Skip to content
Dreadnode Dreadnode Dreadnode

June 4, 2026

Binary analysis capability replaces windows-reversing with cross-platform PE/ELF/Mach-O support

← All updates

Binary analysis capability replaces windows-reversing with cross-platform PE/ELF/Mach-O support

8 new 5 improved 14 fixed

The binary-analysis capability lands this week with cross-platform support for PE, ELF, and Mach-O — replacing the older windows-reversing bundle.

New

  • Binary analysis capability (cross-platform). A new binary-analysis capability replaces windows-reversing with PE/ELF/Mach-O support, an expanded Ghidra MCP server, and a consolidated 8-phase analysis skill. (dreadnode/capabilities#32)
  • Android APK research capability. A new android-apk-research capability bundle ships a 10-tool MCP server and four skills for static semantic vulnerability research on Android APKs. (dreadnode/capabilities#29)
  • Bulk evaluation log download. You can now download all sample logs from an evaluation as a single ZIP bundle instead of exporting one sample at a time. (dreadnode/dreadnode-tiger#1612)
  • Dashboard workspace toggle. The dashboard now has a toggle to filter activity between your personal workspace and the full organization view. (dreadnode/dreadnode-tiger#1619)
  • Billing purchase receipt downloads. Org owners and admins can now download receipts for individual credit purchases from the billing settings page. (dreadnode/dreadnode-tiger#1622)
  • Conditional MCP header omission. MCP server headers can now be marked optional: true so unset env vars omit the header entirely, letting OAuth run as the default without a separate wrapper capability. (dreadnode/dreadnode-tiger#1617)
  • New end-to-end guides. Two structured guides — “Building a Capability” and “Red Teaming a Model” — replace several older scattered deep-dive docs. (dreadnode/dreadnode-tiger#1587)
  • Automated Web-Security Testing Now Covers Adobe Experience Manager and Apache Sling Security teams can now run automated assessments against Adobe Experience Manager and Apache Sling applications, surfacing the selector-abuse, dispatcher-bypass, and cross-site scripting weaknesses specific to those platforms. Existing coverage for blind SSRF chains and DOM-based vulnerabilities has also been sharpened for more reliable detection.

Improvements

  • Server-side transcript search. “Find in transcript” now searches all messages in a session server-side, so you can find matches in long sessions without paging through the entire transcript first. (dreadnode/dreadnode-tiger#1576)
  • Web-security skill quality pass. 28 web-security skills were updated with improved tooling, executable commands, and validation checkpoints — average skill score raised from 86% to 92% across all 58 skills. (dreadnode/capabilities#31)
  • Credits and pricing explained inline. Credits and pricing are now explained across the signup page, TUI status bar, TUI help panel, and docs Quickstart — each surface links to the canonical Credits docs. (dreadnode/dreadnode-tiger#1575)
  • Task verification method now visible in the UI. Task verification method (script, flag, judge, or compound) is now shown in both the environment task detail view and evaluation sample detail view. (dreadnode/dreadnode-tiger#1596)
  • Consistent activity awareness across views. Status indicators, severity tags, and activity awareness are now more consistent across assessments, evaluations, training, and optimization views. (dreadnode/dreadnode-tiger#1611)

Fixes

  • AI red-teaming attack workflows no longer fail with an SDK config error. Analytics results are now persisted correctly, and tool errors surface as clean messages instead of raw tracebacks. (dreadnode/capabilities#34)
  • Multi-study AIRT runs now export all traces. In multi-study workflows (transform comparisons, campaigns, category sweeps), all study traces are now exported — not just the first study’s. Applying a single transform no longer adds an unwanted baseline run. (dreadnode/capabilities#33)
  • Session transcripts no longer truncate at 2,000 messages. Sessions with more than 2,000 messages now load all messages via pagination — previously the most recent messages were silently dropped. (dreadnode/dreadnode-tiger#1574)
  • TUI login no longer gets stuck in a LiteLLM key provisioning loop. Connecting to the platform no longer fails with a repeated “Failed to provision LiteLLM Key” error. (dreadnode/dreadnode-tiger#1590)
  • SDK and platform now enforce the same task-validation rules. Tasks that pass dn task validate locally will no longer be rejected with an opaque 400 error on upload. (dreadnode/dreadnode-tiger#1631)
  • generate_category_attack no longer fails with “Unknown attack: ‘t’” errors. All input formats for attack names — string, list, or comma-separated — now work correctly. (dreadnode/capabilities#35)
  • flag_and_judge and script_and_judge verification methods now accepted by SDK validation. This fixes 248 task definitions that were previously rejected incorrectly by dn task validate. (dreadnode/dreadnode-tiger#1582)
  • Session headers now show accurate message counts and reports. Active vs. total message counts are shown for compacted sessions, and the Reports tab correctly surfaces all reports from the full transcript. (dreadnode/dreadnode-tiger#1618)
  • TUI model browser now shows context and credit cost for hosted models. dn/* model rows no longer display - for context window size and price when catalog metadata is available. (dreadnode/dreadnode-tiger#1583)
  • TUI hosted model list no longer shrinks after restart. New models deployed to the platform are now visible without having to delete ~/.dreadnode/proxy-models.json. (dreadnode/dreadnode-tiger#1578)
  • TUI /models screen respects admin-configured model order. Models are now displayed in the order set in the admin UI instead of being re-sorted alphabetically. (dreadnode/dreadnode-tiger#1581)
  • Evaluation tool-use lists now show the actual skill name. The literal word skill no longer appears in place of the loaded skill name (e.g. agent-browser). (dreadnode/dreadnode-tiger#1609)
  • Running and failed status dots are now visually distinct. Running tasks in the evaluations view show a blue dot instead of orange-red, making them clearly distinguishable from failed (red) at a glance. (dreadnode/dreadnode-tiger#1603)
  • Selected items in sidebar panels now show a visible highlight. Evaluations, AIRT assessments, training runs, and trace-viewer runs now display a brand-tinted highlight on the active selection instead of blending into the background. (dreadnode/dreadnode-tiger#1579)