Releasebot
Create account

Notion Release Notes

Follow

Last updated: Mar 6, 2026

Get this feed: RSS Email API

Notion Products

All Notion Release Notes (82)

  • Mar 5, 2026
    • Date parsed from source:
      Mar 5, 2026
    • First seen by Releasebot:
      Mar 6, 2026
    Notion logo

    Notion

    v7.7.0

    Bug fixes delivered a refreshed, smoother user experience.

    Crushed bugs, freshened experience.

    Original source Report a problem
  • Mar 4, 2026
    • Date parsed from source:
      Mar 4, 2026
    • First seen by Releasebot:
      Mar 5, 2026
    Notion logo

    Notion

    New Sidebar Feature Launch

    We’ve been quietly building a new sidebar — and it’s now opt-in for everyone!

    It’s a smoother way to move through your workspace: content, threads, notifications, all of it. You’ll have to see for yourself.

    Flip it on, give it a day or two, then tell us what you think as we continue to improve it.

    Original source Report a problem

  • All of your release notes in one feed

    Join Releasebot and get updates from Notion and hundreds of other software products.

    Create account
  • Mar 4, 2026
    • Date parsed from source:
      Mar 4, 2026
    • First seen by Releasebot:
      Mar 5, 2026
    Notion logo

    Notion

    This is Scruff. Our security team's Custom Agent.

    This is Scruff. Our security team's Custom Agent.
    It pulls context from across Slack, CrowdStrike, Wiz, and Scanner to help investigate alerts…so nobody’s hopping between five tabs at 2AM.

    Here's how 👇

    Original source Report a problem
  • Mar 4, 2026
    • Date parsed from source:
      Mar 4, 2026
    • First seen by Releasebot:
      Mar 5, 2026
    Notion logo

    Notion

    Custom Agent Model Comparison Update

    Not every task needs the same model. A quick summary doesn't need the same horsepower as a deep research question — and it shouldn't cost the same either. Now, you can now easily compare models for your Custom Agent on speed, intelligence, and cost 🫡

    Original source Report a problem
  • March 2026
    • No date parsed from source.
    • First seen by Releasebot:
      Mar 3, 2026
    Notion logo

    Notion

    Introducing Custom Agents: They keep your work moving 24/7.

    Notion unveils Custom Agents that act as your 24/7 AI team inside Notion. They automate tasks, answer questions, route work, and generate status updates across tools like Slack, Mail, and Calendar with enterprise controls. Data stays private and changes are reversible.

    Notion Agents

    Notion Agents Your 24/7 AI team.
    You assign the tasks. Your Agents do the work.
    Try for free
    Request a demo
    Trusted by those at

    Beta

    Beta Custom Agents automate recurring work for your entire team.
    Answers, tasks, updates 1automated and running while you sleep. Set them up once, and the workflows run themselves.

    • Q&A agents Instant answers to repeat questions
      Answers questions using knowledge in Notion and connected tools.
    • Task routing agents Route incoming work automatically
      Captures incoming tasks to triage and route them to the right team.
    • Status update agents Get reports on your schedule
      Gathers and summarizes the latest updates to write recurring reports.

    Create your own

    Describe what you want in plain language, and Notion AI builds your agent for you.
    One word to describe Custom agents: crazy...crazy good.
    Yash Tekriwal
    Head of Education, Clay

    Anything you can do in Notion, your Notion Agent can do for you.
    Ask Notion Agent to show you what it can do

    Hours of work, done in minutes
    Personalized and private to you
    Learns your style, follows your instructions, and matches your vibe.
    Our team is starting to move 100% away from managing work themselves in a Notion database and moving to only chatting with Notion Agents.
    Brandon Gell
    COO, Every

    Works where your team already works

    Notion Agents use your existing docs and databases as context. They run inside Notion and connect across Slack, Mail, Calendar, and more! No rebuilding knowledge, no switching apps.

    Custom Agents

    Each Custom Agent gets its own permissions, just like a teammate. You decide what it can read and write across Notion, Slack, Mail, Calendar, and MCP integrations.

    Notion Agent

    Inherits your permissions, so it can see what you see. It can search across your workspace and connected tools to take action in Notion.

    Built for enterprise confidence

    Notion Agents are built to be safe and transparent by design. Every agent run is logged, and all changes are reversible.

    Admin controls and analytics

    Workspace admins can monitor Custom Agent usage and Notion credit consumption. Every agent run is logged with full audit trails showing what triggered it, what it did, and why.

    Configurable permissions

    Notion Agent inherits your permissions. Custom Agents offer page-level access control.

    Reversible changes

    Built on Notion's collaboration layer. Undo any change with version history.

    Your data stays private

    Notion doesn't train AI models on your content. Enterprise customers get zero data retention.

    Enterprise security with full control

    Built to compliance standards
    Secure development practices validated by SOC 2 and ISO certifications, including threat modeling, security reviews, and continuous testing.

    Prompt injection protection

    Enhanced detection of hidden commands in uploaded files, flags suspicious links for user approval, and gives admins control over external content.
    Learn more

    Granular access control

    Creators configure exactly what each Custom Agent can see and do 1page by page, app by app.

    Enterprise admin controls for agent creation

    Workspace admins manage who can create Custom Agents and connect to external tools like MCP servers.

    Questions & answers

    What are Custom Agents?
    What's the difference between Custom Agents and Notion Agent?
    Who can create Custom Agents?
    What tools and integrations are compatible with Custom Agents?
    What can admins control with Custom Agents?
    Is my data secure with Custom Agents?
    How much do Custom Agents cost?
    How do Notion credits work?

    Original source Report a problem
  • Mar 2, 2026
    • Date parsed from source:
      Mar 2, 2026
    • First seen by Releasebot:
      Mar 3, 2026
    Notion logo

    Notion Developers by Notion

    March 2, 2026

    Release notes

    • The GET /v1/pages/:page_id/markdown endpoint is now available to internal integrations (workspace-level bots), in addition to public integrations.
    • Released v5.11.1 of our TS/JS SDK. UnsupportedBlockObjectResponse now includes a block_type string field indicating the underlying block type.
    Original source Report a problem
  • Feb 28, 2026
    • Date parsed from source:
      Feb 28, 2026
    • First seen by Releasebot:
      Mar 5, 2026
    Notion logo

    Notion

    👀 Oh look. Image generation, right inside Notion.

    Image generation in Notion

    👀 Oh look. Image generation, right inside Notion.

    You can now generate cover images, realistic photos, styled charts, diagrams, mockups, and slide visuals — all without leaving your doc.
    Just /ai or ask Notion AI in chat.

    Original source Report a problem
  • Feb 27, 2026
    • Date parsed from source:
      Feb 27, 2026
    • First seen by Releasebot:
      Feb 28, 2026
    Notion logo

    Notion

    How we built security into Custom Agents

    Notion debuts Custom Agents with a security‑first, least‑permissive model for collaborative AI work. The release highlights granular permissions, runtime safeguards, and first‑party integrations to balance power and safety, with beta plans to expand approvals.

    New

    Published February 27, 2026 in Tech
    By Sean Keenan

    3 min read

    A critical component of our Custom Agents’s launch was making sure this new kind of AI workflow as secure as possible for our customers.
    Most AI agents today are built for a single user with a relatively simple set of permissions that map to that user. However, agents in a collaborative environment have a different set of needs. Having permission to everything is dangerous, and having permission to nothing is rarely useful.
    With our Custom Agents, we've been meticulous in trying to balance both: Have enough access in collaborative environments to be just the right amount of helpful (e.g. assigning a task), but by default, employ strict constraints that ensure the agent can't take dangerous actions (e.g. deleting all content). Over the years, we’ve built sophisticated permissioning and governance controls for our customers to manage these workspaces, and we've leveraged those same structures to give our users fine-grained controls of their agents so that they can be as secure as possible in their workspaces.

    Control by default

    Custom Agents use a build-from-nothing security model where agents start without access to most resources, meaning no permissions to read, write, or interact with anything.
    This approach is a deliberate contrast to many personal AI assistants, which often start with broad access and require users to ensure that safety instructions don’t get compressed out. We don't want to leave safety to the model's decision-making. Instead, we wanted safety baked into the access control and deterministic layer.
    In this way, we’ve been able to give users granular controls to make the right security decisions for their use cases while enabling advanced users to build incredibly capable autonomous agents.

    Resource-Level Permissions

    Being least permissive by default is a great, but it's important that users can easily build up and understand the permissions they need for their application.
    Here are a few notable ones:

    • Page-level granularity for permissions: Users can grant view or edit access to specific pages, not just broad workspace access
    • First party Slack Integration: Offering a first party integration for Slack allows us to bring easy to configure granular permissions in a way MCP doesn't
    • Email: You can choose if you want to confirm before sending emails out
    • MCP integrations: When using an MCP integration, it's not resource-based, but you can specify the tools you want to be made available, and if you want to ask or always allow certain types of actions

    Security Safeguards and Warnings

    We also had to think about unexpected behavior during runtime when the agent is actually doing work. Here, we took a multi-layer security approach, meaning permission controls plus runtime prompt injection mitigations.
    Prompt injection protection: Prompt injection is one of the biggest and most well-known challenges for AI agents. While it remains an unsolved problem, we don’t design our system assuming that all prompt injections will get caught (though we catch many of them). Instead, we designed it such that we have layered controls to block the impact of prompt injection while paying special attention to tagging and monitoring external data to identify potential attacks. In the event that something looks suspicious or the agent performs actions that indicate a potential attack, we can stop the agent and ask a user for confirmation.
    Warning system: When the agent is about to do something potentially risky, it pauses and asks the user first. How this happens depends on if the user is configuring the agent or running the agent. When configuring an agent that might do something risky, we give users a set of pop-ups that can range from a simple confirmation to needing to get workspace admin approvals. When the agent does something risky during runtime, we force it to confirm that action with an owner of the custom agent. This work mirrors our multi-pronged approach to permissions and security broadly across our platform.
    Remediation (i.e. a delete button): If an agent does mess up, like if it posts something incorrect to Slack, the agent owner can delete those message. This sounds simple but it’s important to give users a way to undo damage if it happens, not just prevent it.

    How we evolved our permission model

    To get to this model, we ran an extensive alpha-testing program, both internally across Notion and externally with customers. We specifically wanted to stress-test how security worked in practice at increasing scale. By the end of our alpha testing period, Notion internally had more than 3,000 Custom Agents and our alpha customers had created more than 25,000.
    We learned some lessons very quickly. For example, early internal versions of Custom Agents encouraged users to be too permissive without understanding the potential consequences. Users ended up giving agents broad write access to Slack, and on several occasions, those agents even posted to #general (the agent knows every Slack workspace has #general!), the company-wide channel with hundreds of people in it. Clearly, this was not the users’ intent! This is what led us to introduce a new custom “read and reply” permission for Slack that allows agents to reply on to threads they were triggered in explicitly. We view it as our job to introduce permissions like this that allow users to safely get their work done, instead of forcing users to "allow everything".
    This also led us to the deliberate decision to build some first-party integrations, rather than relying solely on MCPs. As already discussed, because most MCPs today are designed more for single-player use cases, they generally don’t natively handle resource-based permissions or triggers. Building first-party integrations gave us the control to enforce our permission model without extra work for our customers.
    One thing we're especially proud of: through this process, our own security team has become one of the most active internal users of Custom Agents. For example, they built an agent called "Scruff bot" to triage and enrich security alerts, and they're using agents for AppSec automation, generating code fixes and running adversarial tests. It’s been a true collaboration between our AI product team and our security team.

    What’s Next

    Launch was just the beginning, and we’re investing heavily in better safety and security safeguards as our products and the entire field moves forward quickly. Our Custom Agents beta period over the next couple of months will also help us to continue to improve alongside our customers.
    In the coming weeks and months, we expect to tackle:

    • Reintroducing broader permission scopes which require workspace admin approval for advanced use cases
    • Extend granular permission capabilities to external integrations built on the Workers platform
    • Consider additional permission modes for different use cases once more guardrails are in place

    We’re still in the early phases of building out this technology, and we welcome feedback from the community on how to improve.

    Original source Report a problem
  • Feb 26, 2026
    • Date parsed from source:
      Feb 26, 2026
    • First seen by Releasebot:
      Feb 27, 2026
    • Modified by Releasebot:
      Feb 28, 2026
    Notion logo

    Notion Developers by Notion

    February 26, 2026

    Shipped v5.10.0 and v5.11.0 of our JavaScript/TypeScript SDK with a new Markdown Content API for pages, plus AI meeting notes and transcript support. Notion MCP tooling gains include block comments, transcripts, improved queries, and admin safeguards; reconnect for the latest tools.

    Markdown Content API

    Three new endpoints let you create, read, and update page content using enhanced markdown instead of the block-based API:

    • POST /v1/pages now accepts a markdown parameter as an alternative to children.
    • GET /v1/pages/:page_id/markdown retrieves a page’s full content as enhanced markdown.
    • PATCH /v1/pages/:page_id/markdown inserts or replaces content using enhanced markdown with ellipsis-based selections.

    See Working with markdown content and the Enhanced markdown format reference for details.

    AI meeting notes

    • The GET /v1/pages/:page_id/markdown endpoint supports an include_transcript query parameter to include full meeting note transcripts in the response.
    • Added support for the transcription block type, enabling integrations to read AI meeting notes metadata — including title, status, calendar event details, and pointers to summary, notes, and transcript content blocks.

    SDK improvements

    • Automatic retry with exponential backoff — the SDK now retries failed requests automatically with configurable backoff (v5.10.0).
    • Markdown endpoint methods — pages.retrieveMarkdown() and pages.updateMarkdown() (v5.11.0).

    Notion MCP improvements

    Highlighting recent changes to Notion MCP:

    • Create and fetch comments on blocks, not just pages.
    • View Notion Sites pages via the fetch tool.
    • Fetch AI meeting transcripts and query meeting notes efficiently with the new notion-query-meeting-notes tool.
    • Fetch an individual data source by ID or URL within a database.
    • ~91% context token reduction in notion-create-database and notion-update-data-source tools by switching to SQL DDL-based schemas.
    • Added update_verification command to the notion-update-page tool.
    • Flattened notion-update-page tool parameters and fixed schema issues for improved compatibility with MCP clients.
    • Enterprise governance: audit logging for MCP tool usage and admin tool allowlisting.

    We recommend reconnecting Notion MCP in your third-party AI tools to ensure you have the most up-to-date tools and resources, and as always, familiarizing yourself and your team with security best practices.

    Original source Report a problem
  • Feb 24, 2026
    • Date parsed from source:
      Feb 24, 2026
    • First seen by Releasebot:
      Feb 25, 2026
    Notion logo

    Notion

    v7.6.1

    A newer, lighter weight meeting notification pill. Lots of little performance improvement bits. You’ll feel them (we hope).

    Original source Report a problem

Related vendors