Intelligence Infrastructure & Platform Maturity

TL;DR

We’re not adding more security noise to an already crowded industry. We’re stripping cybersecurity back to first principles and rebuilding it as an intelligence system that actually understands what it’s protecting.

Instead of fragmented tools, static reports, and guesswork, Excalibur connects architecture, threats, attacks and controls into one living system. Faster insight, clearer decisions, and security work that finally scales without losing human judgement.

This isn’t a quick win or a feature race.

We’re doing the hard, unglamorous work to change how cybersecurity is built and we’re not stopping.

If this industry is going to be transformed, it won’t be by shortcuts.

It’ll be by systems that think clearly and teams that refuse to quit.,

Excalibur just moved from generating security artifacts to operating as an intelligence platform. Which is one more step towards Cyber Artificial General Intelligence.

v1.3.0 focuses on four pillars:

• Neural network reasoning (The central brain which learns more and more about your product and company all privately!)

• Flexible, customer-owned AI infrastructure

• Human-guided offensive workflows (Yes we are diving into offensive more in the coming updates)

• Platform reliability at production scale

🧠 Neural Network-Native Gap Analysis

18× faster, zero guesswork

What changed

• Gap Analysis(previously clarifying questions) is now executed directly against the Knowledge base

• No slow LLM loops

• No generic “clarifying questions”

What it detects (automatically)

• External attack paths without authentication

• Threats with no mitigations

• Components missing security controls

• Data flows without sensitivity labels

• Orphaned components and empty trust boundaries

• Areas with no Q&A coverage

• Incomplete or undocumented nodes

Why it matters

• Response time dropped from ~18 seconds to ~1 second

• Findings are precise, contextual, and architecture-aware

• Questions now reflect what’s missing, not what’s easy to ask

🔄 LLM Provider Flexibility

You own the intelligence layer

What changed

• Full migration to OpenRouter from Runpod

• Unified access to 500+ LLM providers

• Bring-Your-Own-AI via Settings UI

• Enterprise Azure Ai and AWS Bedrock support incoming

Improvements

• Higher token limits for reasoning-heavy tasks

• Better reliability under load

• Cleaner support for structured outputs

Important note

• Users must configure AI providers via Settings → AI Providers before proceeding

🤖 Pentesting Agent (Human-in-the-Loop)

Automation without autonomy

New capability

• AI-assisted pentesting agent with explicit approval gates

Workflow

• Scoped targets

• Human-approved interpretation

• Structured attack planning

• Step-by-step execution with approvals

• Automatic results compilation

Why this matters

• No black-box agents,

• No uncontrolled execution

• Clear intent, traceability, and human ownership at every step

🏗️ Architecture & Context Intelligence

Deeper extraction, cleaner signal

Architecture ingestion

• Multi-phase extraction pipeline for higher fidelity

• Better component discovery

• More accurate connection mapping

• Validation and retry logic built-in

Context ingestion

• Documents now understand architecture

• Context links to specific components

• Coverage and completeness become measurable

New capabilities

• Component-aware chunking

• Graph-linked documentation

• Validation endpoints for ingestion quality

🔐 HackerOne Integration

Bug bounty visibility, inside the platform

New dashboard

• Live HackerOne integration

• Severity breakdowns

• Report detail views

• Safe fallback when credentials aren’t present

Why this matters

• External findings now sit alongside internal threat models

• Less tab-hopping

• Better prioritisation

🐛 Stability & Reliability Fixes

Production-grade by default

• Fixed JSON extraction issues for reasoning models

• Stabilised Neo4j connection pooling in long-running deployments

• Resolved rate-limiter crashes on newer FastAPI versions

• Fixed canvas graph persistence edge cases

• Corrected observability and tracing initialisation

• Repaired state mismatches in Gap Analysis answers

🧪 Testing & Delivery Infrastructure

• End-to-end tests for core workflows

• Automated CI/CD validation

• Deployment status notifications

• Safer, more predictable releases

📊 Release Metrics in past 2 weeks

• 60+ commits

• 7 major features

• 15+ fixes

• 100+ files changed

• 18× performance improvement in Gap Analysis

What v1.3.0 really represents

This release isn’t about more automation.

It’s about better intelligence, faster feedback, and tighter control.

Less guessing.

More grounding.

More trust in the system.

Excalibur is growing up and we wont stop until we reached artificial general intelligence in cybersecurity.