What’s New

The AI risk landscape changes every week.
So does SanctumShield.

By Lindsay Hiebert · Founder · CISSP

The recurring value behind the $99/month subscription isn’t a cron job. It’s that every month we refresh the regulatory citations, AI endpoint registry, tools catalog, and policy generation prompts so the audit you run in April is not the same audit you run in May. You subscribe so we do the landscape-tracking work for you.

Why a monthly refresh matters

AI governance is not a one-time audit. It’s a continuously-drifting target.

01 · Regulations drift

EU AI Act delegated acts ship quarterly. State-level AI disclosure laws are being introduced monthly. NIST AI RMF profiles are being updated. Your AUP citations need to track.

02 · New AI tools ship weekly

OpenRouter, Fireworks, Deep Infra, MiniMax, Moonshot — all added this month. Your log analyzer is only as good as the AI endpoint registry it matches against, and the registry is a moving target.

03 · Training policies change

Vendors update their training-on-inputs policies constantly. A tool that was “safe” last quarter may be training on customer prompts this quarter. Your tools catalog needs eyes on it.

Monthly changelog

Every change, every month, in one place.

April 2026
2026-04

Launch month · 7 frameworks live, registry expanded to 64 domains

Regulatory citations
  • SOC 2 CC6.1 / CC7.2 interpretive guidance refreshed with AICPA 2026 clarifications on AI tool inventory and shadow AI disclosure
  • EU AI Act Article 5 prohibited-practices citations updated to reflect March 2026 Commission delegated act on biometric inference
  • HIPAA §164.502(e) Business Associate Agreement language added for AI vendor sub-processor chains
  • NIST AI RMF GOVERN-1.4 mapping refined against the January 2026 Generative AI Profile supplement
AI endpoint registry
  • Added: OpenRouter (openrouter.ai), Fireworks AI (api.fireworks.ai), Deep Infra (api.deepinfra.com), Lambda Labs (api.lambda.ai), Modal (modal.com), RunPod (api.runpod.ai)
  • Added: MiniMax (api.minimax.chat), Moonshot Kimi (api.moonshot.cn), OpenChat (api.openchat.team)
  • Total AI endpoint registry: 64 domains (was 50)
AI tools catalog
  • Added training-policy flags for Anthropic Claude 4.6, Google Gemini 3.1 Pro, Google Gemini 3 Flash, OpenAI GPT-4.5, Mistral Large 3
  • Updated enterprise-tier availability for Cursor, GitHub Copilot Enterprise, Perplexity Enterprise
  • Total pre-rated AI tools: 60+ (catalog under continuous review)
Policy generator prompts
  • AI Acceptable Use Policy § 4 (Permitted Use) now generates industry-specific examples for healthcare, fintech, legal, and B2B SaaS buyers
  • Policy § 6 (Data Handling) now references EU AI Act transparency obligations for high-risk AI systems

Your subscription is a commitment.
Ours is too.

When you subscribe to SanctumShield you’re not paying for access to a static document library. You’re paying for continuous maintenance of the AI governance landscape — the endpoint registry, the regulation citations, the tool risk ratings, the policy prompts — so the report you run in month 2 reflects what’s actually happening in month 2. That is the work that justifies the recurring charge.

What's New — SanctumShield Monthly Updates