Skip to content
Contact us
  • There are no suggestions because the search field is empty.

What's New at Security Journey 2026

Stay up to date with Security Journey’s 2026 product updates, new features, content releases, and platform enhancements—all in one place.

May 27, 2026

New Learning Path — 2025 CWE Top 25 Most Dangerous Software Weaknesses

  • The 2025 CWE Top 25 Most Dangerous Weaknesses Path is now available
  • Includes two formats: a video-based course and a hands-on learning path covering all 25 CWEs
  • The video course uses short, focused lessons, with each CWE presented as a standalone module for easy targeted training
  • The hands-on course allows learners to exploit, remediate, and mitigate each weakness, reinforcing real-world secure coding skills
  • Supports multiple programming languages, giving learners flexibility to practice in their preferred environment
  • Access the Lab Based learning path: 2025 CWE Top 25 Most Dangerous Software Weaknesses - Lab
  • Access the Video Based learning path: 2025 CWE Top 25 Most Dangerous Software Weaknesses - Video

May 18, 2026

New Content Type & Platform Improvements

Improved “My Paths” and “My Quests” Experience

  • We’ve made it easier to keep track of your learning. When you enroll in a Path or Quest, it will now remain visible on your Journey page under My Paths or My Quests.

    • Your active Path or Quest will always appear as the first card in the row.

    • All other content will be displayed in alphabetical order for easier browsing.

Previously, enrolled content was removed from this section—now it stays front and center so you can quickly pick up where you left off.

Introducing AI Skills Labs
We’ve added a new content type, AI Skills Lab, to the Full Catalog as part of our AI Advantage offering.

  • These labs are hands-on and interactive, designed to build practical AI skills.

  • No coding experience is required.
If you filter by AI Skills Lab but don’t currently have access, you’ll see a message guiding you to connect with your Account Manager to learn more.
 
May 11, 2026
 

New Features & Platform Improvements 

Improved Video Quiz Experience

We’ve made video quizzes more intuitive and engaging:

  • You’ll now see the correct answer upon quiz completion, helping reinforce learning in real time.

  • All quiz questions are now presented in a single, streamlined view for a smoother experience.

QuizResults

Expanded Intro Tour with AI Content

We’ve added two new AI-focused lessons to the Intro Tour, giving you an early look at key concepts and hands-on learning opportunities.

Faster Admin Dashboard Performance

The Admin Dashboard now loads more quickly, making it easier to access insights and manage your program efficiently.

May 15, 2026

New Learning Path — MCP Application Security

  • The MCP Application Security path is now available
  • Focuses on secure development practices for Model Context Protocol (MCP) applications, an emerging standard for connecting AI models to external tools and data sources
  • Includes five hands-on lessons where learners identify and remediate vulnerabilities in MCP servers and clients
  • Helps build practical understanding of security and access control risks in poorly implemented MCP systems
  • Access the learning path: MCP Application Security

April 29, 2026

SCIM Improvement & Self-Initiated Assessments

SCIM Manager Field Support
  • Manager Field Support via SCIM: Organizations can now sync manager relationships (Manager Name + Manager's Email) directly through SCIM, helping keep user data accurate and up to date automatically
New Feature: Self-Initiated Learner Assessments
  • Self-Initiated Assessments: Learners can now take Assessments without admin assignment
    • If no Assessments are in a user’s To-Do, an Assessment card will appear with available options
    • All learners now have access to an Assessments tab for easy navigation
    • Admins can view results via Assessment reporting

Learn more: Self-Initiated Assessments (Admin Guide)

April 15, 2026

Platform Improvements

  • Added a quick link to “Chat with Support” in the user profile dropdown for faster access to or Support Team
  • Increased maximum path name length to 100 characters to allow for more descriptive naming

April 8, 2026

Aspen Adapt API

Expanded Adapt Support: Adapt now supports integrations beyond GitHub. To learn more visit: Aspen Adapt API: Send CWE Findings to Security Journey.

April 6, 2026

Aspen Updates and Admin Experience Improvements

This release introduces major Aspen updates along with improvements to the admin experience, user management, and assignments.

Aspen Updates

New Aspen functionality is now live, including dedicated pages for Guardian, Adapt, and Assist with feature toggling and metrics. Aspen now supports integrations beyond GitHub, and a new “Connections” page centralizes access to SSO, SCIM, Reporting API, and more.

Check it out here: 

Screenshot 2026-04-21 at 12.16.14 PM

Admin Experience Improvements

The Admin UI for Custom Paths and Quests has been separated into dedicated pages, creating a more consistent experience aligned with the Recommended Path workflow.

User Management & Assignments

Admins now receive clearer feedback when making changes:

  • A prompt reminds admins to save when adding or editing users in Assignments
  • A message and loading indicator appear when users are added or removed, reflecting that the action is not instantaneous
  • “Company” attribute has been added to the Users table

March 30, 2026

Platform Improvements and Admin Enhancements

Content Management & Exports

Admins can now export individual lessons from the Full Catalog or export entire learning paths directly from the Admin Path UI, improving content management flexibility.

Reporting & Account Visibility

We’ve expanded the Account Overview and Usage reports with additional fields, including Purchased Licenses, Active Learners, Active Administrators, Archived Users, and Expiration Date—providing clearer insight into account activity and usage.

Screenshot 2026-04-21 at 12.05.50 PM

New Path: AI-Augmented Development

This new hands-on course builds on Modern AI Development Techniques and provides practical experience with widely used AI development tools and workflows. It covers secure practices for AI-assisted development, including AI coding tools (such as Codex), agent-based workflows, and the Model Context Protocol (MCP). Check it out here

March 23, 2026

Platform Improvements and Admin Enhancements

Assignments & Tournaments

Developer profile fields are now available as assignable attributes when creating Assignments and Tournaments, enabling more targeted user segmentation. Additionally, when a tournament is set to “everyone,” users are now enrolled once they click “start,” simplifying participation.

Content Management & Exports

Leaderboards are now exportable, making it easier to analyze and share performance data outside the platform.

March 17, 2026

Enhanced Security Journey Platform

The Security Journey platform has been updated with a modernized experience for both learners and administrators.

Screenshot 2026-04-24 at 4.17.59 PM

Key Updates
  • New interface: Cleaner, more engaging design
  • Improved navigation: Faster content access and new To-Do section
  • Streamlined experience: Easier program management and smoother learning flow
  • Enhanced catalog: Improved content discovery and relevance
  • Light/Dark mode: Customizable viewing options
  • Aspen Guardian: Real-time secure coding guidance
  • Aspen Adapt: GitHub-driven, adaptive learning
Resources

March 16, 2026

New Path: OWASP Top 10: 2025 (Video)

We’ve launched a new training path covering the recently updated OWASP Top 10 web application security risks. This series features in-depth video lessons designed to build a strong foundation in modern web security threats. Pair these videos with our hands-on labs for a comprehensive, practical learning experience. Check it out here

February 27, 2026

New Path: Secure Shell Programming Essentials

This hands-on course teaches learners how to identify common shell scripting vulnerabilities and remediate them using secure programming practices. It focuses on strengthening automation and operational workflows through more secure shell scripting techniques. Check it out here

February 23, 2026

Removal of “HackEDU” Label from Hands-On Content

We’ve removed the “HackEDU” label from hands-on content to create a more consistent experience for all customers. Updated naming simplifies paths and lessons (e.g., “HackEDU: OWASP API Top 10” is now “OWASP API Top 10”).

February 2, 2026

New Platform Experience Available: Explore the Updated UX/UI

What’s new

We’ve introduced an updated platform experience designed to be more modern, intuitive, and easier to navigate for learners.

What this means for you

The updated UX/UI is now available alongside the existing experience, allowing teams to explore the new interface at their own pace. You can switch between views while continuing your day‑to‑day work without disruption.

Why we did this

The new experience improves clarity and usability through:

  • Cleaner lesson layouts and clearer lesson cards
  • Better visibility into progress and estimated time to complete lessons
  • A more streamlined, developer‑friendly design

What to expect next

During this transition period, we’re actively incorporating feedback to finalize the experience ahead of full adoption. A complete cutover is planned for early March 2026, and we’ll continue sharing updates to ensure a smooth transition.

Screenshot 2026-04-21 at 11.48.16 AM

January 7, 2026

New Courses: Modern AI Development Techniques + OWASP Top Ten 2025

Modern AI Development Techniques

A new course covering vibe coding featuring 8 lessons that cover the pros and cons of LLM-assisted development, and best practices for using AI responsibly in your workflows.

Find it under Paths & Quests > Recommended Paths > Video and Hands-On > Modern AI Development Techniques.

OWASP Top Ten 2025

We’ve launched a new OWASP Top 10 2025 course featuring 10 lessons aligned to the latest OWASP Top 10 2025 list. This update ensures your teams are training against the most current industry guidance and today’s top security risk priorities.

Find it under Paths & Quests > Recommended Paths > Hands-On Only > OWASP Top Ten 2025.

January 2, 2026

Aspen: Guardian AI and GitHub Integration

Aspen: Guardian AI

Aspen: Guardian AI turns real findings from your CI security scanners into targeted updates for your AI assistant’s rule file (like copilot-instructions.md or CLAUDE.md). It analyzes SAST results, converts recurring issues into prevention rules, and submits updates via pull request—creating a feedback loop that helps your assistant reduce repeat vulnerabilities as your codebase evolves.

For more information the feature and setup, check out this article: Aspen: Guardian AI

GitHub Integration

With a secure GitHub API key, our GitHub Integration can scan live commits, identify potential weaknesses by CWE, and surface those findings in the Security Journey platform. Admins get a prioritized view of emerging vulnerabilities and can use these insights to identify and assign highly relevant training based on what’s showing up in real code.

For more information the feature and setup, check out this article: GitHub Integration: Turn Real Code Activity into Targeted Secure Coding Training