Carpathian Logo
Release notes

Release Notes 2026.5.0

May 26, 2026
10 min read

Version 2025.5 is here. Region-aware dashboard, AI chat with history and markdown, browser RDP/VNC consoles, real in-VM disk usage, tighter security.

We shipped a lot of updates over the past couple months. Build 445 is the official flip to version 2025.5. You can still find all historical builds on the support page. If you spot anything broken or acting weird after one of these changes, drop us a note from Support and we'll dig in.

AI Chat

We've been pouring a lot into chat. Most of these are quality-of-life things you'll notice in your day-to-day.

  • Chat responses render markdown now. Code blocks look like code blocks, lists look like lists, headings look like headings. No more wading through raw asterisks.
  • A context indicator sits next to the input. Click it to see exact token counts for the conversation and to compact the thread in one go.
  • /compact actually summarizes the conversation now. When it runs, you get a quick report on how many tokens it freed up, so you know what the compaction actually bought you.
  • Conversations stick around. Start a new one, jump back into an old one, or delete the ones you don't need from a dropdown in the chat header.
  • Pick which model is driving the chat from a header dropdown. Any model that's active for your region shows up there.
  • A context ring sits next to the input and shows how full the conversation's context window is. Click it to compact the thread, which replaces the old history with a summary so you can keep going.
  • Type / to pull up a command palette. Built-ins right now are /compact, /new, and /clear. More to come.

AI Assistants

The Assistants surface picked up a lot of structure this cycle.

  • Each assistant has its own History tab. Past conversations are listed for that assistant only, and you can download a clean transcript of any of them.
  • The Knowledge tab shows live indexing progress on uploaded documents and takes drag-and-drop uploads. You no longer have to refresh the page to see whether your file finished processing.
  • Curated assistants from your org or the platform hide their system prompt, settings, and knowledge details from anyone who isn't the owner. Useful when an admin wants to share an assistant without leaking the prompt engineering behind it.
  • Two new per-assistant toggles: turn off prior-turn memory if you want clean standalone Q and A, or cap the response length. Both stick to the assistant you set them on.
  • The model selector now shows the tier each model belongs to with a color cue, and a link to AI plans when a higher tier isn't accessible from your current plan.
  • The assistants sidebar collapses to a slim rail on desktop and remembers your choice. Mobile still opens the full drawer.

Account & Security

A few stricter session rules, and a couple of bug fixes that bit early adopters.

  • Changing or resetting your password signs you out of every active session, including the browser you used to make the change. You'll log back in with the new password. This applies to in-app password changes and email-link resets.
  • Password reset is patched. There was a window where the email never sent. If a recent reset email never arrived, please try the reset again.
  • Signup no longer bounces you back to step one. If you got bounced and never finished, sign in with the credentials you created and you'll resume from where you left off.
  • Remember this browser: after a 2FA challenge, you can opt to skip 2FA on this browser for 7 days. We revoke that automatically if your IP changes, your browser fingerprint changes, you change your password, or you change your 2FA settings.
  • Settings > Security now shows Remembered Devices and Active Sessions in two clean lists, with time, location, and IP per row. You can revoke any individual entry, or sign out every session except the current one in one click.
  • The 2FA login modal doesn't close anymore when you click outside it. Used to be way too easy to accidentally dismiss it mid-code-entry.
  • Platform-wide ID obfuscation improvements across dashboard URLs.
  • Stricter permission enforcement on AI proxy key management.
  • Added abuse protection to console session handlers.
  • Routine hardening from ongoing security review.

Team & Organizations

  • Inviting someone who already has a Carpathian account works now. They get added to your org directly and keep their existing login. No more "email cannot be used" wall.
  • Re-adding a team member you previously removed just works. We reactivate their old membership in place instead of making you (or us) clean anything up.

Dashboard

Bigger structural change here than it looks. Most pages got region awareness this cycle.

  • A new top nav carries an organization switcher and a region switcher. Selecting a region filters every dashboard page to that region's assets and routes every action to that region's backend. Your selection persists across sessions.
  • Most dashboard surfaces are now region-aware: deployments, networking, firewall, API keys, AI instances, AI proxy, AI usage, and AI chat. They scope to whichever region you've picked in the top nav.
  • AI models can be enabled per region. The AI Admin page carries a region matrix per model, so a region only serves a model where an admin has explicitly opted in.
  • New build versioning system with per-build changelogs. The platform now ships in numbered builds and you see what changed.
  • A changelog modal pops on the dashboard when new builds are available. The Platform Updates section on the Support page carries the full history.
  • Fixed the changelog modal compressing its scroll area on small viewports for long entries.

Firewall

  • The Allow button on Firewall > Activity now opens the full allow-rule editor so you can pick which scopes the rule covers (SSH Gateway, Deployments and API, AI Proxy). The old shortcut only allowed SSH, which often left other paths still blocked.
  • An Activity tab shows recent connection attempts and blocked IPs with one-click Allow or Block actions on flagged addresses.
  • Firewall mode is validated on every request now. The dashboard can no longer say "Allow All" while the gateway is silently blocking, and we automatically corrected accounts that were stuck in this state.
  • Platform security lockdowns require staff review to release.

API Keys

A handful of guardrails so keys don't get created in a state that quietly does nothing.

  • The Create Key modal shows the firewall policy for the scope the key will use, right above the Create button. You get a warning if the firewall is set to Allow All, and a different warning if it's Allowlist Only with no rules yet. After the key is created, we remind you to double-check the addresses you actually plan to use are allowlisted.
  • The Allow IP button on the Activity tab opens the scope picker now, matching the top-right Allow IP button. Previously it silently granted one scope.
  • A deployment key whose server has no deployment configured shows a warning on the Keys page with a one-click link to set one up. No more idle keys sitting unnoticed.

Networking & Plans

  • The Routing tab shows deployment flows from your code repository through Carpathian to each server, side by side with the existing web and SSH routes. A segment turns red when something's missing (no deployment key, no deployment configured, no repository, deployments disabled, or the server is offline), with a one-click link to the page where you fix it.
  • Every organization now has an explicit base network plan record. New signups get one automatically, and existing organizations were backfilled during this release. Upgrading to a paid tier updates the existing record in place instead of creating a new one.
  • The base network plan is now actively enforced on every organization's VLAN. Throttling rules were never reaching the gateway before, which meant nobody on the platform was being rate-limited even when their plan said they should be.

Servers

  • Server disk usage now reflects what's actually in use inside the VM, not the allocated disk size. The number on your dashboard matches what df reports inside the server.
  • If a server's VM goes missing on its host, the server flips to an error status with a clear reason instead of looking healthy while its stats silently stall. You'll see exactly what's wrong and can take action.
  • Allocations released by deleted servers come back to your account automatically. The account owner gets a notification when cleanup runs, so you know your allowance is back.
  • The server actions menu stays reachable while a server is in a transitional state. Edit is disabled mid-transition, but Delete remains available, so a stuck row can be cleared without contacting support.

Remote Console

  • Browser-based remote console covers macOS VNC and Windows RDP alongside SSH. Protocol detection is automatic from the server's OS, so you don't pick the wrong one.
  • The session window picked up a small toolbar: a Low / Medium / High quality cycle for tuning bandwidth versus visual fidelity, a Refresh that clears stale frames without dropping the session, fullscreen, and Ctrl+Alt+Del. Sessions open in a 16:9 popup instead of a square.
  • Low-quality mode drops the visual candy and cuts bandwidth by roughly 60 to 80 percent. Usable on hotel Wi-Fi.
  • Idle SSH, RDP, and VNC sessions close automatically after 30 minutes of no activity. Active sessions, including long file streams and commands still printing output, keep running as expected. Only abandoned tabs get cleaned up.
  • The browser console is still early. Feedback is welcome through Support.

SSH Gateway & Console

  • Remote command execution works over the SSH gateway: ssh vm-<id>@ssh.carpathian.ai -p 2222 'command'.
  • Connections now require a direct server target (ssh vm-<server_id>@host -p 2222). No more interactive menu in the middle.
  • Session activity is monitored for anomaly detection on the gateway to protect your infrastructure.
  • Fixed connection drops causing the web terminal to reset and lose shell state. Session logging no longer blocks the connection, so it stops triggering disconnects on long-running commands.
  • The SSH Keys > Connections tab got a compact redesign with expandable details.
  • API key logs now capture SSH gateway denial reasons so you can tell why a key was rejected.

Veritate

  • Refreshed live stats page. Models trained, total installs, live runtime hours, and a live "online now" indicator are front and center, with an OS and architecture breakdown of the community.
  • Active research and recently shipped wins now sit side by side on the page, pulled straight from the project's experiments log.

Object Storage

  • Object Storage is on the way. We're testing it internally and you'll see it show up in your dashboard in the coming builds.

Open Source

  • The "Free Email Signature Generator" project on our Open Source page is now "Free Signature Co" with a new domain at freesignature.co.

Site & Policies

  • Every public page shows a proper title in the browser tab now. Easier to find Carpathian when you've got fifty tabs open.
  • A Policies link is in the site footer.
  • AUP updated: no using Carpathian as a proxy, VPN, or relay to access illegal content, and no accessing services from restricted or banned regions.
  • New sponsorship request form, sponsored roster, and quarterly-swag policy section on /get-outside. The form submits through the existing contact endpoint, so spam detection, CAPTCHA, and AI review all apply.

Platform Reliability

  • Expanded infrastructure monitoring tracks every platform service in real time. Faster detection means faster recovery when something starts to drift.
  • Emergency patch to backup schedule provisioning on peer regions.

UI Polish

  • Dropdown menus on Windows are readable again. No more white-on-white option text in the popup.
  • The organization and region switchers in the top navigation are clearer on desktop and easier to use on mobile.
  • The currently selected organization and region are highlighted in the switcher menu instead of dimmed.

About the Author

Samuel Malkasian

Samuel Malkasian

Founder | Carpathian AI

View Profile
Browse All Publications