Release Notes 2025-2026
This document lists all the features released by Nightfall in 2025 and 2026.
January 2026
This section enlists the feature enhancements released by Nightfall in January 2026.
Expanded Removable Media Coverage: Nightfall has expanded removable media protection with broader out-of-the-box device coverage, including support for ~1,200 removable media vendors. Administrators can scope endpoint exfiltration policies using removable media type, vendor, and device serial number controls for more precise data exfiltration monitoring and blocking.
Git push monitoring: Nightfall now provides destination-based Git Push Monitoring to detect when source code is pushed from managed endpoints to non-approved Git repositories.
Nightfall now provides broader browser coverage with full data exfiltration protections across modern AI and traditional browser environments:
AI-native browsers supported (macOS):
Perplexity Comet - Full support including personal vs. business detection, file upload, clipboard paste, and typed text monitoring.
ChatGPT Atlas - Supported on macOS with complete exfiltration controls (file upload, clipboard, typed text). Personal vs. business classification will be enabled in a future release.
Chromium-based browsers supported (macOS & Windows): Chrome, Microsoft Edge, Arc, Brave, Vivaldi
Non-Chromium support:
Firefox (macOS & Windows) - Full exfiltration protections and personal vs. business detection.
December 2025
This section enlists the feature enhancements released by Nightfall in December 2025.
Ability to Exclude File & Path on Windows: If a non-sensitive file is reported as an Endpoint Exfiltration event, you can now navigate to the respective event and exclude the file, file directory, or files with a same extension from being monitored in future. You can also use wildcards to define a directory pattern for exclusion. You can find these options on the asset section of the respective event.
November 2025
This section enlists the feature enhancements released by Nightfall in November 2025.
User Session Check: Nightfall now supports personal vs. corporate account differentiation (User Session Check) for endpoint exfiltration prevention on macOS and Windows. This capability allows Nightfall to detect, alert on, and block sensitive data transfers when users move data from corporate accounts to personal accounts on the same SaaS, cloud storage, or AI application.
File Classifiers: A major upgrade to our detection platform that enables document-level understanding based on content and semantics, not just detected entities. File Classifiers allow Nightfall to identify what a document is - even when no PII, secrets, or structured identifiers are present - significantly expanding coverage for sensitive files across customer environments. File Classifiers can identify 22 document types, including: Internal source code and engineering artifacts, Confidential internal materials and strategy documents, Financial, tax, and regulatory documents, Legal agreements and contracts, HR and personnel files, Medical and patient-related documents, Customer lists, invoices, and operational documents.
Prompt-Based Entity Detectors: Nightfall has launched prompt based entity detectors, a powerful new capability that allows customers to create fully custom entity detectors using natural-language prompts, backed by LLM intelligence. This feature expands Nightfall’s detection platform beyond pattern matching and predefined entities—enabling customers to accurately detect proprietary identifiers, internal tokens, and domain-specific values without writing any code, regex, or logic rules.
October 2025
This section enlists the feature enhancements released by Nightfall in October 2025.
Nightfall is introducing Endpoint Exfiltrated Asset Preview & Download on Windows, a major enhancement designed to help security analysts investigate endpoint data exfiltration incidents faster and with greater context. In addition to existing visibility into user, source, destination, policy hits, sensitive content previews, classifications, and metadata, analysts can now preview or download the full contents of exfiltrated assets directly from the Nightfall console.
Nightfall now supports customizable block messages on Windows, giving administrators greater control over how users are informed and educated at the moment a data transfer is blocked.
September 2025
This section enlists the feature enhancements released by Nightfall in September 2025.
Support for Windows File Upload Blocking: Nightfall now allows you to automatically block files with sensitive data from being uploaded to untrusted sites.
Nightfall now supports customizable block messages on macOS, giving administrators greater control over how users are informed and educated at the moment a data transfer is blocked.
Nightfall is introducing Endpoint Exfiltrated Asset Preview & Download on macOS, a major enhancement designed to help security analysts investigate endpoint data exfiltration incidents faster and with greater context. In addition to existing visibility into user, source, destination, policy hits, sensitive content previews, classifications, and metadata, analysts can now preview or download the full contents of exfiltrated assets directly from the Nightfall console.
August 2025
This section enlists the feature enhancements released by Nightfall in August 2025.
Nightfall Copilot - Nyx: In Exfiltration, Nightfall has now introduced Copilot called Nyx. The Copilot can surface patterns, summarize user activity, and suggest future steps. The Copilot is very helpful in investigating risks. Click Nyx – AI-powered DLP Copilot to learn more about this feature.
New SharePoint Integration: Nightfall has now introduced an integration for Microsoft SharePoint. This integration protects sensitive data in your SharePoint sites. Click Nightfall for Microsoft Sharepoint to learn more about this feature.
Zendesk Tags Based Inclusion/Exclusion: Nightfall now allows you to include or exclude Zendesk tickets from being monitored, based on tags. Click Configure Scope for Zendesk to learn more about this feature.
Asset Preview for Exfiltrated Files (limited early access): In Exfiltration, Nightfall now displays a preview of asset that triggered an exfiltration event. You can preview the asset from the asset detail view page.
July 2025
This section enlists the feature enhancements released by Nightfall in July 2025.
Support for Content Inspection in Windows: In Exfiltration, you can now leverage Nightfall detection rules to scan endpoint policies for sensitive data like PCI, PII, passwords, and so on in Windows devices. Click here to learn more about this feature.
New MS Exchange Integration: In Data Detection and Response, Nightfall now provides an integration with Microsoft Exchange. You can sow scan your data in MS Exchange for sensitive data. Click here to learn more about this feature.
June 2025
This section enlists the feature enhancements released by Nightfall in June 2025.
Support for macOS File Upload Blocking: Nightfall now allows you to automatically block files with sensitive data from being uploaded to untrusted sites. Click here to learn more about this feature.
Automatic Retraining of Image ID Detectors: The image ID detectors are now equipped with the Automated Supervised learning (ASL) system. This enhances the capabilities of the image IDE detectors. Click here to learn more about Nightfall detectors.
New Driver's License Detectors: Nightfall has now introduced new driving license detectors for the four southeast asian countries Vietnam, Thailand, Myanmar, and Cambodia. Click here to learn more about Nightfall detectors.
New Search Operators for Exfiltration Events: Nightfall has introduced new search operators in Exfiltration. You can use these operators to search specific Exfiltration events. Click here to learn more about this feature.
New Upgraded Dashboard: Nightfall has upgraded the Dashboard window completely to provide more insights and data on various aspects. Click here to learn more about this feature.
Clipboard Screen Capture Detection: In Exfiltration, Nightfall now allows you to block users from pasting visual data (images/screenshots) to unsanctioned destinations. Click here to learn more about this feature.
Clipboard Paste blocking in Windows: In Exfiltration, Nightfall has now extended the Clipboard paste feature to Windows OS devices (previously this feature was available only in macOS based devices). Click here to learn more about this feature.
User and User Group Policies in Windows: Nightfall has extended the user and user group inclusion and exclusion feature to Windows based devices. You can now include or exclude users and user groups while creating an Exfiltration policy for Windows OS devices. Click here to learn more about this feature.
End user Remediation for Windows Devices: In Exfiltration policies, Nightfall now allows you to configure end user remediation and notification. Click here to learn more about this feature.
May 2025
This section enlists the feature enhancements released by Nightfall in May 2025.
Cloud Sync Monitoring in Windows OS: In Exfiltration, Nightfall has now extended the cloud sync monitoring feature to devices running on the Windows OS. Click here to learn more about this feature.
Clipboard Paste Block Action for Windows (early access): In Exfiltration, Nightfall now allows you to block users from pasting data to unsanctioned destinations. Click here to learn more about this feature.
Clipboard Monitoring of Visual Data (early access): In Exfiltration, Nightfall now allows you to block users from pasting visual data (images/screenshots) to unsanctioned destinations. Click here to learn more about this feature.
Lineage Source Tracking in Windows: In Exfiltration, Nightfall has now extended the lineage source tracking feature to devices running on the Windows OS. Click here to learn more about this feature.
April 2025
This section enlists the feature enhancements released by Nightfall in April 2025.
Detector Enhancements: Nightfall has now enhanced the Person Name, Street Address, and Date of Birth detectors with Automated supervised learning capabilities. Click here to learn more about the detectors.
Clipboard Paste Block Action for Windows (early access): In Exfiltration, Nightfall now allows you to block users from pasting data to unsanctioned destinations in Windows devices (This feature is already available for macOS devices). Click here to learn more about this feature.
Ability to Download Endpoint Agent Package: In Exfiltration, Nightfall now allows you to download the agent packages for Windows and macOS devices directly from within the Nightfall console. You can find the Download Package button on the Integrations > Endpoint page.
Ability to Exclude File & Path in Endpoints: If a non-sensitive file is reported as an Endpoint Exfiltration event, you can now navigate to the respective event and exclude the file, file directory, or files with a same extension from being monitored in future. You can also use wildcards to define a directory pattern for exclusion. You can find these options on the asset section of the respective event.
Apply Date Range Filters on Filtered events: Nightfall now allows you to apply date range filters on filtered event data. This allows you to view filtered events that occured during a specific date range.
March 2025
This section enlists the feature enhancements released by Nightfall in March 2025.
Ability to Remove Disconnected Devices: Nightfall now allows you to manually remove macOS devices from the monitored list, that are not being monitored for exfiltration. Click here to learn more about this feature.
Stealth Deployment for macOS devices: Nightfall now allows you to deploy the Nightfall agent in stealth mode on macOS devices so that you can now secretly install the agent without employee's knowledge. Click here to learn more about this feature.
In-app Messenger: Nightfall has now introduced an in-app chat messenger. You can use this messenger to communicate with Nightfall support team. Just click the question mark icon on the bottom right of the screen and click Chat.
Clipboard Paste Block Action (early preview): In Exfiltration, Nightfall now allows you to block users from pasting data to unsanctioned destinations. This feature is currently available for macOS devices. Click here to learn more about this feature.
Automatic Event Resolution in Google Drive: If you permanently delete a Google Drive file, any event generated by this file is automatically resolved. Click here to learn more about this feature.
February 2025
This section enlists the feature enhancements released by Nightfall in February 2025.
Support for macOS User and Group-Based Policies: Nightfall now allows you to include or exclude specific users and user groups from being monitored by the mac policy. You can configure these settings in the filter section on the scope page of mac OS policies. Click here to learn more about this feature.
Support for macOS File Upload Blocking: Nightfall now allows you to automatically block files with sensitive data from being uploaded to untrusted sites. Click here to learn more about this feature.
Support for Human Firewall (end-user remediation) in macOS Policies: You can now configure macOS policies to notify end users about their actions that triggered violations, thus empowering them to take suitable actions. Click here to learn more about this feature.
Support to inspect content in Endpoint policies: You can now leverage Nightfall detection rules to scan endpoint policies for sensitive data like PCI, PII, passwords, and so on. Click here to learn more about this feature.
Ability to Create Endpoint policies for MS Windows: Nightfall now allows you to create exfiltration policies for Microsoft Windows OS. Click here to learn more about this feature.
Search Filter Operators for Exfiltration Events: Nightfall now provides you with numerous search operators to filter the Exfiltration events and view only the desired events.
Introduction of Customer Referral Program: Nightfall now allows you to refer Nightfall to your colleagues, friends and other acquintices. You can win awesome rewards with this program. Click here to learn more.
Enhancements to the Person Name and PHI Detectors: Nightfall has enhanced the capabilities of the Person name and PHI detectors. these detectors are now capable of generating very less false positive alerts.
Introduction to Automated Supervised Learning : With the Automated supervised learning feature, Nightfall detectors can now automate model retraining based on real-time customer feedback, thus enhancing detection accuracy. Currently, API Key and Password detectors are using this feature.
January 2025
This section enlists the feature enhancements released by Nightfall in January 2025.
Enhanced Detector Accuracy: Nightfall has enhanced the detection capabilities for keys from specific vendors. These enhancements greatly reduce the rate of false positive detections. The vendors are as follows.
Ping Identity
Auth0
Box
Plaid
Cohere
Elastic Search
Datadog
Horizontal Scaling: Nightfall has now enhanced the machine learning infrastructure. With this improvement, the Nightfall platform is now robust enough to automatically scale to meet fluctuating demands.
Introduction of Custom Branding: You can use the custom branding feature to replace the default Nightfall logo with your organization's logo on all the alert emails generated by Nightfall. Click here to learn more about this feature.
Last updated
Was this helpful?