✨ New features to highlight in this version
Enjoy them all now for free at https://cloud.prowler.com
💬 Lighthouse AI - Side Chat
Note
This feature is available exclusively in Prowler Cloud and Prowler Private Cloud with a subscription.
Lighthouse AI now lives in a side panel you can open from anywhere in the app. Ask about the findings you are looking at without leaving the page, and expand to the full-page chat at any time: your draft, messages, and streaming response come along. Finding and resource details share the same panel, with tabs to switch between Details and Lighthouse AI.
Read more in our Lighthouse AI documentation.
🤖 Lighthouse AI - Take Action
Note
This feature is available exclusively in Prowler Cloud and Prowler Private Cloud with a subscription.
Lighthouse AI is no longer read-only. Ask it to do things and it will: connect or remove providers, trigger a scan, schedule daily scans, update scan settings, and manage your mutelist and mute rules, straight from the chat. Every action is gated by RBAC: Lighthouse can only do what the user asking could do themselves.
Read more in our Lighthouse AI capabilities.
☁️ One-step AWS Organizations onboarding
Note
This feature is available exclusively in Prowler Cloud and Prowler Private Cloud with a subscription.
Onboarding an entire AWS Organization is now a single step. One CloudFormation quick-create link deploys the management account role and a service-managed StackSet that rolls the role out to every member account, replacing the manual StackSet console setup. Target the whole organization or a specific Organizational Unit or Root ID, and deploy from the management account or a delegated administrator. The S3 integration quick-create link also pre-fills the bucket owner account ID, preventing a stack validation error.
Built on the full-organization CloudFormation template contributed by @jchrisfarris — thanks!
Read more in our AWS Organizations documentation.
🎯 Scan configurations: exclude checks and services
Note
This feature is available exclusively in Prowler Cloud and Prowler Private Cloud with a subscription.
Scan configurations now accept excluded_checks and excluded_services to narrow the execution scope. Skip individual checks or entire services per provider, and the scan does not run them at all: less noise, faster scans, and no findings you would mute anyway.
Read more in our Scan Configuration documentation.
🧭 Redesigned sidebar navigation
The sidebar was redesigned around how you actually work: grouped sections for security, settings, and help, a Home/Chat switch at the top, collapsible configuration entries, clearer active states, and a responsive mobile overlay.
🔌 Prowler MCP tools renamed to prowler_*
Core Prowler tools in Prowler MCP moved from the prowler_app_* prefix to the shorter prowler_* namespace, and the MCP documentation was restructured around it. Legacy prowler_app_* names keep working in Lighthouse AI, so existing setups are not broken.
Read more in our Prowler MCP tools reference.
🔐 Security
- Jira integration credentials now only accept bare Atlassian site names (letters, numbers, and hyphens), and Jira tenant information requests validate site names and no longer follow redirects.
- Social account linking now requires a verified matching email from both the identity provider and the existing user account, and account connection notification emails are disabled.
- 13 advisories reported by
pnpm auditon the UI (3 high, 9 moderate, 1 low) are resolved with patched versions ofhono,ws,vite,dompurify,js-yaml,@opentelemetry/core, and@babel/core, includinghonoCVE-2026-59896.
🙌 External Contributors
No external contributors in this release.
Special mention to @jchrisfarris, whose full-organization CloudFormation template from v5.34.0 powers the new one-step AWS Organizations onboarding (#10403).
UI
🔄 Changed
- AWS Organizations onboarding now deploys the management account role and the member-account StackSet from a single CloudFormation stack, replacing the manual StackSet console step (#11927)
- Dynamic providers can now be renamed and deleted from the Providers table (#11957)
- Sidebar navigation with grouped sections, clearer active states, and a responsive mobile overlay (#11994)
- Core Prowler tools in Lighthouse use the
prowler_*namespace while preserving legacyprowler_app_*compatibility (#12017)
🐞 Fixed
- The AWS S3 integration CloudFormation quick-create link now sets the bucket owner account ID, preventing a stack validation error when S3 integration is enabled (#11927)
Scan IDfilter on the Findings page now shows the active scan when opening findings from a scan'sView Findingsaction (#11997)
🔐 Security
js-yamlto 4.3.0,@sentry/nextjsto 10.65.0 withimport-in-the-middle3.3.1, and transitivehono,dompurify,ws,vite,@babel/coreand@opentelemetry/coreto patched versions, resolving 13 npm audit advisories (3 high, 9 moderate, 1 low) plushonoCVE-2026-59896, published on NVD but not yet in the npm audit feed (#12029)
API
🐞 Fixed
attack-paths-scan-performCelery tasks now use the configurable long-task time limits instead of the six-hour defaults (#12009)- Attack Paths scans handle provider deletion races cleanly, detect stale tasks after 16 hours, use backend-specific graph synchronization batches, and report exhausted Neptune write retries with the original database error (#12019)
🔐 Security
- Jira integration credentials only accept bare Atlassian site names containing letters, numbers, and hyphens (#12012)
- Social account linking requires a verified matching email from both the identity provider and the existing user account without sending account connection notifications (#12013)
SDK
🚀 Added
excluded_checksandexcluded_servicesin scan configurations to narrow the execution scope (#12028)
🔐 Security
- Jira tenant information requests validate site names and do not follow redirects (#12012)
MCP
🔄 Changed
- Core Prowler tool namespace from the
prowler_app_*prefix toprowler_*(#12017)