Equixly May 2026 product update

This month, we’re releasing five new features and improvements that deepen the intelligence, flexibility, and reach of the Equixly platform. Our May release focuses on giving you more control over how you configure tests, making onboarding faster, and putting your API data exactly where you need it, while laying the groundwork for one of our most anticipated capabilities yet.

We’ve been continuing to act on the feedback you’ve shared. This update reflects both your priorities and our broader vision for what a modern application and API security platform should be.

Here’s what’s new in Equixly’s May update:

• Knowledge settings: Provide Equixly with a richer context for your application before testing begins.
• Discovery enhancements: Faster, more accurate endpoint discovery, now with automatic specification capture.
• Compliance refinements: A redesigned compliance interface with granular framework-level detail.
• Multi-service creation: Onboard complex environments with multiple API services in a single upload.
• Service specification export: Download your API specification at any time, for any service.

We’re also giving you a first look at the Equixly MCP Server, coming later this month.

Knowledge settings

One of the most persistent challenges in automated security testing is context. Generic tests against generic assumptions only take you so far. The more an API security platform understands about your application — its structure, its business logic, its edge cases — the more meaningful and precise the results it can deliver.

That’s the thinking behind our new Knowledge configuration type.

Before running a scan, you can now provide Equixly with plain-language instructions describing how your application behaves. That might mean instructing the platform to insert a specific body into a particular request, defining how authentication flows are expected to work, or calling out any application-specific behaviors that standard testing heuristics might otherwise misinterpret.

In addition to free-text instructions, you can also attach your own documentation directly as the knowledge source. Equixly will parse and apply this material to inform its approach to your services, testing against your implemented business logic rather than relying on generic API patterns.

This capability is particularly powerful for organizations whose APIs encode complex domain rules, multi-step workflows, or non-standard authentication mechanisms that out-of-the-box scanners typically miss.

Knowledge settings are available as a pre-scan configuration step, making them easy to integrate into your existing testing workflows without disrupting your current operations.

Discovery improvements

Since launching Discovery in April, we’ve been working hard on the engine underneath. As a result, this month, we’re bringing substantial improvements to the performance and quality of scan results. That translates to faster crawls and more thorough endpoint identification in highly complex environments.

But the headline addition to Discovery this month is a new layer of automatic intelligence: specification detection and capture.

During the discovery process, if Equixly encounters an API specification — whether it’s a Swagger document, an OpenAPI definition, or another recognized format — it will now automatically capture that specification and create a dedicated service from it. This action happens without any manual intervention on your part.

The result is

• Immediate visibility into services you may not have known were exposing documented endpoints
• A clean, fully manageable service entry ready for security testing from the moment it’s detected

For organizations that use microservices on a large scale, where different teams publish their own API documentation, automatically turning a discovery artifact into a testable service is a significant improvement in operations.

Compliance refinements

Compliance insights are most helpful when they can be acted upon. If you only have a list of frameworks you need to follow, without understanding your current status and what needs improvement, you end up with unnecessary reporting that doesn’t add security value.

This month, we’ve redesigned the compliance interface from the ground up to address exactly that.

Each framework you’re being tested against now has its own dedicated page, giving you a structured view of the elements you’re required to meet. At a glance, you can see which elements have passed, which have failed, and how many outstanding issues require remediation.

Navigating from compliance status to actual findings is now a single click. From any framework page, you can jump directly to the issues identified in testing, so the path from “this control is failing” to “here’s what needs to be fixed” is as short as possible.

For security teams presenting compliance posture to auditors or leadership, this level of detail and traceability is essential.

Multi-service creation

Onboarding complex API environments into Equixly has historically required somewhat repetitive work: uploading files one at a time, filtering by a single URL per session, and creating services individually. For organizations running many API services on multiple domains or subdomains, this can add up quickly.

Multi-service creation eliminates it.

You can now upload a single file — a HAR file or a Burp Suite export — and specify multiple URLs, whether those are separate domains, subdomains, or any combination of both. Equixly will parse the traffic and automatically create a separate, independent service for each URL you define, scoped precisely to the endpoints associated with it.

Alternatively, if you don’t specify any URLs, Equixly will automatically create services for all URLs found in the file, each scoped to its respective endpoints.

The practical impact is significant. Tasks that used to take multiple sessions and require a lot of manual work can now be done in one step. Whether you are setting up a new environment, testing a microservices architecture, or expanding coverage to a new part of your infrastructure, creating multiple services makes the process quicker and more reliable.

Service specification export

Your API specification is one of the most valuable artifacts your security program can produce. Until now, accessing it outside the platform required extra steps. That changes with this release.

From within Equixly, you can now download the API specification for any of your services at any time. It doesn’t matter how the service was created — imported from an existing OpenAPI document, generated through Discovery, or captured automatically during a scan. The specification is always current, always complete, and always available for export.

The uses for this capability are broad:

• Share accurate, up-to-date documentation with developers or security team members who need it.
• Use the specification as the authoritative source of truth when onboarding new engineers or contractors.
• Keep it as a snapshot for audit and compliance purposes, demonstrating that your API surface was documented at a specific point in time.

Wherever you need your API specification to go, you can now take it there, directly from Equixly, with no extra tooling required.

Coming soon: Equixly MCP Server

Later this month, Equixly will become accessible via a Model Context Protocol (MCP) server. We wanted to give you a preview of what that means before we ship it.

The Equixly MCP Server will allow you to connect any MCP-compatible AI client — including Claude, ChatGPT, and others — directly to the Equixly platform. Once connected, you’ll be able to retrieve scan results, manage services, review findings, and trigger actions using nothing more than natural language prompts through your AI client of choice.

That is a colossal architectural step. It means that Equixly’s capabilities can be accessed not just through the platform’s own interface, but through any AI-powered workflow your team already uses. For security engineers who spend large parts of their day in AI-assisted environments, having Equixly natively accessible in that context removes an entire layer of context-switching.

We’ll share full technical details and setup guidance at launch. Stay tuned.

Closing thoughts

Equixly’s May release deepens the platform in areas that are becoming extremely important to security teams operating at scale:

• Smarter testing with contextual knowledge
• Faster onboarding via multi-service workflows
• Clearer compliance reporting
• More accessible data via specification export

And with the Equixly MCP Server on the horizon, we’re beginning to open up an entirely new way to interact with the platform.

As always, we’re building with your feedback in mind. Keep it coming, and we’ll keep shipping.

Edoardo Zatti

Technical Product Manager

With a master's degree in Theoretical Physics, Edoardo has established a robust analytical thinking and problem-solving foundation. During the final year of his studies, he taught an integration course at the university, refining his communication skills and kindling his passion for education. His academic journey took an exciting turn during his master's program as he ventured into the field of computer science through relevant courses. These courses sparked his interest in IT and led him to specialize in backend development, where he sharpened his skills through involvement in complex projects and practical experience in other Tech companies.

Zoran Gorgiev

Technical Content Specialist

Zoran is a technical content specialist with SEO mastery and practical cybersecurity and web technologies knowledge. He has rich international experience in content and product marketing, helping both small companies and large corporations implement effective content strategies and attain their marketing objectives. He applies his philosophical background to his writing to create intellectually stimulating content. Zoran is an avid learner who believes in continuous learning and never-ending skill polishing.