Now

Programs now support scopes — a major upgrade to how you track and measure control effectiveness.

Define scope targets, link controls to specific scopes, and track assurance at the scope level. Control assurance overrides with attestation support let you document and justify deviations from expected assurance levels, while confidence snapshots capture point-in-time program health so you can measure control degradation over time.

• Per-scope health and risk views let you drill into scope-level control effectiveness directly from the program dashboard
• New scope module with dedicated management pages for scope targets and control linking
• Billing overrides support trial extensions, grace periods, and free access for workspace management
• End-to-end tests with Playwright and automated RLS testing in CI for stronger reliability

This release introduces an AI-powered chat assistant and a unified communication platform with Slack integration.

The AI chat assistant lives inside the app with action tools that can create tasks, generate narratives, map controls, draft policy language, and write observation notes. It's powered by Claude through the Vercel AI Gateway, with conversation management and feedback built in.

• Unified comms platform handles activity logging, notifications, and email dispatch from a single system
• Slack integration delivers real-time notifications to channels linked to your workspace
• Programs now support direct task assignment and unassignment
• Security definer functions locked down with explicit search_path across the board

episki is officially out of beta. This release brings a redesigned settings experience, built-in report templates, and a complete billing overhaul.

Settings pages now have their own dedicated sidebar with grouped navigation across personal, workspace, and configuration sections, giving you a cleaner, more focused experience when managing your workspace.

• Built-in report templates ready to use for PCI DSS 4.0.1 ROC, status reports, and final reports
• Global system status groups for PCI DSS and NIST CSF Maturity out of the box
• Stripe Sync Engine replaces manual webhooks for reliable billing data
• MCP server with OAuth 2.1 enables third-party integrations
• Drag-and-drop image uploads stored securely in Supabase with RLS

Starting the year strong with a centralized AI gateway and enhanced security features to protect your compliance data.

All AI features now route through our unified AI gateway, providing centralized management, audit logging, and improved performance for document analysis.

• Centralized management for all AI interactions
• Rate limiting for fair usage across all users
• Audit logging to track AI interactions for compliance
• Model selection to choose the right AI for each task
• Faster RAG processing for document analysis

AI is here to supercharge your compliance workflow. We're introducing intelligent assistance powered by our new RAG pipeline.

Our Retrieval-Augmented Generation pipeline understands your compliance context, automatically analyzes documents, and builds organizational knowledge over time.

• Context-aware responses that understand your frameworks and controls
• Automatic document analysis for uploaded artifacts
• Evidence suggestions for satisfying controls
• Knowledge base that grows with your organization

This release focuses on platform stability and everyday usability with full TypeScript enforcement and quality of life improvements.

We've resolved all TypeScript errors and enabled strict checking in CI, resulting in better IDE support, improved autocomplete, and a more maintainable codebase.

• Catch errors before they reach production
• Improved autocomplete and error detection in your IDE
• More maintainable and reliable codebase

Move your data freely with full import/export support and customize how you track control status.

Transfer testing procedures and data between systems with full import/export support. Move your data freely with CSV and JSON format support and automatic validation during import.

• Export testing procedures for backup or sharing
• Bulk import from spreadsheets or other GRC tools
• CSV and JSON formats supported
• Automatic validation during import to catch errors

Every organization tracks compliance differently. This release lets you customize control statuses and brings a polished dark mode experience.

Define statuses that match your workflow with custom labels, color-coding, and flexible transition rules.

• Create status labels that make sense for your team
• Color-code statuses for quick visual identification
• Configure which statuses can transition to which