Elastic Delivers First Embedded AI Experiences for Observability and Security Inside Third-Party AI Tools

Key Terms

model context protocol (mcp) technical

The Model Context Protocol (MCP) is a system that helps financial models understand and share information about market conditions and data. It’s like a common language that ensures different tools and models work together smoothly, making predictions and decisions more accurate and consistent.

mitre att&ck technical

A publicly maintained catalog of common hacker behaviors and techniques used against computer systems, organized like a playbook that maps how attacks typically unfold. Investors care because it helps companies test and explain their cyber defenses, prioritize security spending, and gauge operational risk—similar to an emergency drill revealing weak exits before a real crisis. Use of the framework can indicate more mature cybersecurity practices and clearer disclosure of cyber risk.

kubernetes technical

Kubernetes is an open-source system that automates running and managing many pieces of software across groups of computers, like a conductor coordinating musicians so each piece plays at the right time and place. For investors, it matters because companies that use it can deploy updates faster, scale services up or down automatically, and cut infrastructure costs — factors that influence growth, reliability and operating margins.

apm technical

An APM (Alternative Payment Model) is a healthcare payment approach that ties provider reimbursement to the quality, efficiency, or outcomes of care instead of traditional fee-for-service payments. For investors, APMs matter because they can change how medical providers and insurers earn money and manage costs—similar to switching from paying per item to paying for a bundled service—affecting revenue predictability, margins, and demand for related products or services.

anomaly detection technical

Anomaly detection is software that looks for patterns or datapoints that don’t fit expected behavior, like a smoke detector spotting an unusual signal in a room. For investors it flags unexpected events — sudden trading spikes, accounting irregularities, unusual customer behavior or operational problems — providing early warning of risk or opportunity so decisions can be made before small problems become big losses.

MCP Apps bring Elastic’s security and observability workflows into third-party AI tools, enabling teams to act on data directly where they work, with additional capabilities for search and data exploration

SAN FRANCISCO--(BUSINESS WIRE)-- Elastic (NYSE: ESTC), the Search AI Company, today announced MCP Apps for Elastic, delivering first-of-their-kind agent-native UI experiences for security and observability workflows across third-party coding tools and chat clients. The new MCP Apps enable teams to investigate threats, diagnose system behavior, and act on data directly within the AI tools they already use, without switching tools or stitching together separate systems.

Built on the Model Context Protocol (MCP) apps spec, the open standard co-authored by Anthropic and OpenAI, these apps allow AI assistants to return fully interactive user interfaces rendered directly within environments such as Claude, VS Code, GitHub Copilot, Goose, Postman, and MCPJam.

Most AI integrations today stop at conversational text. That works for simple queries, but breaks down for workflows that are inherently visual and interactive, including alert triage, investigation graphs, dashboards, and distributed traces. Elastic’s MCP Apps close that gap by supporting security and observability workflows in a live AI-native interface that users can explore, filter, and act on, allowing teams to manage threat detection or system diagnosis without leaving the conversation.

“The MCP App for Elastic Security bridges the gap between automated detection and manual hunting,” said Mandy Andress, CISO of Elastic. “By bringing our security data directly into a single interface within Claude Desktop, we surfaced 'silent' threats in under an hour, risks that didn't trigger standard alerts but required immediate action. It's a force multiplier for our analysts."

“Our customers are increasingly working inside AI-native environments,” said Ken Exner, chief product officer at Elastic. “With our MCP Apps, Elastic meets them there by bringing security, observability, and search workflows into the AI tools that they are using so that teams can investigate threats and diagnose systems without switching tools. The answer is no longer a summary, it’s the workflow itself.”

While early MCP App adopters have focused on productivity tools like Amplitude, Asana, Figma, and Slack, the Elastic Security MCP App enables analysts to triage alerts, run ES|QL queries, investigate threats, and manage cases through interactive views rendered directly in the conversation. Workflows such as alert lists, process trees, and investigation graphs remain fully interactive, allowing analysts to move from question to action without tab switching or hand-offs.

The MCP App for Security provides core tasks for analysts, including:

• Alert triage: severity grouping, AI verdicts, process trees, and one-click case creation
• Attack discovery: correlated attack chains with MITRE ATT&CK mapping, risk scoring, and bulk case creation
• Threat hunting: an ES|QL workbench with auto-executed queries, clickable entities, and an investigation graph

The Elastic Observability MCP App enables teams to explore distributed traces, inspect service dependencies, and diagnose system health through interactive views rendered directly in the conversation, helping engineers move from detection to root cause analysis without switching tools.

The MCP App for Observability provides, end-to-end Kubernetes & APM incident investigation, including:

• Cluster & service health rollup: overall health badges, degraded services with reasons, top pod memory consumers, ML anomaly severity breakdown, and service throughput — all oriented in a single adaptive inline view
• Anomaly detection & dependency mapping: ML-powered anomaly explanations with actual vs. typical values and time-series context, plus interactive service topology graphs with per-edge call volume and latency, and node failure blast radius diagrams showing full-outage versus degraded deployments with rescheduling feasibility
• Live monitoring & alerting: ES|QL-backed observe mode for one-shot metric queries, live threshold watching, and ML anomaly triggers, alongside persistent Kibana alert rule creation and management directly from the conversation

Elastic also provides MCP Apps for search and data exploration. The Search MCP App enables users to explore data and build dashboards through natural language, with results rendered as interactive visualizations that can be edited and exported.

The MCP App for Search, includes:

• Dashboard creation: build dashboards from natural language with panels automatically generated from your data
• Data exploration: query and analyze data using ES|QL with results rendered inline
• Interactive editing: refine, rearrange, and export dashboards directly from the conversation

Availability

Elastic MCP Apps for Security, Observability, and Search are available now in public preview, with support across platforms including Claude, Claude Desktop, VS Code, GitHub Copilot, Goose, Postman, and MCPJam.

To find out more read the blog: Elastic Security, Search, and Observability now run as an interactive UI in your AI tools

About Elastic

Elastic (NYSE: ESTC) enables organizations to search, analyze, and act on all types of data in real time. Its solutions for search, observability, and security are built on the Elastic Search AI Platform, helping teams solve problems faster and operate more efficiently at scale.

View source version on businesswire.com: https://www.businesswire.com/news/home/20260421761409/en/

Elastic PR
PR-team@elastic.co

Source: Elastic N.V.