Las Vegas, NV — May 1, 2026 — Nsasoft US LLC today announced the release of NSAuditor AI — Pro & Enterprise Edition v0.2.3, a maintenance and enhancement release built on the v0.2.x parallel-agent analysis pipeline. This update ships with improved compliance gap reporting, more accurate agent verification logic, and several stability and compatibility fixes across Windows, Linux, and macOS environments.

"Version 0.2.3 is about hardening the foundation we laid in 0.2.1. Customers running large-scale enterprise audits asked for more precise compliance evidence references and faster verification cycles — both land in this release. The parallel agent model stays intact; we've just made it more reliable under real-world load." — Nsasoft US LLC

What's New in v0.2.3

Improved Compliance Mapping (Enterprise)

The Compliance Engine now produces tighter evidence references when mapping findings to NIST CSF, CIS Controls, HIPAA Security Rule, GDPR Article 32, and PCI DSS. Each control mapping now includes the source finding ID, verification status, and the specific scan probe that produced the evidence — making gap reports fully auditable by compliance teams.

Faster Verification Engine (Pro)

The non-destructive verification engine has been refactored to reduce per-host round-trip overhead. Probe batching across the Auth, Crypto, and Config agents cuts average verification time by up to 30% on subnets with 50+ hosts, while maintaining the existing 2s/host rate limit and full audit logging.

Risk Score Calibration (Pro)

Composite risk scoring has been recalibrated based on real-world audit feedback. POTENTIAL findings with corroborating indirect evidence are now scored at 0.75× (up from 0.6×), reducing under-reporting of likely vulnerabilities in environments where direct probes are filtered by internal firewalls.

Cloud Scanner Fixes (Enterprise)

Resolved an intermittent credential resolution issue affecting AWS STS-based role assumption chains. GCP firewall rule parsing now correctly handles hierarchical policy inheritance across shared VPC configurations. Azure RBAC scanner updated for the April 2026 Microsoft Graph API schema changes.

CE Peer Dependency

Peer dependency aligned to ^0.1.26, picking up all stability fixes and the updated MCP server detection signatures shipped in the Community Edition 0.1.26 release.

Availability

NSAuditor AI — Pro & Enterprise Edition v0.2.3 is available immediately on npm:

npm install -g @nsasoft/nsauditor-ai-ee

A valid Pro or Enterprise license key is required to activate EE features. Pricing and licensing: https://nsauditor.com/ai/pricing
System requirements: Node.js 20+, NSAuditor AI CE v0.1.26 or later.

About Nsasoft US LLC

Nsasoft US LLC builds network security and audit tooling for IT teams, MSPs, and enterprise security organizations. For more information, visit https://nsauditor.com

Media Contact:
Nsasoft US LLC
732 S 6th St, Ste R
Las Vegas, NV 89101
Phone: +1 (702) 625-0401
info@nsasoft.us
https://nsauditor.com

Las Vegas, NV — May 1, 2026 — Nsasoft US LLC today announced the release of nsauditor-ai v0.1.26, the latest update to the open-source network security audit platform. This release expands MCP server detection coverage, improves scan report output quality, and ships a set of stability fixes addressing edge cases reported by the community since v0.1.24.

What's New in v0.1.26

Expanded MCP Server Detection

Building on the MCP server scanner plugin introduced in v0.1.24, this release adds detection for two additional vulnerability categories:

• 🔴 Insecure CORS Configuration — Identifies MCP servers that accept cross-origin requests from wildcard or overly permissive origins, enabling unauthorized cross-site tool invocation
• 🔴 Missing Rate Limiting on Tool Endpoints — Detects MCP servers that expose tool endpoints without request throttling, leaving them vulnerable to enumeration and abuse

Port candidate coverage has been extended with three additional commonly observed MCP deployment ports: 4000, 7860, and 9000.

Improved Scan Report Output

The CLI report renderer now groups findings by severity tier (CRITICAL → HIGH → MEDIUM → LOW → INFO) and includes a one-line remediation hint for each finding category. JSON output mode adds a scan_meta block with scan duration, plugin versions, and host reachability summary — making automated ingestion into SIEM and ticketing systems more reliable.

save_finding MCP Tool Enhancement

The save_finding MCP tool now accepts an optional remediation field, allowing AI agents and MCP-aware IDE assistants to attach structured fix guidance directly to persisted findings. Compatible with NSAuditor AI EE v0.2.3 and later.

Stability Fixes

• Fixed a hang condition on hosts that return partial TLS handshake responses during the Crypto agent probe sequence
• Resolved incorrect MITRE ATT&CK technique assignment for SNMP community string findings (was T1046, corrected to T1602.001)
• STDIO transport detection no longer emits false-positive MCP Inspector findings on localhost loopback addresses
• Improved IPv6 target handling in the port scanner module

Resources

• 📦 npm Package: npmjs.com/package/nsauditor-ai
• 💻 GitHub: github.com/nsasoft/nsauditor-ai

Availability

nsauditor-ai v0.1.26 is MIT-licensed and available immediately via npm:

npm install -g nsauditor-ai

About Nsasoft US LLC

Nsasoft US LLC is a Las Vegas-based network security software company specializing in privacy-first, AI-assisted security tooling. The company develops open-core security scanners and infrastructure auditing tools for enterprise and developer audiences.

Media Contact:
Nsasoft US LLC
732 S 6th St, Ste R
Las Vegas, NV 89101
Phone: +1 (702) 625-0401
Email: info@nsasoft.us
Web: https://www.nsauditor.com

Las Vegas, NV — April 27, 2026 — Nsasoft US LLC today announced the release of NSAuditor AI — Pro & Enterprise Edition v0.2.1, the commercial extension to the open-source NSAuditor AI network security audit platform. The release pairs the v0.2.x parallel-agent analysis pipeline with full compatibility against Community Edition v0.1.24, which now ships with the MCP server scanner plugin and the save_finding MCP tool.

The 0.2.x line is the largest functionality jump since the product's launch. Five specialized analysis agents — Auth, Crypto, Config, Service, and Exposure — now run in parallel on every scan, each producing structured findings within its category. Results flow into a non-destructive verification engine that confirms whether each finding is real before it reaches a report.

"A scanner that says 'TLS 1.0 might be enabled' is just adding to the analyst's queue. We wanted a system that says 'TLS 1.0 is enabled — here is the handshake response, here is the matching CVE, here is the MITRE technique, here is the risk score.' That's what 0.2 ships. And it does it without sending customer data anywhere — same API call, vastly better output, customer keeps the keys." — Nsasoft US LLC

What's New in v0.2.x

Parallel Analysis Agents (Pro)

Five concurrent agents triage scan output by category: weak auth and default credentials; TLS and certificate weaknesses; configuration mistakes (default SNMP communities, debug modes, exposed .env files); service-level CVEs and end-of-life software; and internet-facing exposure paths. Agents execute via Promise.allSettled — categories with no relevant services are skipped automatically.

Verification Engine (Pro)

Findings are confirmed with safe, non-destructive probes — a TLSv1.0 handshake attempt, an SNMP sysDescr GET, a banner grab — and labeled VERIFIED, POTENTIAL, or FALSE_POSITIVE. Probes are rate-limited (2s/host), carry no exploit payloads, write no data, and are individually audit-logged.

Intelligence-Enriched AI Reports (Pro)

AI providers (OpenAI, Claude, Ollama) work in every tier; the difference is what enters the prompt. Pro injects CVE matches, MITRE ATT&CK techniques, risk scores, and verification status — producing executive-ready summaries and remediation plans. Customers supply their own API keys. No scan data transits Nsasoft infrastructure (Zero Data Egress preserved).

Risk Scoring Engine (Pro)

Composite scoring combines severity, exploitability, impact, and exposure. VERIFIED findings score at 1.0×; POTENTIAL findings at 0.6× — so unconfirmed signal cannot inflate a report's headline numbers.

Cloud and Compliance (Enterprise)

AWS, GCP, and Azure cloud scanners audit security groups, IAM policy, firewall rules, NSG rules, and RBAC bindings using the customer's own cloud credentials. The Compliance Engine maps findings to NIST CSF, CIS Controls, HIPAA Security Rule, GDPR Article 32, and PCI DSS, producing gap reports with evidence references.

Pro & Enterprise MCP Tools

get_vulnerabilities, risk_summary, scan_compare, save_finding (Pro) and start_assessment, prioritize_risks, compliance_check, export_report (Enterprise) make EE intelligence available to MCP-aware agents and IDE assistants.

What's Specifically New in v0.2.1

• CE peer dependency aligned to ^0.1.24, picking up the MCP server scanner plugin (CE plugin 070) and the shared save_finding MCP tool
• Documentation updated across README and architecture references to reflect the unified CE+EE plugin surface
• Repository hygiene: tasks/ directory excluded from publication

Availability and Pricing

NSAuditor AI — Pro & Enterprise Edition v0.2.1 is available immediately on npm:

npm install -g @nsasoft/nsauditor-ai-ee

A valid Pro or Enterprise license key is required to activate EE features. Pricing and licensing: https://nsauditor.com/ai/pricing
System requirements: Node.js 20+, NSAuditor AI CE v0.1.24 or later.

About Nsasoft US LLC

Nsasoft US LLC builds network security and audit tooling for IT teams, MSPs, and enterprise security organizations. For more information, visit https://nsauditor.com

Media Contact:
Nsasoft US LLC
info@nsasoft.com
https://nsauditor.com

The MCP Security Gap

As AI agents and LLM-powered applications proliferate, MCP servers are rapidly becoming the connective tissue of enterprise AI infrastructure. Yet unlike traditional web services, MCP deployments often lack standardized security hardening guidance — leaving organizations exposed to risks that conventional scanners are not equipped to detect.

nsauditor-ai v0.1.24 closes that gap with a dedicated plugin suite that audits HTTP/SSE-transport MCP servers across four critical vulnerability categories:

• 🔴 Cleartext Bearer Token Exposure — Detects authentication tokens transmitted without TLS or proper header protection
• 🔴 Anonymous Authentication + Tool Enumeration — Identifies MCP endpoints that allow unauthenticated tool discovery, enabling attackers to map available capabilities
• 🔴 Deprecated Protocol Versions — Flags servers running outdated MCP protocol revisions with known weaknesses
• 🔴 MCP Inspector Interface Exposure — Detects inadvertently exposed developer inspection interfaces on production hosts

Safe, Read-Only Detection Methodology

The scanner operates exclusively through safe, read-only JSON-RPC initialize probes sent to eight commonly used MCP port candidates: 1967, 3000, 3005, 5173, 6274, 6277, 8000, and 8090. No tool invocation occurs. No exploitation is performed. All findings are automatically mapped to CWE, OWASP Top 10, and MITRE ATT&CK framework identifiers, enabling direct integration into enterprise risk and compliance workflows.

Architecture & Availability

nsauditor-ai v0.1.24 ships as both a command-line interface (CLI) and a native MCP server itself, allowing it to be composed directly into AI agent pipelines for automated, continuous security posture assessment. The tool is MIT-licensed and available immediately via npm:

npm install -g nsauditor-ai
nsauditor-ai scan --host <target> --plugins all

The current release covers HTTP/SSE-transport MCP servers — the network-exposed attack surface. Audit support for STDIO-transport MCP (the default for Claude Desktop and similar local deployments) is planned for a future release.

Resources

• 📦 npm Package: npmjs.com/package/nsauditor-ai
• 💻 GitHub: github.com/nsasoft/nsauditor-ai

About Nsasoft US LLC

Nsasoft US LLC is a Las Vegas-based network security software company specializing in privacy-first, AI-assisted security tooling. The company develops open-core security scanners and infrastructure auditing tools for enterprise and developer audiences.

Media Contact:
Nsasoft US LLC
732 S 6th St, Ste R
Las Vegas, NV 89101
Phone: +1 (702) 625-0401
Email: info@nsasoft.us
Web: https://www.nsauditor.com

Security Fixes

Version 3.2.7 addresses the following vulnerabilities:

• CVE-2018-25213 — DNS Lookup DNS Query field SEH buffer overflow (Fixed)
• CVE-2019-25597 — SNMP Auditor Community field buffer overflow (Fixed)
• CVE-2020-37130 — Registration Name field buffer overflow (Fixed)
• CVE-2021-47815 — Registration Key field buffer overflow (Fixed)

In addition, the vulnerability detection and network databases have been updated to reflect the latest known threats and security signatures.

About Nsauditor Network Security Auditor

Nsauditor Network Security Auditor is a comprehensive network security scanner for auditing and monitoring network computers for possible vulnerabilities. The software checks network computers using all potential methods that a hacker might use to attack them. Nsauditor includes over 45 network tools including intrusion detection, firewall, packet analyzer, port scanner, SNMP auditor, DNS tools, and more. The product supports Windows XP through Windows 11.

Availability and Pricing

Nsauditor Network Security Auditor 3.2.7 is available for immediate download at https://www.nsauditor.com/downloads/nsauditor_setup.exe. The software is priced at $69.00 USD with a 15-day free trial. All existing customers are strongly encouraged to update immediately.

About Nsasoft US LLC

Nsasoft US LLC, based in Las Vegas, Nevada, develops network security audit software, internet tools, network monitoring software, and password recovery products. For more information, visit https://www.nsauditor.com or contact info@nsasoft.us.

Media Contact:
Nsasoft US LLC
732 S 6th St, Ste R
Las Vegas, NV 89101
Phone: +1 (702) 625-0401
Email: info@nsasoft.us
Web: https://www.nsauditor.com