NGPTaaS v4.0: Deeper Context, Smarter Actions, and Enterprise-Scale Security

With the release of NGPTaaS v4.0, BreachLock raises the bar for unified attack surface management (ASM) and penetration testing as a service (PTaaS) orchestration. This update is a major leap forward, bringing clearer vulnerability context, artificial intelligence pentesting (AI) workflow support, scalable tagging and selection, smarter filters, and enhanced user UX across key modules. Whether you’re managing thousands of assets or launching a pentest on AI models, v4.0 is built to help you operate faster, reduce friction, and make more informed security decisions. Read on for details on what’s new and learn how you can take advantage of the latest upgrades in the BreachLock Unified Platform.

1. ‎ASM Vulnerabilities – Full Context, Better Actions

In this latest release, BreachLock has redesigned the ASM vulnerabilities module, offering users improved clarity, actionability, and better prioritization with four key changes:

Redesigned Vulnerability Details Tab

Vulnerability metadata is now grouped into a single view, showing users all the following details in one view for improved contextualization:

• Vulnerability Name, Risk, CVSS Score & Vector
• Description Recommendation
• Vulnerability and Compliance Standards
• CWE/CVE IDs and References

2. Improved Impacted Assets View

Assets are now displayed in a collapsible format with the asset name, discovery date, and proof of concept (PoC) history with screenshot evidence of any vulnerabilities discovered.

3. Inline Actions for Remediation

Users can now launch a rescan on an asset or mark a vulnerability as a false positive directly from the asset list.

4. Selective Rescanning

Giving users even more control over selective targeting, users now have the ability to launch rescans on specific impacted assets without needing to trigger a rescan on all assets.

2. Asset Discovery UX Improvements

In NGPTaaS v4.0, BreachLock has completely revamped the Asset Discovery module, enabling faster navigation and sharper visibility for users.

The most notable change to the asset discovery module at first glance is the newly centralized ASM menu on the left-hand side of the platform. The menu now includes:

• Asset Discovery
• Attack Surface
• Attack Path
• Data Breaches
• Scans
• Vulnerabilities

Improving visibility even further for users in the asset discovery module, BreachLock has implemented per-asset status visibility, which includes scan status by type, reachability and authentication (where applicable), and risk score for each asset. The export button is now an inline action on each table on the asset discovery page, a small yet impactful change that makes the module more intuitive for users. Additionally, asset discovery has been designed as a read-only module, prioritizing data over operational actions.

3. Improved ASM Scan Console

NGPTaaS v4.0 features an improved scan console for ASM, offering users a unified view of scan status and scheduling within two new tabs: Scan History and Scan Schedule. This update gives users even more control, enabling them to:

• Run scans is now a menu action under the ASM module
• Retry failed scans or terminate queued and in-progress scans
• Multi-select actions with context-based toggling, and
• Search through scan history and scan schedule with the advanced search feature

The scan configuration flow has also been improved, giving users more control over defining scan details with asset selection and grouping, choosing between grey box and black box scans as well as authentication type, and the ability to run live or scheduled scans at their desired frequency. Users can now also reuse authentication profiles stored in their inventory.

4. Attack Path Usability Improvements

NGPTaaS v4.0 offers better visibility and control in visualizing attack paths on domains. Attack paths are now fully expanded by default and can be collapsed and re-expanded with one click. Previously, users had to manually expand these trees for full visibility upon opening this module.

We’ve also improved the search function in the attack path module, enabling users to search by domain, subdomain, IP, or vulnerability, while also automatically highlighting matching attack paths. Users also now have the ability to filter attack paths by severity (e.g., critical, high, etc.) by clicking on the desired severity in the legend at the bottom right of the module.

5. Persistent Filters Across Attack Surface Views

With NGPTaaS v4.0, filters applied to attack surface data, like ports, TLS, or cipher suites, enabling you to explore IPs, ports, TLS settings, and subdomain details without selecting subdomain, providing better context for the selected domain. It’s a small but powerful change that streamlines analysis across large and complex environments.

6. More Structured Asset Inventory

We’ve restructured the Asset Inventory module to separate Assets and Asset Groups into their own dedicated tabs, making navigation and management clearer. When creating new assets, the primary domain is now auto selected, and you can edit the domain or alias directly within the record. For group creation, you can now initiate that process directly from the Asset Groups table, reducing clicks and improving flow.

7. “New Pentest” Now a Dedicated Menu Item

To save users time, “New Pentest” is now available as a dedicated menu item under PTaaS. This makes it quicker to schedule a new test without navigating deep into other views.

8. AI Pentesting Workflow Now Available

Our experts understand that AI systems introduce new risks such as prompt injection, model manipulation, and unintended data leakage that require dedicated attention. NGPTaaS v4.0 now includes full support for AI penetration testing. You can add AI assets to your inventory, run targeted tests using AI-specific methodologies, and view detailed results, including PoCs, descriptions, and timestamps—all integrated within your existing PTaaS workflows with full visibility of vulnerabilities. During AI penetration testing, users also have the flexibility to configure custom prompts and parameters to tailor the assessment to their specific requirements.

9. Notifications for Pentest Requests

Selected users will now receive an automatic email notification whenever a pentest is requested, ensuring that key stakeholders stay informed and aligned, based on configured email preferences.

10. Centralized Authentication Profiles

Managing authentication across scans just got easier and more reliable. With NGPTaaS v4.0, you can now create and manage reusable authentication profiles directly under the authentications tab in the inventory module. Each profile includes key details like scan type, authentication method, credentials, and login sequence, all stored in one central location.

When setting up a scan, users can simply select an existing profile from a dropdown or create a new one on the fly. If credentials ever change, just update the profile, and those changes will automatically apply to all scans that use it. No need to hunt down individual schedules or reconfigure scans manually.

Currently supported for web scans (gray box), this new approach not only saves time, but also reduces errors and strengthens consistency and security hygiene. All authentication data is encrypted from end to end, ensuring your credentials are always handled securely.

11. Clearer Scan Failure Messaging for troubleshooting

When a scan doesn’t go as planned, users now get clearer messaging that helps pinpoint the issue faster. For example, “Asset is unreachable”, “Something went wrong in parsing vulnerabilities”, “Authentication failure”, or “Something went wrong in scan” for general failures. These improvements make root cause analysis more straightforward with greater transparency during scan reviews.

12. Bulk Update of Tags Using Import Assets Feature

Tag management is now much more efficient. With NGPTaaS v4.0, users can use the existing Import Assets feature not just to add new assets, but also to update tags for assets already in asset inventory.

When users import an asset, the platform checks for existing duplicate assets, and if a match is found, any new tags are automatically appended to the asset without removing or overwriting what’s already there.

This enhancement makes it easy to organize large environments, apply new tagging strategies, or align assets with updated business or operational categories without manually editing them.

13. Advanced Filters for Asset Group Creation

Creating asset groups is faster and more precise with NGPTaaS v4.0. Users can filter by asset name, tag, label, or status, or use the search bar to combine criteria. You can also sort by asset or tag to quickly find what you need.

14. Visibility Into What’s Next in Scheduled Scans

A new “Next Scan” column has been added to the Scheduled Scans view, showing users exactly when the next scan is set to run, based on your configured frequency (daily/weekly/monthly/cron expression).

15. More Scalable Asset Selection for Bulk Actions

Previously, BreachLock limited the number of assets that users could include in a single scan or pentest to 200 assets. In NGPTaaS v4.0, we’ve enabled users to select up to 1,000 assets for a single scan or pentests. You can now select and manage up to 1,000 assets in scans, asset groups, or reports.

16. Login Sequence Recorder Link Updated

The BreachLock Login Sequence Recorder is now hosted on the Chrome Web Store for easier access. The updated link is included directly in Web Scan and Pentest configuration flows, along with clear messaging that guides users on how to use it.

17. TLD and External Services Scans Grouped Under Domain Discovery

Scans for Top-Level Domains (TLDs) and external services are now grouped under the broader Domain Discovery scan. There’s no separate entry in the console, and any actions taken on the domain discovery scan automatically apply to scans running under the same bucket.

Conclusion

NGPTaaS v4.0 builds on BreachLock’s commitment to continuously evolving the platform based on real-world security teams’ needs. From AI/LLM penetration testing and centralized authentication profiles to removal of asset limits and enhanced UI clarity, every feature in this release is designed to tackle scale and complexity head‑on.

If you’re managing expansive attack surfaces, integrating AI assets, or operating in high-volume environments, this update is built for you. Ready to go deeper? Schedule a demo or contact our team to see how NGPTaaS v4.0 can support your security strategy.