Detection Engine Updates Version 2.157

  Release Date: February 19, 2026

Engine Performance

This new version nearly doubles scanning speed, meaning significantly reduced scan times. Self-hosted customers will also benefit from lower resource consumption.

---

This release also introduces a significant expansion of detection capabilities with over 20 new detectors, particularly for Azure cloud services and payment platforms, along with new revokers and analyzer upgrades.

New Detectors and Checkers

• WooCommerce Keys: Added a detector and checker for WooCommerce keys.
• Iyzico API Keys: Added a detector and checker for Iyzico API credentials.
• Mercado Pago OAuth: Added a detector and checker for Mercado Pago OAuth credentials.
• Kie AI API Key: Added a detector and checker for Kie AI API keys.
• Momo Credentials: Added a detector and checker for Momo credentials.
• Bitbucket HTTP Access Token: Added a detector and checker for Bitbucket HTTP access tokens.
• Cartesia API Key: Added a detector and checker for Cartesia API keys.
• PostgreSQL Credentials: Added a detector and checker for PostgreSQL assignment credentials without port.
• MariaDB Credentials: Added a detector and checker for MariaDB assignment credentials without port.
• Azure Event Hub Key: Added a detector and checker for Azure Event Hub keys.
• Azure Container Registry Key: Added a detector and checker for Azure Container Registry keys.
• Coralogix Personal Key: Added a detector and checker for Coralogix Personal keys.
• Coralogix Send-Your-Data Key: Added a detector and checker for Coralogix Send-Your-Data keys.
• Azure Web PubSub Connection String: Added a detector and checker for Azure Web PubSub connection strings.
• Azure Batch Credentials: Added a detector and checker for Azure Batch credentials.
• Azure APIM Gateway Key: Added a detector and checker for Azure APIM Gateway keys.
• Azure IoT Provisioning Connection String: Added a detector and checker for Azure IoT Provisioning connection strings.
• Azure AI Search Key: Added a detector and checker for Azure AI Search keys.
• GitLab CI/CD Job Token: Added a detector and checker for GitLab CI/CD Job tokens.
• Pagar.me API Key: Added a detector and checker for Pagar.me API keys.
• PostHog Personal API Key: Added a detector and checker for PostHog Personal API keys.

New Detectors

• Yookassa API Key: Added a new detector for Yookassa API keys.
• WireGuard Credentials: Added a new detector for WireGuard credentials.
• Nuclei Private Key: Added a new detector for Nuclei signing keys.
• PostHog Project API Key: Added a new detector for PostHog Project API keys.
• OpenClaw Auth Token: Added a new detector for OpenClaw Auth tokens.

Detector Improvements

• MongoDB Credentials: Improved the precision of the MongoDB Assignment No Port detector by removing false positives.
• MySQL Credentials: Improved detection precision for MySQL assignment no port by removing false positives.
• Oracle Credentials: Improved the Oracle JDBC connection string detector by increasing the minimum match length for the password.
• Username Password: Improved recall of the password regex.
• Neo4j Credentials: Fixed catastrophic backtracking when matching host.
• Generic High Entropy Secret: The detector now catches secrets assigned to variables like SECURITY_KEY.
• Databricks Authentication Token: Added support for optional single digit postfix in Databricks tokens.
• FTP Credentials: Improved recall of the FTP credentials assignment detector.
• Postman API Key: Checker now reports 403 response status code as invalid.
• Cloudflare CA Key: Updated checker to properly report 401 status code as invalid.
• Google API Key: The checker now detects more valid keys.
• Alchemy API Key: Updated deprecated base URL and request parameters in checker.
• LDAP Credentials: Added a connect timeout to the checker.

New Analyzers

• Anthropic Admin Key: Added a new analyzer for Anthropic Admin keys.
• Azure DevOps PAT With Org: Added a new analyzer for Azure DevOps PAT with Organization.

Analyzer Upgrades

• PostgreSQL Credentials: The analyzer now properly reports the error message instead of raising an unexpected error upon access denied for database.
• SendGrid Key: The analyzer now properly reports when no scopes are found.

New Revokers

• SendGrid Key: Added revoker for SendGrid API keys.
• Slack User Token: Added revoker for Slack user tokens.
• Slackbot Token: Added revoker for Slackbot tokens.
• Heroku Platform Key: Added revoker for Heroku platform keys.