Elastic delivers embedded AI experiences for Observability and Security inside third-party AI tools

Elastic has announced MCP Apps for Elastic, delivering first-of-their-kind agent-native UI experiences for security and observability workflows across third-party coding tools and chat clients. The new MCP Apps enable teams to investigate threats, diagnose system behavior, and act on data directly within the AI tools they already use, without switching tools or stitching together separate systems.

Built on the Model Context Protocol (MCP) apps spec, the open standard co-authored by Anthropic and OpenAI, these apps allow AI assistants to return fully interactive user interfaces rendered directly within environments such as Claude, VS Code, GitHub Copilot, Goose, Postman, and MCPJam.

Most AI integrations today stop at conversational text. That works for simple queries, but breaks down for workflows that are inherently visual and interactive, including alert triage, investigation graphs, dashboards, and distributed traces. Elastic’s MCP Apps close that gap by supporting security and observability workflows in a live AI-native interface that users can explore, filter, and act on, allowing teams to manage threat detection or system diagnosis without leaving the conversation.

“The MCP App for Elastic Security bridges the gap between automated detection and manual hunting,” said Mandy Andress, CISO of Elastic. “By bringing our security data directly into a single interface within Claude Desktop, we surfaced 'silent' threats in under an hour, risks that didn't trigger standard alerts but required immediate action. It's a force multiplier for our analysts."

“Our customers are increasingly working inside AI-native environments," said Ken Exner, chief product officer at Elastic. “With our MCP Apps, Elastic meets them there by bringing security, observability, and search workflows into the AI tools that they are using so that teams can investigate threats and diagnose systems without switching tools. The answer is no longer a summary, it’s the workflow itself.”

While early MCP App adopters have focused on productivity tools like Amplitude, Asana, Figma, and Slack, the Elastic Security MCP App enables analysts to triage alerts, run ES|QL queries, investigate threats, and manage cases through interactive views rendered directly in the conversation. Workflows such as alert lists, process trees, and investigation graphs remain fully interactive, allowing analysts to move from question to action without tab switching or hand-offs.

The MCP App for Security provides core tasks for analysts, including:

·  Alert triage: severity grouping, AI verdicts, process trees, and one-click case creation

·  Attack discovery: correlated attack chains with MITRE ATT&CK mapping, risk scoring, and bulk case creation

·  Threat hunting: an ES|QL workbench with auto-executed queries, clickable entities, and an investigation graph

The Elastic Observability MCP App enables teams to explore distributed traces, inspect service dependencies, and diagnose system health through interactive views rendered directly in the conversation, helping engineers move from detection to root cause analysis without switching tools.