.png)
Product Release 4.48 Featuring Jeff AI Instant Threat Model Creation from an Image, plus SAML Authentication
Overview
This release details many new features and improvements, including:
- Authentication and SAML configurations via the user interface
- One-shot model generation from images/ prompts
- See Project Role Source
- Mappings for Visio and Lucidchart imports
- And a lot more...
Take a look at the full information below, or go directly to the Release Notes here.
Authentication and SAML configurations via the user interface
Users can fully manage their own authentication setup—choosing between IriusRisk-managed credentials or an external SAML provider—without needing customer support. This applies to both SaaS and on-premises, allowing users to configure and switch between authentication types independently. Previously, users had to rely on customer support to configure or modify authentication settings. This dependency added friction and complexity, particularly during upgrades or environment changes.
Users now can:
- Set up their SAML integration, business unit, and role mappings directly.
- Switch between database (email and password) and SAML authentication on their own.
- Manage all authentication configurations from the IriusRisk UI.
One-shot model generation from images/ prompts
Practitioners can create projects in Jeff in just one step. From a single image, a written prompt, or a combination of both. The improved image import performance and preserved component positioning ensure a smooth, high-fidelity experience. Previously, users were required to engage in conversation with Jeff before creating a project, even when they already had a diagram ready to use. This added unnecessary steps and time to the process.
Solution:
- Generate projects from one image directly in JeffAI.
- Generate projects from a single prompt or combine both for enhanced flexibility.
- Improved performance of image imports with original component positions preserved for maximum accuracy.
- Completely rebuilt chat UI for a better, faster, and more seamless user experience.
See Project Role Source (Users & Business Units)
Users gain greater visibility and understanding of how project roles are assigned and inherited across both the Project Access modal and Business Unit pages. This improvement enhances clarity, reduces confusion, and makes role management faster and more intuitive. Previously, inherited roles were shown with vague labels such as “Inherited from user details” or “Inherited from business unit details,” making it difficult to understand the origin of a user’s permissions or manage roles efficiently.
Solution: We’ve updated the Project Access modal and Business Unit pages to make project role sources clearer:
- In the Project Access modal, you can still view which users and business units have access to a project.
- For users, it’s now clear which roles are inherited and where they are defined.
- For business units, a new quick link takes you directly to the BU page to view or manage user roles.
- On the Business Unit page, you can now easily see which roles each user inherits from their profile.
The updated layout and terminology make the relationships between users, business units, and roles transparent and easy to interpret at a glance.
Mappings for Visio and Lucidchart imports
Users can now import Visio and Lucidchart diagrams with their original layout and styling preserved. Most shapes are automatically mapped to IriusRisk components, saving time, reducing manual effort, and ensuring a smooth transition from design to threat model. Previously, importing diagrams from Visio or Lucidchart required users to spend time manually adjusting layouts and replacing shapes to match IriusRisk components. This created unnecessary friction and slowed down the modeling process.
Solution:
- Original layouts and styles are now fully preserved during import.
- Most shapes are automatically mapped to IriusRisk components.
Tailor AI Access Based On Role
Now you can tailor AI access to each role — giving the right teams the power of Jeff while keeping full administrative control. The new PRODUCT_AI_GENERATE permission in 4.48 lets you enable or disable project generation with AI on a per-role basis, so AI works where it delivers the most value.
Continuous Improvements
Quick actions in Jeff AI chat
When interacting with Jeff AI, users now see clear quick-action buttons directly in the chat area. These highlight the primary task (creating a project) so you can start a new model at any time during the conversation. This guidance helps first-time users understand what to do next, reduces confusion about whether the draft diagram is final, and accelerates the path from chat to building a project in IriusRisk.
Safeguards for unassigning users from Business Units
In the Business Unit details view, removing a user now triggers an in-place confirmation dialog, allowing you to confirm or cancel the action. This improvement prevents accidental un-assignments, provides clearer feedback, and ensures users aren’t removed unintentionally when interacting with roles or other fields in the table.
Dynamic maintenance status visibility
You’ll now see clear patching and maintenance notifications directly in IriusRisk, including on the login page. This ensures you’re always aware of planned maintenance activities and helps avoid confusion or unexpected interruptions.
Usability improvements across the platform
We’ve introduced a series of enhancements to make IriusRisk more intuitive and consistent. These include clearer error and success messages, improved labels and placeholders, restored tooltips, more intuitive questionnaire interactions, and a clearer display of countermeasure standard references. Together, these updates streamline workflows and improve day-to-day usability.
New Components and Standards
New Content
- Added EU CRA standard to all components
- Improved AWS Bedrock and AWS Lambda components with new threats
- Added attribution header in the UNECE WP.29 CSMS library
New Components
Amazon Web Services
- AWS Nitro Enclaves
Machine Learning Artificial Intelligence
- MCP Generator Block
- Model Usage Policy Enforcer
- Multi-Modal Encoder
- Prompt Engineering Layer
- RLHF System
- Secure Copilot UI
- Secure Inference API
- Synthetic Data Generation
- Synthetic Voice Cloning App
- Module Fine-Tuning Node
- Threat Detection & Response Agent
- Model Interference Node
- Model Training Pipeline
- Model Registry
Blockchain
- Blockchain Account Abstraction
- Blockchain Node
- RPC Node
Service-Side
- Apache Ranger
- Apache Hive
Microsoft Azure
- Azure Custom Connectors
-
Release Notes and Documentation
For more information, see Version 4.48 Release Notes or check out our Documentation.
Shape the future of Threat Modeling with us!
Join IriusRisk Horizon - Customer Research, Product Discovery, and Early Access. Join today.
Swaggerhub & Github
Find out more of what you need in GitHub and Swaggerhub Repos:
https://app.swaggerhub.com/apis/continuumsecurity/IriusRisk/1.24.0 - We provided this featured API to allow for deeper customer integrations as well as enable very flexible automations within the many varied environments IriusRisk needs to operate.
https://iriusrisk.github.io/iriusrisk-api/v2/latest/- Please note that this version of the API is currently in beta. While it offers advanced features for deeper integrations and flexible automations, we reserve the right to make breaking changes during this phase and encourage caution in production environments.
https://github.com/iriusrisk/IriusRisk-Central - Provides content useful for IriusRisk threat modelling, including templates, API scripts, libraries and more.
