Public roadmap

SQUR roadmap.

What we're shipping next. Updated monthly. Customer-facing only — internal infrastructure work isn't listed here.

See what already shipped →

Now · Q3 2026

Channel & Partnerships

  • MSSP pricing tier with white-label option
  • Tines integration (first partner)
  • vCISO ambassador program activation
  • NIS2 Article 21 Evidence Package (co-branded)
  • Lifecycle email automation (welcome / scan-complete / report-view / demo-confirm)

Next · Q4 2026

DACH expansion & deeper coverage

  • German-language site (5 cornerstone pages)
  • GraphQL + gRPC semantic-aware payload generation
  • Customer-supplied authentication flows (custom OAuth / SAML / SSO)
  • Continuous-scanning tier (scheduled re-runs)
  • First DORA Office Hours webinar series

Later · Q1 2027+

Mobile surfaces & integration breadth

  • Mobile app pentesting (iOS / Android)
  • Compliance-evidence export to Drata / Vanta / Secureframe
  • Multi-step business-logic chaining (research with KASTEL Labs)
  • OSS one-shot: squr-compliance-cli (LangSmith → EU AI Act audit)
  • Annual industry report: State of Autonomous Pentesting

What's NOT on the roadmap

We say no out loud, so you can plan around it.

  • No DORA TLPT — threat-led penetration testing under Articles 26-27 requires certified external testers + threat-intel providers. See TLPT. We refer to specialist firms.
  • No on-prem deploy. SQUR runs in EU-region cloud (GCP Brussels + Frankfurt). On-prem doesn't fit the autonomous-scale model.
  • No bespoke red-team engagements. See Red Team. Different category, different vendor.
  • No industrial-control / OT / hardware-adjacent stacks. Web + API surface coverage only.
  • No on-prem-only language support beyond English & German. French and Spanish if customer demand warrants — speak up.

Want a feature?

Tell us at hello@squr.ai or book a call. Customer requests reshape this roadmap every quarter.

Book a 30-min walkthrough