ProjectDiscovery has shipped Nuclei v3.4, the latest major update to its widely-used open-source vulnerability and misconfiguration scanner. The release brings the total template library to over 9,200 detection signatures and introduces several capabilities that extend Nuclei's reach into cloud-native and AI system security testing.
What's New in v3.4
2,400 New Community Templates: The community contributed a record number of templates in the v3.4 cycle, including coverage for recently disclosed CVEs, new vendor-specific misconfigurations, and cloud security checks for AWS, Azure, and GCP.
Cloud Asset Discovery Engine: A new cloud mode enables Nuclei to enumerate and test cloud assets—S3 buckets, Azure Blob storage, GCP storage buckets, Lambda function URLs, and API Gateway endpoints—directly from a target domain or organization name.
AI/LLM Security Templates: v3.4 ships with 47 templates targeting common security misconfigurations in AI and LLM applications, including exposed OpenAI and Anthropic API keys, LangChain debug endpoints left enabled in production, prompt injection vectors in chatbot implementations, and unprotected model inference endpoints.
Performance Improvements: Connection pooling improvements reduce scan time by an average of 31% on large target sets.
Headless Browser Integration: Enhanced integration with Chrome headless enables Nuclei to test JavaScript-heavy single-page applications, with templates that execute in a full browser context.
Getting Started
To update: run 'nuclei -update' followed by 'nuclei -update-templates'. For cloud discovery mode use 'nuclei -cloud -target example.com'. The full changelog and documentation are available on ProjectDiscovery's website.
Community and Ecosystem
Nuclei has over 500,000 downloads per month and adoption by both offensive security teams and enterprise security operations centers. The template marketplace at cloud.projectdiscovery.io now offers premium commercial templates for additional coverage beyond the open-source library.