April 2026 (26.4)

Last updated: April 27, 2026

Part of this month's release introduces an overhaul to Cork's mapping algorithm, now visible as a new tab on the Clients page.

Automated and Suggested Mappings

Cork Vantage now introduces Suggested & Automated Mapping, expanding how mappings are created and applied across your clients, devices, and inboxes.

Previously, clients were typically only auto-mapped when integration-level names closely matched. Devices also relied on limited attributes like hostname and internal IP - meaning small discrepancies, or factors like multiple NICs, could leave assets unmerged.

Now, Cork considers a broader set of attributes - including shared identifiers and clusters of related assets - when determining mappings.

Mappings can be configured in one of two modes:

  • Automatic mode (default for new Partners): Cork maps clients, devices, and inboxes on your behalf

  • Suggestion mode (default for existing Partners): Cork generates recommended client mappings for review before anything is applied

In both modes, devices and inboxes are automatically merged once clients are mapped.

A new Mapping view provides visibility into how and why assets are mapped, with the ability to review and apply suggestions. Manual overrides are always available, and Cork will never automatically change mappings you’ve set yourself.

Find it at: Clients > Mapping

Requires Admin or Tech role to apply suggested mappings.

Learn more here 📄 Mapping Mode

Cork Cyber Score Simulation

You can now simulate how changes to a client's security posture would impact their Cork Cyber Score - without making any real changes.

Adjust key inputs such as vulnerabilities, compliance events, controls coverage, and claims to model different scenarios. Each input can be set to different impact levels (e.g., actual, none, or max impact) to reflect potential security postures.

As you adjust values in the simulation, the score recalculates instantly and an impact breakdown shows how each factor contributes to the overall change compared to the client's current score.

This helps you understand the effect of potential security improvements before applying changes.

Find it at: Clients > [Select a client] > Cork Cyber Score widget (flask icon)

Learn more about the 📄 Cork Cyber Score

Export Per-Client Assets

You can now export a detailed breakdown of a client's assets and their associated integrations directly from Cork Vantage.

This export provides tool-level visibility, showing the number of connected assets per integration (for example, endpoints per EDR tool or users per MFA provider). It enables consistent billing verification and reconciliation across clients.

The export includes integration-specific mappings and supports tools even when no compliance events are present.

The export is available as a CSV download per client, containing all mapped integrations and their associated asset counts.

Find it at: Clients > [Select a client] > [Navigate to an Assets table] > Generate CSV

Dark Mode

Cork Vantage now supports Dark Mode, giving MSPs and NOC teams a low-light interface option for long hours in the console.

Switch between light and dark themes depending on your shift, your setup, or your tolerance for bright dashboards.

Find it at: Bottom-left navigation → sun/moon icon

Integrations

  • Apr 27: 📄 Cynetintegration updated to support grouping by sites

  • Apr 7: 📄 Backup Radar now integrates with SaaS Backup

    • If an existing Backup Radar BCDR integration exists, the SaaS Backup integration will be created automatically

Improvements

  • Apr 27: Integrations that support reusable credentials (Acronis, Microsoft, SuperOps, etc) can now be opted out

    • If an integration created because of a reusable credential is deleted, it will no longer be automatically recreated until it is opted back in

  • Apr 27: Previously 📄 Silence Notifications & Manage Risk would alert all admins of an account, now this is a separate notification type that anyone can subscribe to.

    • All existing admins were opted-in to this new notification type

  • Apr 17: Additional device properties, such as BIOS UUID, are captured and used for improved partner mapping and device identity

  • Apr 13: 📄 Cork Public API & MCP Server now supports OAuth2 support and improved integration with popular AI tools such as Claude, ChatGPT, and Gemini CLI

Bug Fixes

  • Apr 27: Risk insights table sorting properly sorts against the entire dataset, not just what's visible in the tables

  • Apr 27: Fixed potential race conditions with asset mappings

  • Apr 8: Improve connection verification time for new 📄 ThreatLocker integrations

  • Apr 7: Fix date parsing with 📄 Hook Security

  • Apr 7: Fix UI issue truncating long integration names in filters