We've shipped the second wave of AI capabilities this year, delivered on every product commitment we made in the latter half of 2025 and pushed more than 50 smaller enhancements into the platform.
The second wave of Panaseer AI is live
When I last wrote, MetricIQ and DashboardIQ were available, ScorecardIQ was in beta and Cyber Advisor was in development. All four are now in customer hands.
- The IQ Suite went generally available on Dec. 2. MetricIQ summarizes metric movements in natural language. DashboardIQ does the same for whole dashboards. ScorecardIQ does the same for executive scorecards. Together with the Key Drivers machine-learning capability we shipped earlier in the year, they replace hours of analyst interpretation with a paragraph and a recommended next action.
- The AI Cyber Advisor moves into the default Panaseer platform after this month (GA June 2026). It's a generative AI, chat-based, context-aware advisor that runs natural-language queries against your platform data and answers in plain English, with sourced links back to the metric, the dashboard and the next steps. Customer feedback from the AI Labs cohort has been the strongest we've seen on any feature in the last two years, and was well received at the recent InfoSecurity Europe exhibition.
On the privacy and procurement questions you've asked: your data is not used to train models that others may use, AI features are fully additive (the rest of the platform works unchanged if you turn them off), and we continue to use only our existing approved sub-processors with no new third parties involved.
“This is really helpful, just for the fact that you can ask the Cyber Advisor a question rather than click and search through many dashboards. I like that.”
Cyber Advisor AI Labs participant
Business Service Lens
When I last wrote, what we referred to then as Important Business Services was planned for release later in the year. Business Service Lens (renamed for market clarity) went generally available on January 27.
Business Service Lens gives you a lens over your existing data. It shows control coverage and effectiveness through the prism of the services your business actually delivers, rather than through technical asset categories.
Customers are already running these use cases on it:
- DORA Article 6 and Article 8 obligations for EU financial services
- PRA Important Business Service mapping for UK financial services
- CRI Profile mapping for the global financial services framework
- Internal operational resilience reporting independent of regulation
The capability is anchored in ServiceNow CSDM 4.0, with flexible mapping for customers earlier in their CMDB journey. The 2026 Security Leaders Peer Report found 49% of organizations struggle to link control performance to business risk. Business Service Lens is the product response to that pain.
Business Service Lens in action within our demo environment
New Cyber Control Domains: AI Governance and Application Access Management
Total CCDs now stand at 12. The two new ones delivered for H1 2026:
- AI Governance CCD. Regulators are asking how AI usage is being governed and customers who want AI on their side want strong governance on the AI itself. This new CCD monitors sensitive data exposure through DLP policies for safe use of generative-AI web applications. Shipped, in use and showcased at ISF North America in May.
- Application Access Management CCD. Monitors proper access management, privileged account management and authentication controls at the application layer. Metric depth was directly informed by Customer Advisory Board feedback last October.
We're scoping the next set with customers. If you'd like to influence which CCDs come next, your CSM will set up time with the Product team.
The AI Governance Cyber Control Domain
The 50+ smaller, yet significant, enhancements
Many product improvements don't make the headlines but are a fundamental part of our commitment to continuous improvement and make daily use of Panaseer measurably better. Here’s a small sample of what shipped this half. Speak to your CSM for the full inventory:
Framework mappings and coverage
- CRI Profile v2.1, CRI AI Risk Mgt Framework, and PCI DSS framework mappings
- Uplifts to Patch, User Training, Vulnerability, PAM, Cloud Configuration and AAM Analysis Packs (including SailPoint coverage and access review evidence)
Entity and asset handling
- Entity resolution improvements across Microsoft Defender, Intune and Entra ID
- Ephemeral asset filtering, long requested by multiple customers
- New entity viewers for devices, users and applications
- Identifier reconciliation for customers with multiple CMDB sources
Performance and Usability
- Refreshed Panaseer Metric Catalog providing a more intuitive experience for browsing and discovering all the metrics available in your platform.
- Faster dashboard loads, metric computation and filter response
Documentation
- Navigation and search support for support.panaseer.com
H2 Product Commitments
More fundamental changes coming to the platform. We want to unlock the Panaseer data you already own inside your AI workflows, be it Copilot, Claude or any MCP-compatible agent. In H2 FY26 we will deliver our first MCP offering to accelerate the path from insight to action and make the platform the authoritative controls data layer across your agentic toolchain.
Additionally, we will deliver a secure Panaseer Metric API that allows customer access to a centralized metrics catalog to easily integrate your trusted Panaseer metrics into BI stacks offering control coverage, vulnerability exposure and compliance posture into existing services.
