What's new in Polaris fAST Dynamic: AI-assisted authentication with expanded coverage and faster onboarding

Generative models are powerful, but they need guardrails in enterprise workflows. We tightened the interaction pattern between fAST Dynamic and the model, so logins stay on script and exit early when a terminal condition is reached (for example, invalid credentials). In practical terms, you see more dependable authentication success when inputs are correct, and quicker failure when they aren’t—no more wasted minutes on unproductive retries.

We also tuned the failure paths. When customers accidentally supply bad secrets, the system now recognizes the terminal state faster and surfaces the right error sooner. That means your team can fix what matters and rerun, instead of waiting on a stuck attempt.

Today, AI assisted authentication works with standard username/password flows and supports common staged logins via Multi-Page Login. Time-based one-time passwords (TOTP) are supported in the UI; email-code MFA is available via configuration while UI setup rolls out. If an application’s flow requires precise, repeatable steps, you can still use form-based mapping or Chrome recordings—the AI doesn’t replace those options; it makes them the exception rather than the rule.

Not every environment is a match for AI on day one, and some teams prefer scripted control. We added the ability to mark actions in Selenium recordings as optional—perfect for elements that only appear sometimes (think cookie banners or occasional challenges). Operationalizing those steps keeps the flow resilient without forcing you to add custom logic or maintain multiple recordings.

Modern React/Node deployments often optimize for client performance by sending partial pages. That can confuse traditional crawlers and slow discovery. fAST Dynamic now requests a server-rendered version of those pages for analysis, producing a fuller DOM for the scanner to traverse. You’ll see better link discovery, fewer dead ends, and cleaner, faster scans on these architectures.

Rule quality is the backbone of any DAST engine. We shipped targeted checker improvements—such as CSRF and server-error scenarios. The aim is simple: fewer misses, clearer findings, and evidence that travels cleanly into issue trackers. You’ll notice this in triage speed as much as in counts.

All of the above is designed to meet teams where they work:

• CI-friendly by default. Use CI Bridge to orchestrate scans from Jenkins or GitHub Actions; for internal targets, secure connectivity is handled as part of the job.
• Privacy by design. The model analyzes screenshots of rendered login screens; credentials and URLs stay within Polaris. Use dedicated test accounts and least-privilege access for MFA inboxes.
• Audit-ready outcomes. Findings include request/response evidence and remediation guidance; exports to Jira/Azure DevOps carry the context engineers need to fix, not just to file.