# Release Notes 2025-2026 *** ### May 2026 MCP Server visibility in AI Governance. Security and IT teams can now see every Model Context Protocol server running across developer machines - including risk score, usage volume, the AI clients invoking each server, and a full history of MCP configuration files per device. Requires MDM Profile v3 on Mac. macOS · Mac Agent v1.2.12.19 *** #### April 2026 **Native Desktop App Monitoring - macOS** Nightfall now monitors data movement inside Slack, WhatsApp, Outlook, Apple Mail, Telegram, and Signal on macOS - catching file transfers, uploads, and paste events within the app before data reaches the network. Covers the personal messaging and email apps that browser-only monitoring misses entirely. macOS · Mac Agent v1.2.11.17 *** **Clipboard Image Detection** Screenshots and images copied to the clipboard are now inspected and blocked at paste. Closes a common bypass path where users capture sensitive content as an image to evade text-based detection. macOS · Mac Agent v1.2.11.17 *** **Print Preview Exfiltration Detection** Documents sent to Print Preview are now inspected before they reach any printer - physical, virtual, or PDF export. Catches exfiltration through a vector most endpoint DLP tools don't monitor. macOS · Mac Agent v1.2.11.17 *** **Arc Browser Support** Arc is now fully monitored on macOS, including upload and clipboard monitoring. macOS · Mac Agent v1.2.11.17 *** **Nightfall Extension Isolation on Windows** The Windows agent now manages only Nightfall-owned browser extensions, resolving a conflict where enforcement could unintentionally affect unrelated extensions. Windows · Windows Agent v1.4.14.0 *** #### March 2026 **Microsoft 365 Copilot Monitoring** Detects and blocks sensitive data submitted to Microsoft Copilot. As AI assistants become embedded in productivity tools, this closes the gap where employees can inadvertently expose regulated data through AI-generated workflows. Windows · Windows Agent v1.4.11.0 *** **Native Desktop App Monitoring - Windows** Data movement monitoring is now available for desktop applications on Windows. Supported apps with native executables: Slack, Claude, ChatGPT, Signal, Telegram, Discord, Outlook, Microsoft Teams, WhatsApp, Microsoft Copilot supported via Copilot.exe and M365Copilot.exe. Windows · Windows Agent v1.4.9.0 *** **On-Device Business Justification Override** Admins can configure exemption policies that bypass the end-user justification prompt for specific or all users - reducing friction for trusted workflows without disabling the justification flow globally. Windows · Windows Agent v1.4.12.0 *** #### January 2026 **Expanded Removable Media Coverage** Removable media monitoring now recognizes approximately 1,200 device vendors out of the box. Policies can be scoped by device type (USB, external HDD), vendor, or individual device serial number - enabling allowlists for company-issued encrypted drives while blocking everything else. macOS · Mac Agent v1.2.11.0 *** **Git Push Monitoring** Detects when source code is pushed from a managed endpoint to a non-approved remote repository. Policies evaluate the push destination URL - flag personal forks, unapproved accounts, or any remote outside your approved list. Operates at the network layer, complementary to pre-commit hooks. macOS · Mac Agent v1.2.11.0 Windows · Windows Agent v1.3.38.1 *** **AI-Native Browser Support** Perplexity Comet and ChatGPT Atlas are now fully monitored on macOS, including file upload, clipboard paste, and personal vs. corporate account detection. These browsers are purpose-built for AI interaction and represent a distinct exfiltration surface from standard browser AI tabs. macOS · Mac Agent v1.2.11.0 *** **Expanded Browser Coverage** Firefox is now supported on macOS and Windows with full exfiltration protections and personal vs. corporate session detection. Requires the Nightfall browser extension. Chromium-based browsers - Chrome, Edge, Arc, Brave, Vivaldi - also added to the supported browser list for macOS. macOS · Mac Agent v1.2.11.0 Windows · Windows Agent v1.4.0.0 *** #### December 2025 **File and Path Exclusions - Windows** Security teams can now exclude specific files, directories, or file extensions from Windows endpoint monitoring directly from an exfiltration event. Wildcard support available for directory pattern exclusion. Reduces noise from known-safe paths without modifying policy scope. Windows · Windows Agent v1.3.37.0 *** #### November 2025 **User Session Detection - Personal vs. Corporate Accounts** Policies can now distinguish between corporate and personal account sessions within the same SaaS application, cloud storage service, or AI tool. Configure independently: scope by upload source (corporate session) or upload destination (personal session). Enables precision enforcement - block uploads to a personal Google Drive account while allowing the same action from a corporate Workspace session on the same domain. macOS · Mac Agent v1.2.10.0 Windows · Windows Agent v1.3.32.0 *** **File Classifiers** 22 built-in document classifiers identify sensitive file categories based on content and semantics - without requiring explicit entity matches. Categories include source code, financial records, legal agreements, HR files, medical documents, and customer lists. Effective for files that contain no obvious PII or credentials but are clearly sensitive by document type. macOS · Mac Agent v1.2.10.0 Windows · Windows Agent v1.3.32.0 *** **Prompt-Based Entity Detectors** Define custom detectors using natural-language prompts instead of regex or structured rules. Backed by LLM inference - effective for proprietary identifiers, internal tokens, codenames, and domain-specific data formats with no built-in detector equivalent. All platforms *** #### October 2025 **Exfiltrated Asset Preview and Download - Windows** Security analysts can preview or download the full contents of a file that triggered an exfiltration event directly from the Nightfall console - without leaving the investigation workflow. Shows user, source, destination, policy matches, content excerpts, classifications, and file metadata. Previously available on macOS only. Windows · Windows Agent v1.3.27.0 *** **Customizable Block Messages - Windows** Admins can configure the message shown to employees when a data transfer is blocked on Windows. Supports in-context security awareness messaging at the moment of intervention. Windows · Windows Agent v1.3.27.0 *** #### September 2025 **File Upload Blocking - Windows** Files containing sensitive data are now automatically blocked from upload to untrusted browser destinations on Windows. Previously available on macOS only. Windows · Windows Agent v1.3.24.0 *** **Customizable Block Messages - macOS** Admins can configure user-facing block messages on macOS — controlling what employees see at the exact moment a transfer is stopped. macOS · Mac Agent v1.2.9.0 *** **Exfiltrated Asset Preview and Download - macOS** Security analysts can preview or download exfiltrated file contents directly from the Nightfall console without leaving the investigation workflow. macOS · Mac Agent v1.2.8.0 *** #### August 2025 **Nightfall Copilot - Nyx** AI-powered investigation assistant for Endpoint Exfiltration. Surfaces behavioral patterns, summarizes user activity across events, and suggests next investigation steps. Reduces time-to-triage on high-volume alert queues. All platforms *** **SharePoint Integration** Nightfall now monitors sensitive data across Microsoft SharePoint sites. Extends cloud DLP coverage to one of the most widely used enterprise content repositories, where documents, wikis, and team files are frequently shared internally and externally. All platforms · August 2025 *** **Zendesk Tag-Based Inclusion/Exclusion** Support tickets can now be included or excluded from Nightfall monitoring based on Zendesk tags. Enables precise policy scoping — focus monitoring on sensitive ticket queues (e.g., billing, security) or exclude low-risk categories without creating separate policies. All platforms · August 2025 *** **Exfiltrated Asset Preview -** Security analysts can now preview the content of a file that triggered an exfiltration event directly from the asset detail view in the Nightfall console. Reduces the need to download files or leave the investigation workflow to understand what was exfiltrated. All platforms · August 2025 *** #### July 2025 **Content Inspection - Windows** Detection rules can now scan endpoint events on Windows for sensitive data including PCI, PII, and passwords. Closes the parity gap for Windows-first or mixed-fleet deployments - previously available on macOS only. Windows · Windows Agent v1.3.14.0 *** **Microsoft Exchange Integration** Nightfall now scans sensitive data in Microsoft Exchange, extending Data Detection and Response coverage to corporate email at the server level. Complements endpoint clipboard and thick app monitoring for organizations that want both network and endpoint coverage for email-based exfiltration. All platforms · July 2025 *** **OneDrive and Salesforce Integrations - Data Discovery** Nightfall now provides Data Discovery and Classification for both Microsoft OneDrive and Salesforce. Identify where sensitive data lives across cloud storage and CRM before it moves - enabling proactive remediation rather than reactive event response. All platforms · July 2025 *** #### June 2025 **File Upload Blocking - macOS** Automatic blocking of sensitive file uploads to untrusted browser destinations on macOS moved to general availability. macOS · Mac Agent v1.2.6.0 *** **Clipboard Paste Blocking - Windows** Clipboard paste blocking extended to Windows - blocking users from pasting sensitive data to unsanctioned destinations. Previously macOS only. Windows · Windows Agent v1.3.12.0 *** **Clipboard Screen Capture Detection** Detects and blocks pasting of visual data - screenshots and images - to unsanctioned destinations. Addresses exfiltration via screenshot where users photograph or capture sensitive content to bypass text-based inspection. macOS · Mac Agent v1.2.6.0 *** **User and Group Policies - Windows** Include or exclude specific users and user groups from Windows policy monitoring. Previously available on macOS only. Windows · Windows Agent v1.3.12.0 *** **End-User Remediation - Windows** End-user remediation and notification is now configurable in Windows exfiltration policies. Employees are notified at the moment of a policy violation and can submit business justifications or request overrides. Windows · Windows Agent v1.3.12.0 *** **Automated Retraining for Image ID Detectors** Image ID detectors now retrain automatically using the Automated Supervised Learning (ASL) system, incorporating real-world feedback without manual intervention. Detection accuracy improves continuously as the model learns from customer data patterns over time. All platforms · June 2025 *** **Driver's License Detectors - Southeast Asia** New built-in detectors for driver's licenses from Vietnam, Thailand, Myanmar, and Cambodia. Extends PII coverage for organizations operating in or handling data from Southeast Asian markets. All platforms · June 2025 *** **New Search Operators for Exfiltration Events** Additional search operators in the Exfiltration console enable more precise event filtering - narrow investigations by specific fields, values, or combinations without scrolling through broad result sets. All platforms · June 2025 *** **Upgraded Dashboard** The Nightfall dashboard has been fully redesigned to surface richer insights across integrations, event trends, policy activity, and risk posture. Replaces the previous dashboard with a unified view built for security operations workflows. All platforms · June 2025 *** #### May 2025 **Cloud Sync Monitoring - Windows** Cloud sync monitoring for Google Drive, Dropbox, OneDrive, and iCloud extended to Windows endpoints. Previously macOS only. Windows · Windows Agent v1.3.7.0 *** **Lineage Source Tracking - Windows** Source tracking - identifying which corporate application a file originated from - extended to Windows. Previously macOS only. Windows · Windows Agent v1.3.7.0 *** **Developer APIs for Exfiltration and Posture Events** Nightfall now exposes APIs to query Exfiltration and Posture Management event data programmatically. Enables custom dashboards, SIEM integrations, and automated reporting workflows without relying solely on the Nightfall console. All platforms · May 2025 *** **Clipboard Paste Blocking - Windows** Block users from pasting sensitive data to unsanctioned destinations on Windows. Moved to general availability in June 2025. Windows · Windows Agent v1.3.7.0 · May 2025 (Early Access) *** **Clipboard Visual Data Monitoring** Detect and block screenshots and images copied to the clipboard from being pasted to unsanctioned destinations. Addresses exfiltration via screen capture where users photograph or screenshot sensitive content to bypass text-based inspection. Moved to general availability in June 2025. macOS · Windows · May 2025 (Early Access) *** #### April 2025 **Agent Package Download from Console** Download Windows and macOS agent installation packages directly from the Nightfall console. Simplifies deployment for teams managing their own MDM or manual rollouts. macOS · Windows *** **File and Path Exclusions - macOS** Exclude specific files, directories, or file extensions from macOS endpoint monitoring directly from an exfiltration event. Supports wildcard patterns for directory exclusion. macOS · Mac Agent v1.2.4.1 *** **Date Range Filters on Filtered Events** Date range filtering now works on top of already-filtered event views. Previously, date filters and other filters couldn't be combined - you can now narrow a filtered result set to a specific time window without losing your active filters. All platforms · April 2025 *** **Detector Enhancements - Person Name, Street Address, Date of Birth** Person Name, Street Address, and Date of Birth detectors now use Automated Supervised Learning (ASL), continuously retraining on real-world feedback to reduce false positives. Builds on ASL previously introduced for API Key and Password detectors. All platforms · April 2025 *** #### March 2025 **Stealth Deployment - macOS** Deploy the Nightfall agent on macOS without surfacing any UI to the employee. Intended for high-risk monitoring scenarios and investigations where agent visibility would change behavior. macOS · Mac Agent v1.2.3.0 *** **Clipboard Paste Blocking - macOS (Early Preview)** Block users from pasting sensitive data to unsanctioned destinations on macOS. Moved to general availability in June 2025. macOS · Mac Agent v1.2.3.0 *** **Remove Disconnected Devices** Manually remove macOS devices from the monitored device list when they are no longer active. Previously, decommissioned or offboarded devices remained in the list indefinitely, cluttering the device inventory and skewing coverage metrics. macOS · March 2025 *** **Automatic Event Resolution - Google Drive** Exfiltration events are now automatically resolved when the source Google Drive file is permanently deleted. Reduces manual triage work for events tied to files that no longer exist and no longer represent active risk. All platforms · March 2025 *** #### February 2025 **Windows Endpoint Policies** Create and enforce exfiltration policies on Microsoft Windows devices. Foundation release for all Windows endpoint coverage. Windows · Windows Agent v1.2.0.0 *** **User and Group Policies - macOS** Include or exclude specific users and user groups from macOS policy monitoring. Enables scoped enforcement for high-risk users, departing employees, or teams with different data handling requirements. macOS · Mac Agent v1.2.2.0 *** **End-User Remediation - macOS** Configure macOS policies to notify employees at the moment of a policy violation, with options for business justification submission and remediation workflows. macOS · Mac Agent v1.2.2.0 *** **Content Inspection in Endpoint Policies** Use detection rules to scan endpoint events for sensitive data - PCI, PII, passwords, and custom detectors. Foundation capability for all content-aware enforcement across endpoint triggers. macOS · Mac Agent v1.2.2.0 *** **Search Filter Operators for Exfiltration Events** New search operators in the Exfiltration console let you filter events by specific fields and values, replacing broad result sets with targeted queries. Foundation for the expanded operator set added in June 2025. All platforms · February 2025 *** **Automated Supervised Learning** Nightfall detectors can now retrain automatically based on real-time customer feedback, improving accuracy without manual intervention. Initially available for API Key and Password detectors - expanded to Person Name, Street Address, Date of Birth in April 2025, and Image ID detectors in June 2025. All platforms · February 2025 *** **Person Name and PHI Detector Enhancements** Person Name and PHI detectors updated to significantly reduce false positive rates. Ships alongside the introduction of Automated Supervised Learning. All platforms · February 2025 *** **January 2025** **Enhanced Detector Accuracy - Vendor-Specific Keys** Reduced false positive rates for API keys from Ping Identity, Auth0, Box, Plaid, Cohere, Elasticsearch, and Datadog. Part of the broader detector accuracy initiative running through early 2025. All platforms · January 2025 *** **Horizontal Scaling** Nightfall's machine learning infrastructure now scales automatically to handle fluctuating detection workloads. Improves reliability and response times during peak usage without manual intervention. All platforms · January 2025 *** **Custom Branding** Replace the default Nightfall logo with your organization's logo on all Nightfall-generated alert emails. Keeps security notifications consistent with internal branding, reducing the chance employees dismiss or overlook alerts. All platforms · January 2025 *** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.nightfall.ai/release_notes/nightfall_new_features.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.