Syhunt Hybrid 7.1 enhances web UI, Linux and AI integration and detects Shadow AI threat

Syhunt is thrilled to announce the release of Syhunt Hybrid 7.1, a major update packed with significant enhancements to its web user interface, Linux capabilities, and AI integrations. This release introduces an upgraded web UI that allows users to seamlessly manage targets, global preferences, issue trackers, and scheduled scans—all from a centralized interface, streamlining workflows like never before. For Linux users, Syhunt Hybrid 7.1 simplifies installation and introduces its powerful scan scheduler, making deployment and automation more efficient and accessible. Additionally, to further strengthen security and compliance, the update implements a strict web UI password policy, requiring longer passwords, enforcing complexity rules, and restricting reuse. These measures provide stronger protection against credential-based attacks, ensuring a more resilient security posture.

Expanded AI capabilities, including support for local models & DeepSeek

On the AI front, Syhunt 7.1 adds support for local AI models and integrates new cloud-based models, including the powerful DeepSeek model, which runs both locally and in the cloud. Syhunt 7.1 also introduces the AI Confidence Score, which assigns a confidence percentage to each detected code vulnerability. This score represents the likelihood that a finding is a true positive, helping security teams prioritize vulnerabilities more efficiently.

Shadow AI detection

Furthermore, Syhunt 7.1 enhances its SAST module with the ability to detect Shadow AI —the unauthorized or unmonitored use of AI models within an organization. Shadow AI poses significant security and compliance risks, as these unapproved AI tools may handle sensitive data without proper oversight, potentially leading to data leaks, intellectual property exposure, security vulnerabilities, and regulatory non-compliance. Syhunt 7.1 now detects Shadow AI usage across applications written in C#, Node.js, Objective-C, Swift, Lua, PHP, Python, Java, Kotlin, Ruby, Dart, and Delphi, specifically identifying interactions with DeepSeek, OpenAI, and OpenAI-compatible API endpoints. By proactively detecting and mitigating these risks, Syhunt helps organizations maintain greater control over their AI usage and reduce potential threats.

With these improvements, Syhunt Hybrid 7.1 continues to push the boundaries of web application security, offering a more user-friendly, AI-powered, and comprehensive application security scanning solution. Syhunt Hybrid 7.1 is already available to its users.

Improvements in 7.1

• Added detection of Shadow AI threat through SAST analysis. This includes detecting the usage of DeepSeek, OpenAI and OpenAI-compatible API endpoints and covers applications coded in C#, Node.js, ObjectiveC, Swift, Lua, PHP, Python, Java, Kotlin, Ruby, Dart and Delphi.
• Added AI Confidence score. When AI Review is enabled, Syhunt adds a confidence score to each detected code vulnerability. This represents the percentage likelihood that a detected vulnerability is a true positive rather than a false positive, based on AI analysis.
• Added optional integration with local AI models and DeepSeek (both cloud and local model).
• Added scan scheduler to Linux edition.
• All web UI assets are now locally hosted.
• Added a strict web UI password policy.
• CLI: syservicereg command added to Linux installation that simplifies web UI and scheduler service installation process.
• CLI: added scancore -pwdgen:[username] parameter, which generates a password securely, sets it and prints the generated password to the output.
• CLI: scancore -tracker parameter renamed to -connector.
• AI patching now requires .syhunt-ci.yml with ai_reviewconsent key set to true, instead of ai_patchconsent key. Example
• Upgraded OpenResty to the latest release.
• Added additional spider optimizations to Dynamic.
• Classic UI changes: Past Sessions option and screen renamed to Recent Scans. Issue Trackers option and screen renamed to Connectors.
• Improved web UI translations (translated back-end messages).
• Fixed: Requested Stop not always updating scan session status to Canceled.

That's all, for now. Happy bug hunting!