A credit threshold is now required when running Takumi blackbox assessments. The "Risk Focus Assessment" mechanism, previously offered as a separate menu option, is now the standard behavior for all blackbox assessments.

With this change, you can control credit consumption upfront for every blackbox assessment, preventing unexpected credit usage.

Takumi Guard now supports PyPI alongside npm.

Python projects using pip, uv, or poetry can now route installs through Takumi Guard to block known-malicious packages before they reach your CI or development environment.

Risk Focus Assessment now includes the following new capabilities:

1. Full Assessment mode is now supported in addition to Scoped Assessment mode
2. A new "Auto" option lets Takumi automatically determine the assessment priority for each feature-perspective combination

Takumi's features are now available through a public HTTP API, without going through the Web UI or Slack. You can integrate Takumi directly into CI/CD pipelines, ticket management systems, or your own vulnerability management workflows—making Takumi a more seamless part of your development lifecycle.

Currently, the API supports the "Full Assessment" mode for both whitebox and blackbox assessments. Support for "Scoped Assessment" mode and Autofix will be added in future updates.

Multi-factor authentication is now available to all Shisho Cloud byGMO users.

Previously available to select organizations only, all users can now use this feature. Organization admins can also require multi-factor authentication to access organization resources.

Takumi Guard is an npm registry proxy that strengthens supply chain security.

Add a single registry URL to your .npmrc and malicious package blocking plus post-install tracking and breach notifications are enabled automatically.

Takumi Runner is a secure runner service for GitHub Actions workflows.

Change one line in your workflow file — runs-on: takumi-runner — and eBPF tracing of processes, network connections, and file operations is enabled automatically.

Takumi Blackbox Assessment now supports "Risk Focus Assessment" mode.

You can set priorities for each feature-perspective combination and run assessments incrementally within a credit threshold.

Takumi blackbox assessment reports have been improved.

Reports are now more readable and actionable, with clearer reproduction steps, more specific remediation guidance, and consistent formatting throughout.

We've released the Takumi Autofix feature. This feature automatically generates fix patches for vulnerabilities detected in security assessments and creates Pull Requests.