diff --git a/content/library/overview/release-notes/2026-q1.md b/content/library/overview/release-notes/2026-q1.md
index db0532f..ca866c2 100644
--- a/content/library/overview/release-notes/2026-q1.md
+++ b/content/library/overview/release-notes/2026-q1.md
@@ -2,10 +2,10 @@
 
 ## 2026 Q1
 
-- **New Content: Managing dependency threats** - Published a comprehensive guide for defending against supply chain attacks and managing dependency risks, covering layered defenses from lockfiles and dependency review to attestation verification and package confusion mitigation
-- **New Content: Expanding Enterprise Custom Agents context** - Published architecture guidance for extending GitHub Copilot custom agents with enterprise knowledge, including strategies for context enrichment, secure integration patterns, and scaling agent capabilities across the organization
-- **New Content: Implementing polyrepo engineering** - Published a design guide for coordinating engineering across multiple repositories, including manifest-driven integration, change set management, reusable workflow versioning, and release governance patterns
-- **Update: NIST SSDF implementation** - Expanded the NIST Secure Software Development Framework scenario with updated guidance on security configurations, repository rulesets, and practical implementation steps across all SSDF practice areas
-- **Update: Securing GitHub Actions workflows** - Enhanced the Actions security recommendation with detailed OIDC claims guidance, immutable subject identifiers, repository ruleset examples, and refined best practices for secure workflow patterns
-- **Update: Application Security design principles** - Added a security-by-design approach and developer workspace security considerations to the Application Security pillar's design principles
-- **Update: Anti-patterns** - Added guidance on avoiding PII detection with secret scanning custom patterns, highlighting why repurposing secret scanning for personally identifiable information creates compliance risk and alert fatigue
+- **New Content: [Managing dependency threats](/library/application-security/recommendations/managing-dependency-threats/)** - Published a comprehensive guide for defending against supply chain attacks and managing dependency risks, covering layered defenses from lockfiles and dependency review to attestation verification and package confusion mitigation
+- **New Content: [Expanding Enterprise Custom Agents context](/library/architecture/recommendations/expanding-enterprise-custom-agents-context/)** - Published architecture guidance for extending GitHub Copilot custom agents with enterprise knowledge, including strategies for context enrichment, secure integration patterns, and scaling agent capabilities across the organization
+- **New Content: [Implementing polyrepo engineering](/library/architecture/recommendations/implementing-polyrepo-engineering/)** - Published a design guide for coordinating engineering across multiple repositories, including manifest-driven integration, change set management, reusable workflow versioning, and release governance patterns
+- **Update: [NIST SSDF implementation](/library/scenarios/nist-ssdf-implementation/)** - Expanded the NIST Secure Software Development Framework scenario with updated guidance on security configurations, repository rulesets, and practical implementation steps across all SSDF practice areas
+- **Update: [Securing GitHub Actions workflows](/library/application-security/recommendations/actions-security/)** - Enhanced the Actions security recommendation with detailed OIDC claims guidance, immutable subject identifiers, repository ruleset examples, and refined best practices for secure workflow patterns
+- **Update: [Application Security design principles](/library/application-security/design-principles/)** - Added a security-by-design approach and developer workspace security considerations to the Application Security pillar's design principles
+- **Update: [Anti-patterns](/library/scenarios/anti-patterns/)** - Added guidance on avoiding PII detection with secret scanning custom patterns, highlighting why repurposing secret scanning for personally identifiable information creates compliance risk and alert fatigue