Turbine Cloud 26.0.0 Release

march 09, 2026 turbine 26 0 0 smarter ai and a better user experience turbine 26 0 0 introduces powerful ai driven capabilities and key platform improvements to make building, running, and managing automations easier and more reliable this release introduces ai soc, bringing ai assistance directly into security workflows ai soc enables teams to start using ai across alert triage, investigation, and response hero ai companion now includes playbook building mode, allowing users to create and update playbooks using natural language this significantly reduces the time and effort needed to build complex automation playbooks the release also includes improvements in the overall user experience and platform scalability code editors now support full screen mode for easier editing of long scripts users can view component errors and run details directly from playbook runs for better troubleshooting overall, turbine 26 0 0 strengthens swimlane’s position as an intelligent automation backbone for enterprises, where automation and ai work together seamlessly to drive efficiency, speed, and better security outcomes what's new in this release ai driven security operations (ai soc) turbine 26 0 0 introduces foundational capabilities for ai driven security operations (ai soc), combining traditional soc workflows with ai powered capabilities to accelerate security operations, reduce false positives, and enhance analyst productivity through intelligent automation the ai soc solution integrates hero ai capabilities throughout soc workflows, enabling intelligent alert analysis to determine true/false positives and prioritize threats, automated threat intelligence correlation that synthesizes results from multiple providers, case investigation assistance with ai powered recommendations and remediation guidance, and knowledge management with context aware access to procedures and best practices these experiences are powered by hero ai deep agents the investigation and response agent assists analysts in triaging and investigating incoming signals, the playbook generator agent helps create playbooks to automate and streamline investigation and response workflows, and the ingestion agent accelerates onboarding by connecting to third party apis to ingest alerts and signals ai soc ingestion makes it faster to connect sources and bring alerts and signals into ai soc, reducing time to value from the alert or security event view, analysts can kick off playbook creation to streamline investigation and response workflows these capabilities are delivered through hero ai and core platform enhancements in this release, enabling ai assisted security automation workflows for more information, see ai soc solution docid\ ddizyeiqevgzg8ay0fcc5 playbook generator agent hero ai companion now supports playbook building mode, enabling users to generate and modify playbooks using natural language users can describe their automation needs in plain text or provide a complete text runbook, and playbook generator agent will create the corresponding playbook flow automatically the playbook builder uses ai agents powered by claude code sdk to understand requirements, search for appropriate components from the tenant and marketplace, and generate valid turbine playbook json that follows schema specifications the playbook gererator handles complex playbook structures including triggers, actions, conditional logic, loops, variable management, and error handling when a playbook flow is being generated or updated, canvas is automatically placed in a disabled state to prevent conflicting changes once generated, users can refine playbooks using natural language or manually edit them using canvas features generated playbooks are automatically validated to ensure they are executable, and comprehensive error handling with detailed messages and retry capabilities ensures a smooth experience even when encountering rate limiting, token limits, or generation failures this feature significantly reduces the time and expertise required to build complex automation workflows, making playbook creation accessible to users of all technical levels for more information, see how to create playbooks https //docs swimlane com/how to create a playbook#create or modify with hero ai full screen mode for code editor code editors across the platform now support full screen mode, making it easier to work with long or complex scripts users can expand the editor for more workspace and switch back to the regular view when done this capability is available in all code editors for a consistent experience across platform the feature is fully configurable, if a user prefers not to display the expand icon, it can be turned off switching between views is quick and simple, helping orchestrator stay focused and work efficiently view sub component run details in the playbook test console users can now view component error messages and run details directly from playbook runs previously, when a component failed, there was no way to see the underlying error or execution details the playbook run now includes links to the corresponding component run, allowing users to access error messages and execution details without navigating away from the playbook run view this improvement provides better visibility into playbook execution and makes troubleshooting component failures more efficient, reducing the time needed to diagnose and resolve issues receive and manage notifications directly within applications turbine now supports real time, in app notifications triggered through notification actions, helping teams stay informed without relying solely on email and respond faster to critical incidents directly within the platform notifications are displayed per tenant by default, with the ability to view notifications across all tenants providing greater oversight when configured with a link, notifications can take users directly to the relevant record or playbook, enabling faster investigation and action a new notification usage dashboard provides visibility into notification activity, including how many notifications were sent from a specific action and how many were delivered to individual users this helps teams monitor usage and adjust, especially important as email notification limits apply users can manage their notification preferences in their profile settings and choose to receive in app notifications, email notifications, or both for more information, see send notifications native action https //docs swimlane com/send notification native action and notifications dashboard https //docs swimlane com/notifications dashboard improved ssp content migration turbine 26 0 0 offers re architected and rewritten ssp import/export functionality to significantly improve reliability, data integrity, and overall performance when moving ssp content between tenants and environments this improvement ensures smoother ssp import and exports, clearer error handling, and more efficient content transfers across turbine major improvements stronger data integrity controls the system properly updates linked content when updated/deleted the system routinely performs clean up jobs ensuring data integrity ssps no longer fail on orphaned content (i e playbooks referencing components that do not exist) clearer, actionable error messages error messages now show the names of missing components, not just their idsrequired actions to proceed with import/export are clearly indicated optimized import performance with progress visibility performance has been significantly enhanced through the implementation of batch processing and parallel processing a progress spinner has been added to the import flow to display the overall import status and percentage completion for each step these updates make ssp import/export more predictable, stable, and efficient for both enterprise and mssp customers scim support for additional identity providers turbine's scim (system for cross domain identity management) integration now supports jumpcloud and ping identity, expanding on our existing okta support to make user and group management even more seamless scim enables automated user provisioning, deprovisioning, and group management between identity providers and turbine, reducing administrative overhead and ensuring consistent access control for more information, see jumpcloud scim integration docid\ sjvsy89msbvqma91aid5k and ping identity scim integration https //docs swimlane com/provisioning with scim integration addressed issues playbooks component save failure caused by long auto generated titles fixed an issue where components added to playbooks could not be saved due to automatically generated titles exceeding length limits the title generation logic has been updated to ensure titles remain within acceptable limits, allowing components to be successfully added to playbooks without requiring manual title editing condition builder display issue fixed an issue where the condition builder failed to display condition data stored in playbook yaml when opening the condition builder for playbooks with existing conditions, the interface would appear empty even though conditions were present in the yaml condition data is now correctly parsed and displayed, allowing users to view and edit existing conditions condition branch actions preserved fixed an issue where adding a condition action to the true branch of an existing condition removed downstream child actions branch actions now remain intact when inserting new conditions missing apply prompt fixed an issue where the send notification action didn't always prompt users to apply changes when modifying notification recipients when changing the notification recipients value from one playbook property to another, the action ui didn't consistently prompt users to apply the changes, potentially leading to unsaved modifications the action ui now consistently prompts users to apply changes as expected optimizations in playbook runs api fixed an issue with the playbook runs api where, by default, it was sending all playbook ids instead of an empty list when no ids were specified this caused slower responses and performance issues when retrieving playbook runs now, the api correctly sends an empty array by default, so you can filter runs properly and enjoy faster, more efficient api performance component run failure after marking output as required fixed an issue where components failed to run after marking any output as required when users marked component outputs as required, the component would fail to execute even when all required outputs were properly configured components now run correctly with required outputs configured, allowing users to enforce output requirements without breaking component execution content migration (ssp import/export) ssp export failure due to missing application references (,) fixed an issue where exporting applications containing orchestration tasks with non existent application references caused export failures when an application contained orchestration tasks that referenced applications that had been deleted, the export process would fail with an error the export process now handles missing application references gracefully, allowing exports to complete successfully while logging warnings about orphaned references improved error reporting for chunked ssp imports in solutions enhanced the ssp import process for applications such as case and incident management to provide clearer error messages when importing chunked ssps previously, importing smaller ssp chunks into a clean tenant could fail due to interface definition conflicts such as cannot update intent for interface 'simple observable to observable' because item already exists now, any intent or playbook errors are shown clearly in the error section during import, along with instructions for actions to resolve them this ensures users can identify and fix issues quickly, improving the reliability and transparency of chunked ssp imports content name validation on save/import added validation to prevent saving or importing content with names that already exist in the tenant but have different sharingids previously, users could save or import content with names that matched existing content but had different sharing identifiers, leading to confusion and potential conflicts the platform now blocks these operations with clear validation error messages, preventing duplicate content names playbook deletion failures during ssp imports fixed an issue where playbook deletion failures occurred during ssp or marketplace content import, causing import operations to fail the import process now handles playbook deletions more reliably, ensuring successful imports even when playbooks need to be removed as part of the import process improved playbook export error messages enhanced error messages for playbook export failures due to missing component references previously, when a playbook referenced a component that no longer existed, the export would fail with a generic error message that didn't identify which component was missing error messages now include the component name, helping users quickly identify and resolve the issue orchestration task persistence after ssp overwrite fixed an issue where orchestration tasks remained present and running when flows and triggers were overwritten via ssp import when importing an ssp that replaced existing playbook flows and triggers, the old orchestration tasks continued to run, potentially causing duplicate automation execution orchestration tasks are now properly cleaned up when their associated flows and triggers are replaced, ensuring only the intended automation runs transformation action reference cleanup fixed an issue where references in advanced transformation actions remained even after the referenced objects were deleted when users deleted playbook properties, assets, or other referenced objects, the references persisted in transformation actions, causing export failures the export/import process now validates and removes orphaned references during import/export operations, preventing export failures and maintaining data integrity dashboards and reports dashboard download data inconsistency fixed an issue where downloaded dashboards containing charts with date/time fields used different time zones than the preview when users downloaded dashboards as pdf or other formats, the charts displayed different data than what was shown in the preview, particularly for date/time fields downloaded dashboards now consistently match the preview data, ensuring users can trust exported dashboard information dashboard card title wrapping fixed an issue where dashboard card titles did not wrap or truncate correctly on small card sizes titles now display cleanly with proper wrapping or ellipses in compact cards relative date/time consistency across filters and formatting (,,,) when applying conditional formatting rules using relative date/time conditions (for example, "next 24 hours," "next 4 hours," or "previous x hours/minutes"), the highlighted records in reports did not always match the records returned by the equivalent filter criteria fixed few issues to address the issue and now relative date/time operators such as previous and next behave consistently across the platform, including dashboards, the condition builder, and conditional formatting in reports as a result, records highlighted through conditional formatting now accurately match those returned by the equivalent filter conditions and will be the same in dashboards as well conditional formatting rules for date time fields fixed an issue where conditional formatting rules applied to date time fields (such as highlighting records due within the next few hours or minutes) were not working as expected when setting rules to highlight records due within the next few hours or next 24 hours and minutes, the conditional formatting would not apply correctly conditional formatting now correctly evaluates date time conditions, allowing users to effectively highlight records based on time based criteria bulk edit with multi grouping filters fixed an issue where select all bulk edit failed for reports using top level any/or grouping with text equals conditions bulk edit now works correctly across multi group filters scheduled reports logging added additional logging for scheduled reports sent through systems such as hangfire jobs previously, scheduled reports were not logged separately, making it hard to track deliveries or troubleshoot problems now, each scheduled report is logged individually, giving you better visibility and making it easier to identify and fix issues report auto refresh displays new records fixed an issue where auto refresh did not display newly created records even though the search api returned success new records now appear automatically when auto refresh triggers, without requiring a manual refresh or page reload applications applet creation validation fixed an issue where applets with playbook buttons could be created from application sections that don't match applet restrictions when creating an applet from an application section, the system did not validate that the section matched the restrictions required for applets applet creation now properly validates section compatibility, preventing invalid applet configurations app builder failure icon display fixed an issue where the ui showed a failure icon after successfully saving an application when changes were made to a hidden field when users modified hidden fields and saved successfully, the ui would incorrectly display a failure icon, causing confusion about whether the save operation succeeded the ui now correctly reflects the save status, showing success indicators when applications are saved successfully workflow search focus jump fixed an issue where typing in the workflow search box moved focus into the first matched action name, causing unintended edits the search field now keeps focus while you type user management session expiration warning fixed an issue where session expiration warnings were not shown on some screens (such as the playbook builder) users now receive the warning consistently across the app and can extend their sessions before they expire admin session timeout popup loop fixed an issue where session timeouts with unsaved changes in the admin panel triggered repeated save/leave popups and continuous 401 errors users are now redirected cleanly after timeout without repeated prompts role page workspace display issue fixed an issue where the role page did not display all workspaces when more than 9 elements were present in the workspaces table when a role had access to more than 9 workspaces, the table did not display a scrollbar, making it impossible to see or manage all available workspaces a scrollbar is now properly added, allowing users to view all available workspaces tenant switching loading bar delay fixed an issue where there was a noticeable delay before the loading bar appeared when switching tenants when users switched between tenants, there was a delay before any loading indicator appeared, making it unclear whether the system was processing the request or had frozen the loading indicator now appears immediately when tenant switching begins breadcrumb tenant selection accuracy fixed an issue where breadcrumbs could report the wrong tenant if there was an error while switching pages or if a user pressed the back button breadcrumbs were persistent and would not update when errors occurred during page navigation, potentially showing incorrect tenant information breadcrumbs now accurately reflect the current tenant context records upsert numeric key field recognition fixed an issue where numeric key fields were not always recognized as numeric inputs in upsert actions when using upsert actions with numeric key fields, the system would sometimes treat the values as strings instead of numbers, causing matching and update operations to fail numeric fields are now consistently recognized and handled correctly rich text field url conversion fixed an issue where tinymce converted urls in the same domain to relative paths in rich text and comment fields when users entered absolute urls, tinymce would automatically convert urls from the same domain to relative paths, which could break links when content was shared or exported urls now maintain their absolute paths as expected comment links open in new window fixed an issue where links in comments configured to open in a new window did not preserve their target/rel attributes and opened in the same tab workflow execution failure when switching record pages fixed an issue where workflows failed to execute when switching between record pages workflows only executed during initial component initialization, so when users navigated between different record pages, workflows did not run even though the record or workflow inputs had changed workflows now execute correctly when record or workflow inputs change, ensuring automation runs as expected across all record navigation scenarios non admin list field clearing with calculations fixed an issue where non admin users could not clear all values from a list field when calculated fields were present on the record list field values now persist correctly after save security username enumeration via forgot password fixed a security issue where the forgot password functionality could be used to enumerate usernames the forgot password endpoint returned different responses depending on whether a username existed in the system, allowing attackers to determine valid usernames by testing different values the endpoint now provides consistent responses and more streamlined messaging for login scenarios, preventing username enumeration attacks api token exposure in url path fixed a security issue where the tenant api endpoint for validating personal access tokens (pats) exposed the token secret in the url path the api endpoint used get requests with the token in the url path, exposing sensitive token information in browser history, server logs, and network monitoring tools token validation now uses more secure methods that don't expose secrets in urls connectors ldap connector connection failure fixed an issue where ldap connector v2 2 2 failed to connect to active directory due to missing crypto dependencies and unsupported md4 hash in python 3 11 when attempting to connect to active directory, the connector would fail due to missing cryptographic dependencies required for ldap authentication and the removal of md4 hash support in python 3 11 the connector now includes the necessary dependencies and supports the required hash algorithms, allowing successful connections to active directory connector action exec session errors improved handling of container connector exec session errors so actions retry gracefully instead of failing with "no such exec" system errors remote agents remote agent health check failure fixed an issue where failure to write liveness/health timestamps did not contribute to the remote agent's health status the remote agent's readiness/liveness probe relied on heartbeat timestamps written to a file, but when file write operations failed due to read/write access errors, the health check would still report the agent as healthy the agent's readiness/liveness probe now correctly reflects health status, and file access errors are properly handled and reported feature flags we fixed an issue where the canvas feature flag (name solutionbuilder) wasn't working correctly for some users previously, if the feature flag was enabled at the tenant level but disabled at the account level, users could unexpectedly lose access to canvas navigation items now, the feature flag checks both tenant and account settings correctly, ensuring users see the right access consistently known issues issue 1 jumpcloud user re add missing group association when a user is removed from a group and then re added to the same group in jumpcloud idp, the user is re created in turbine but the group association is not restored issue 2 jumpcloud user reactivation missing group associations when a user is suspended and later reactivated in jumpcloud idp, the user's group associations are not reflected in turbine issue 3 component save button enabled with no changes after creating a component, the save button may appear enabled even when no actions are added to the canvas this can make the component appear modified even though no changes were made functionality is not blocked, and saving without changes does not alter the component issue 4 record actions lose application linking after import when importing playbooks or components, record actions (create/update/upsert/search) can lose their application linking, requiring users to reconfigure the record actions after the import workaround include and publish the referenced application along with the playbook or component when exporting/importing this preserves the application links in record actions