numasec 1.1.0 is the release where the project stops feeling like "an LLM calling tools" and starts feeling like a real cyber security runtime.
The headline is the browser/runtime jump.
numasec can now keep browser actors alive across steps, carry state forward, and recover when a flow goes sideways instead of forgetting everything and starting from zero. Bad navigations, poisoned pages, transient network failures, stale auth, broken workflows — these no longer automatically kill the run.
There is real working memory now.
Cookies, bearer tokens, headers, storage state, CSRF material, actor sessions, browser sessions, execution attempts, target profiles, and resource inventory are now part of the runtime instead of loose prompt context. Browser and HTTP can finally share state, which makes auth-heavy apps and SPAs much less fragile.
The graph/evidence side got sharper too.
Planner normalization is tighter. Finding evaluation is stricter. Workflow and resource inference are smarter. Attack paths are cleaner. Reports are cleaner. The agent has a much better sense of what it already saw, what it already proved, and what is actually worth chaining together.
This release also ships with a much stronger validation stack:
- runtime eval scripts
- live runtime checks
- broader regression coverage for browser recovery, auth propagation, failure classification, target profile storage, and inventory flows
Other cleanup that matters:
install.shis back as the only source installer- the README now tells the right story
- the Claude Opus / Sonnet retry-loop bug caused by a missing finish reason is fixed
Big picture: 1.1.0 is the release where numasec gets much better at staying on target, holding onto context, moving through authenticated flows, and turning scattered proof into something that feels like a real attack story instead of disconnected scanner output.