Announcements
Mythos and the Future of Identity Attack Paths
Anthropic’s Mythos announcement points to a near-term future of faster exploit discovery, faster compromise, and greater pressure on defenders. Join Jared Atkinson and Justin Kohler on April 22 as they examine what Mythos means for both attackers and defenders, why identity attack paths matter more in a machine-speed threat environment, and how organizations can better protect critical assets and infrastructure. Register today.New Episode: Know Your Adversary
Check out the latest episode of the Know Your Adversary podcast and hear from Javier Azofra Ovejero from Siemens Healthineers. The conversation focuses on how security gaps emerge between systems like Active Directory, Entra ID, and CyberArk. Javier explains how his team built a BloodHound OpenGraph integration (CyberArkHound) to connect these platforms and uncover hidden attack paths that weren’t visible in isolation.2026-04-21
| Release | BloodHound | OpenHound | SharpHound | AzureHound |
| 2026-04-21 | v9.0.2 | No release | No release | No release |
- Resolved an issue where Azure post-processing could fail when PostgreSQL was configured as the graph database on BloodHound Community.
- Expanded the set of supported TLS cipher suites when BloodHound is configured to serve HTTPS directly to resolve SharpHound connectivity issues in certain environments.
- Added an OpenHound download link to the Download Collectors page.
2026-04-13
| Release | BloodHound | OpenHound | SharpHound | AzureHound |
| 2026-04-13 | v9.0.1 | v0.1.0 | v2.12.0 | v2.12.0 |
- Graph Readability: Improved node labels, clearer directional arrows, and more intuitive selection behavior in Explore for easier graph analysis.
- OpenHound: A new data collector framework for OpenGraph extensions, starting with GitHub, Jamf, and Okta collectors.
- OpenGraph Extension Management: A new Administration page to manage OpenGraph extensions.
- OpenGraph Findings: Analyze custom graph findings in Attack Paths and Posture with extension-specific schemas.
- Environment Targeted Access Control: Scope User and Read-only access by environment with dynamic policy controls.
- Table View Organization: Improved organization and readability of table views.
- Azure Post-Processing: Enhanced post-processing capabilities for Azure data.
- Navigation Sidebar Modernization: Updated navigation sidebar for a more intuitive user experience.
New Features
| Component | Update | Summary |
|---|---|---|
| Data Collection | OpenHound Data Collector Framework | Run standardized OpenGraph data collectors and converters for GitHub, Jamf, and Okta OpenGraph extensions. |
| OpenGraph | Extension Management | Manage OpenGraph extensions with a new Administration page. |
| OpenGraph (Enterprise) | Findings | Analyze custom graph findings in Attack Paths and Posture with extension-specific schemas. Contact your account team to enable. |
| Administration (Enterprise) | Environment Targeted Access Control | Scope User and Read-only access by environment with dynamic policy controls. Contact your account team to enable. |
| Data Collection (Enterprise) | SharpHound Integrated Windows Authentication | Authenticate SharpHound Enterprise with Active Directory Federation Services (ADFS) using Integrated Windows Authentication (IWA). |
Enhancements
| Component | Update | Summary |
|---|---|---|
| Explore | Graph Readability Improvements | Explore graphs with improved node labels, clearer directional arrows, and more intuitive selection behavior. |
| Explore | Table View Column Organization | Reorder and pin columns with drag-and-drop for faster analysis of tabular results. |
| Explore | Improved Graph Export Filenames | Export graph files with more useful filenames to reduce repeated filename collisions. |
| Administration | Navigation Sidebar Modernization | Use a more predictable navigation experience with improved expand and collapse behavior in the primary sidebar. |
| Data Collection | Azure Hybrid Post-Processing and Data Hygiene | Keep hybrid Azure and Active Directory (AD) relationship data cleaner with less unnecessary graph churn during post-processing, significantly improving analysis time for tenants with large Azure environments. |
| Explore | OpenGraph Node Type Filtering in Search | Filter search results by node type to find relevant OpenGraph data faster. |
| Administration | HasSession Edge Deletion | Delete only HasSession edges from the database to refresh time-sensitive session data without clearing the entire graph. |
| Accessibility | Accessibility Improvements | Navigate BloodHound more effectively with assistive technologies through clearer component naming and better non-text content labeling across the interface. |
| Zone Builder (Enterprise) | Certification Selection Behavior | Certify objects in Privilege Zones with clearer list selection behavior that stays aligned with the object details panel. |
| Posture (Enterprise) | Posture Metric Abbreviation | Analyze posture metrics with more precise counts. |
| Posture (Enterprise) | Custom Range Validation | Analyze posture trends with more reliable custom date/time range behavior. |
Fixed Issues
See the release notes for a full list of fixed issues in this release.2026-03-26
| Release | BloodHound | SharpHound | AzureHound |
| 2026-03-26 | v8.9.1 | No release | No release |
- Resolved several issues that could cause analysis to fail.
- Resolved an issue preventing Cypher queries on PostgreSQL from respecting minimum and maximum path length limits.
- Resolved an issue where certain Cypher path queries on PostgreSQL could be slower than expected due to an inefficient edge-to-path join pattern.
- BloodHound will no longer support SHA-1 cipher suites when configured to serve HTTPS directly (without a load balancer).
2026-03-23
| Release | BloodHound | SharpHound | AzureHound |
| 2026-03-23 | v8.9.0 | v2.11.0 | v2.11.0 |
- Privilege Zones is now generally available!
- Property-based edge matching enables hybrid edge creation using cross-system attributes, such as email, username, or hostname.
- AzureHound collects Federated Identity Credentials (FICs) from Azure and adds new nodes and edges in BloodHound to represent these trust relationships.
- BloodHound Enterprise now allows you to upload nodes and edges in separate OpenGraph data payloads without losing disconnected nodes after ingestion.
New Features
| Component | Update | Summary |
|---|---|---|
| Data Collection | Azure Federated Identity Credentials | Collect and map Federated Identity Credentials with new AZFederatedIdentityCredential nodes and AZAuthenticatesTo edges. |
Enhancements
| Component | Update | Summary |
|---|---|---|
| OpenGraph | Property-Based Edge Matching | Link nodes by unique database identifiers or dynamically match them using specific attribute values. |
| OpenGraph | Flexible OpenGraph Node Ingestion | Upload nodes and edges in separate payloads without losing disconnected nodes after ingestion. |
| Data Collection | Improved Logging for NTLM Collection | Get per-machine status visibility for WMI and Remote Registry attempts with clearer error details. |
| Explore | Search Component Styling Consistency | Switch between Search, Pathfinding, and Cypher tabs without layout shift. |
| Explore | Table Layout Scrollbar Visibility | See and use scrollbars more reliably when table layout content overflows. |
Fixed Issues
See the release notes for a full list of fixed issues in this release.2026-03-04
| Release | BloodHound | SharpHound | AzureHound |
| 2026-03-04 | v8.7.0 | v2.10.0 | v2.10.0 |
- Explore adds resizable table columns, Meta node details in the Entity Panel, and clearer edge guidance for Azure role relationships.
- Edge reference coverage expands with a new
valid_edges.jsonschema for valid source-target node relationships and supported edge types. - Fixed issues improve findings export accuracy, Zone Builder Tier Zero tagging timing and zone membership filtering behavior, and prebuilt query naming clarity.
Enhancements
| Component | Update | Summary |
|---|---|---|
| Explore | Table Column Resizing | Resize columns in the table layout graph view to review data more comfortably on smaller screens without changing window size. |
| Explore | Meta Node Information in Entity Panel | Review Meta node details in the Entity Panel without encountering errors. |
| Explore | Improved Edge Information | Review clearer and more consistent edge guidance for AZOwner, AZOwns, and key Entra ID role edges, plus valid node relationships and supported edge types with a new valid_edges.json schema. |
Fixed Issues
See the release notes for a full list of fixed issues in this release.2026-02-17
| Release | BloodHound | SharpHound | AzureHound |
| 2026-02-17 | v8.6.1 | No release | v2.9.2 |
- Resolved an issue causing partial failures after uploading Azure sample data.
- Resolved memory and CPU performance issues during AD Group and Local Group analysis.
2026-02-11
| Release | BloodHound | SharpHound | AzureHound |
| 2026-02-11 | v8.6.0 | v2.9.1 | v2.9.1 |
New Features
| Component | Update | Summary |
|---|---|---|
| Data Collection | User-Agent Flag for AzureHound | Customize the User-Agent header used in AzureHound HTTP requests. |
Enhancements
| Component | Update | Summary |
|---|---|---|
| Data Collection | Last Sign-In from Azure | Track user activity based on last successful sign-in timestamp from Entra ID. |
| Explore | Updated Permissions for Saved Cypher Queries | User and Power User roles can now edit shared Cypher queries. |
| Zone Builder | Cypher Rule Testing | Verify your Cypher query with a new Run button before creating rules. |
| Zone Builder | Consistent Certification Terminology | Revoke button renamed to Reject to align with status filter language. |
| Zone Builder | Zone Name in Object Information | Quickly identify the zone name instead of position when viewing object information. |
Fixed Issues
12 issues resolved across BloodHound, SharpHound, and AzureHound.2026-01-30
| BloodHound | SharpHound | AzureHound |
| v8.5.2 | No release | No release |
2026-01-27
| BloodHound | SharpHound | AzureHound |
| v8.5.1 | No release | No release |
- Resolved memory and performance issues during local group processing (DCOM, CanPSRemote, AdminTo, CanRDP).
- Resolved an issue where custom icons for nodes in OpenGraph data did not display in the graph on the Explore page.
- Set OpenGraph node search to enabled by default.
2026-01-22
| BloodHound | SharpHound | AzureHound |
| v8.5.0 | v2.9.0 | v2.8.3 |
- Keyboard shortcuts improve accessibility
- Zone Builder (renamed) gains clearer forms, rule guidance, and consistent terminology
- APIs add safer filtering, member counts, and source-kind safeguards
- Data collectors add clearer logging and configuration guidance
New Features
| Component | Update | Summary |
|---|---|---|
| Administration | Keyboard Shortcuts | Navigate and act across the app without relying on the mouse. |
| API | Count by Kind for Selectors | Retrieve member counts by primary kind to size zone/tag selectors. |
Enhancements
| Component | Update | Summary |
|---|---|---|
| API | Filter Asset Group Tag Members | Filter by primary kind, name, or object ID for cleaner selector results. |
| API | Search Asset Group Tags | Limit global search to a specific tag to reduce noise. |
| API | Selector Type Counts | See total, custom, default, and disabled selector counts per tag. |
| Explore | Cypher | Track query execution with a running state on the Run button. |
| Explore | OpenGraph Node Search | Find OpenGraph nodes faster with improved search functionality. |
| Posture | Custom Date Range Time Input | Align preset and custom ranges with a time picker for consistent results. |
| Zone Builder | Privilege Zone Management (Renamed) | Navigate renamed Zone Builder with clearer rule/object tabs and labels. |
| Zone Builder | Rules Form | Enable/disable rules faster and separate direct vs expanded sample results. |
| Zone Builder | Zone and Label Forms | Improved layout, quotas messaging, and protected Tier Zero cues. |
| Data Collection | AzureHound Configuration | Updated region options reflect Microsoft’s removal of Azure Germany. |
| Data Collection | Certificate Abuse Collection Status | Computer status logs now capture CARegistry collection progress. |