushing them, no user action needed. The Windows installer went through two stability passes to fix a task scheduler race condition and a property mismatch that caused silent rollbacks on some machines.

  • Dynamic catalogue updates (extension). New AI tools are pushed to the extension within 6 hours via remote config. No Chrome Web Store re-review cycle, no reinstall prompt.
  • Browser extension force-install via MDM. Sentinel workspaces can now push the extension to all managed browsers through Intune or Jamf without asking users to install manually.
  • Auto-update system for the desktop app. The Mac and Windows apps now check for updates on launch and install them silently in the background.
  • Windows installer stability. Fixed a task scheduler property mismatch (CAQuietExec) and a JAVA_HOME path issue that caused the installer to fail silently on some Windows configurations.
  • Signup onboarding copy. The signup page now leads with the 14-day Sentinel trial framing rather than generic account creation language.
Browser Desktop Dashboard

April 2026

Extension 0.9.0 · Sentinel

New

Git commit attribution, Slack alerts, LLM intercept, and discovery sessions

Five new Sentinel features shipped in one sprint. The biggest one: Northbeams now links each AI session to the git commit that preceded it, so you can see which code shipped with which AI assist. Slack webhook alerts let you route policy violations to the channel that owns the tool.

  • Git commit attribution (Sentinel). Each AI session is linked to the most recent git commit in the same repo at session time. Lets engineering managers trace AI-assisted code to the session that produced it.
  • Slack incoming-webhook alerts. Route policy violation alerts, new tool discoveries, and high-risk detections to any Slack channel. Severity filter and rate-limiting built in so you don't flood oncall.
  • LLM usage intercept (Sentinel). Token counts and model usage captured per session, per user. Feeds the LLM cost dashboard at /usage.
  • Discovery sessions. AI activity is now grouped into sessions (contiguous windows of tool use) rather than individual events. The session view makes it easier to understand what a user was doing, not just which tool fired.
  • Discovery alerts. Get notified in the dashboard feed when a net-new tool is seen for the first time in your org.
  • Remote config push. Governance policies and catalogue updates are now pushed to endpoints rather than pulled on a schedule. Policy changes reach all endpoints within minutes.
Desktop CLI Dashboard Sentinel+

March 2026

Extension 0.8.x

New

On-device image and PDF OCR, jailbreak detection, and 10-language support

The extension now classifies content from image uploads and PDF pastes, not just typed text. Sensitive data in a screenshot pasted into ChatGPT is caught with the same signal quality as typed text. Jailbreak and prompt-injection attempts are detected and surfaced in the incident feed.

  • On-device image OCR. When a user uploads an image to an AI tool, the extension extracts text in-browser using a local OCR model and runs it through the classifier. No image data leaves the device.
  • PDF text extraction. PDF pastes and uploads are parsed in-browser before classification. Works on scanned PDFs via a zero-retention cloud fallback (AWS Bedrock Claude Haiku) when on-device extraction fails.
  • Jailbreak and prompt-injection detection. Common jailbreak patterns ("ignore previous instructions", DAN-style overrides, prompt-injection in documents) are flagged in the incident feed as a separate event category.
  • Multi-language prompt classification. The classifier now detects sensitive data patterns in 10 languages including French, German, Spanish, Portuguese, Japanese, and Chinese. Useful for teams with non-English speakers using AI tools.
  • Security: Content-Security-Policy on the dashboard. CSP headers added to the Next.js app to prevent XSS and injection attacks. All OAuth popup flows updated to work within the new policy.
Browser Dashboard

February 2026

Platform

New

MCP Gateway, analytics hub, LLM cost dashboard, and CSV export

Northbeams now governs MCP servers configured in Claude Desktop, Cursor, and Claude Code. The MCP Gateway wraps server configs to intercept and log tool calls without changing how the AI client works. The analytics hub at /analytics gives Sentinel orgs cross-team breakdowns, enforcement heatmaps, and department rollups.

  • MCP Gateway (Sentinel). The desktop app discovers and wraps MCP server configs in Claude Desktop, Cursor, and Claude Code. Every MCP tool call is logged, categorised, and available in the dashboard feed. Unwrapped automatically on downgrade.
  • LLM token and cost dashboard. The /usage view shows token consumption and estimated cost per user, per model, per week. Helps finance and engineering understand AI spend before it hits the invoice.
  • Analytics hub (Sentinel). Cross-cutting trend views, enforcement-effectiveness charts, and department-level rollups at /analytics. Exportable to CSV for board packs and QBRs.
  • CSV export (Lighthouse+). The AI Discovery Report and incident feed are both exportable to CSV. One click from the dashboard.
  • Behavioural anomaly detection (Sentinel). Unusual patterns in session frequency, prompt volume, or tool switching are flagged in the feed with an anomaly score. Useful for spotting exfiltration attempts.
Desktop MCP Dashboard Sentinel+

January 2026

Extension 0.7.x · Sentinel 0.5.x

New

Desktop AI app monitoring, CLI agent, RBAC, and signed audit logs

The Mac and Windows desktop agent now watches four AI desktop apps (Claude Desktop, ChatGPT Desktop, Cursor, Granola) and two CLI tools (Claude Code, Aider). Per-user session attribution works across all four surfaces. Signed audit logs are exportable in one click for SOC 2, HIPAA, and EU AI Act evidence packs.

  • Desktop app monitoring (Sentinel). The Mac and Windows sentinel process watches Claude Desktop, ChatGPT Desktop, Cursor, and Granola. Session start/end, model used, and prompt volume captured without reading prompt content.
  • CLI agent monitoring (Sentinel). Claude Code and Aider sessions are detected via process watch and correlated with the git repository in scope at session time.
  • Immutable signed audit logs. Every event in the dashboard feed is cryptographically signed and timestamped. Export to JSON or PDF for compliance evidence packs. Available on Lighthouse+.
  • RBAC and multi-user invites (Lighthouse+). Invite teammates with viewer or admin roles. Org owners can manage roles from Settings.
  • MDM deployment (Sentinel). The Mac .pkg and Windows .msi are deployable via Intune, Jamf, and Kandji with managed policy support. No per-seat manual install needed.
  • Email digests. Daily org-level AI summary delivered to the org owner each morning. Shows new tools, blocked prompts, and top users for the previous 24 hours.
Desktop CLI Dashboard