Platform Update: What’s New in Optimal Q1 2026

Originally published on GoOptimal.io

Introduction

Q1 2026 represents a major milestone for Optimal’s platform, delivering capabilities security teams and developers have requested. The update spans runtime monitoring, compliance automation, and supply chain visibility, benefiting security engineers, compliance leaders, and developers integrating security into CI/CD pipelines.

Runtime Threat Detection

Optimal introduces real-time runtime threat detection for Kubernetes and containerized workloads. Built on eBPF technology, the runtime agent operates at the kernel level, monitoring system calls, network connections, and file access patterns with minimal performance impact.

The distinguishing factor is integration with existing Optimal modules. When the agent detects anomalous behavior — unexpected network connections, privilege escalation, or unusual binary execution — it correlates findings with vulnerability data in your workspace.

Key capabilities:

• eBPF-based kernel instrumentation with under 1% CPU overhead
• Behavioral baselining during configurable observation periods
• Automatic CVE correlation linking runtime events to known vulnerabilities
• Kubernetes-native deployment via Helm across EKS, GKE, AKS, and on-premise clusters
• Real-time alerting through Slack, PagerDuty, and webhooks

Enhanced SBOM Dependency Graphs

SBOM management advances with interactive dependency graph visualizations. The new view renders your software supply chain as a navigable, zoomable tree structure. Direct dependencies appear at the top level, with transitive dependencies expanding beneath them. Nodes are color-coded by risk: green for components without known vulnerabilities, amber for medium-severity issues, and red for critical or high-severity CVEs.

Key capabilities:

• Visual dependency trees enabling drill-down from direct to nth-degree transitive dependencies
• Transitive dependency tracking identifying the complete path from your code to vulnerable components
• License risk scoring with automatic conflict detection
• SBOM diff view showing changes between builds or releases
• Support for CycloneDX 1.6 and SPDX 3.0 formats

STIG Automation Improvements

STIG compliance automation receives substantial enhancements reducing time and effort for ATO assessments and DISA benchmark remediation.

Benchmarking speed improved by 3x through parallelized assessments and optimized evaluation logic. Systems that previously required 45 minutes for assessment across 50 targets now complete in under 15 minutes.

Auto-remediation scripts now address over 200 common STIG findings across Windows and Linux.

Key capabilities:

• 3x faster benchmarking through parallelization and optimized checks
• Auto-remediation scripts for over 200 common STIG findings
• 15 new benchmarks added, including Kubernetes STIG v2 and PostgreSQL 15
• Continuous monitoring mode with configurable re-evaluation schedules

AI Security Enhancements

As LLM and generative AI adoption accelerates, Optimal’s AI security module addresses emerging threats. The NVIDIA Garak integration has been significantly enhanced, with results automatically mapped to the OWASP AI Security Verification Standard (AISVS) framework.

Key capabilities:

• NVIDIA Garak integration with one-click scan orchestration
• OWASP AISVS scoring providing standardized maturity assessment
• 50+ new prompt injection patterns covering multi-turn, indirect, and encoding-based attacks
• Model card generation documenting security properties alongside metadata
• RAG pipeline analysis evaluating data leakage risks in retrieval-augmented systems

Developer Experience Updates

The Optimal CLI has been rewritten in Rust for faster startup and execution. GitHub users benefit from an official GitHub Actions integration running Optimal scans in pull request workflows.

Key capabilities:

• Rust-based CLI with 10x faster cold start than previous Node.js version
• GitHub Actions marketplace action with PR comment annotations and status check integration
• 40% average scan time improvements across vulnerability and SBOM operations
• VS Code extension (preview) providing inline vulnerability highlighting
• API v2 with OpenAPI 3.1 specification and auto-generated client libraries for Python, Go, and TypeScript

What’s Coming Next

Q2 2026 priorities include:

1. FedRAMP continuous monitoring dashboards aggregating compliance data across all Optimal modules for Authorizing Officials and ISSMs
2. Multi-cloud asset discovery automatically inventorying AWS, Azure, and GCP resources and mapping to security policies
3. Collaborative remediation workflows with assignment, SLA tracking, and evidence collection for audit readiness