IT Brief India - Technology news for CIOs & IT decision-makers
India
Flux result c194e9e4 e021 4a65 b222 bdfb61cd8d94
#
Virtualisation
#
DevOps
#
Data Analytics

Elastic launches MCP apps for security & observability

Wed, 22nd Apr 2026 (Yesterday)
Author image
By Joseph Gabriel Lagonsin, News Editor

Elastic has launched MCP Apps for security, observability and search inside third-party AI tools. The products are in public preview across platforms including Claude, GitHub Copilot and VS Code.

The release moves key security and observability workflows into external AI interfaces, rather than keeping analysts in separate dashboards. The apps use the Model Context Protocol, an open standard co-authored by Anthropic and OpenAI, to render interactive user interfaces directly within chat clients and coding environments.

For security teams, the tools are designed to let analysts triage alerts, run ES|QL queries, investigate threats and manage cases from within an AI conversation. Interactive views such as alert lists, process trees and investigation graphs remain usable inside the AI interface, allowing staff to move from query to action without switching applications.

The launch comes as companies in Australia and elsewhere look for ways to handle growing volumes of security and operational data with limited specialist staff. Elastic says the approach is intended to reduce the burden on smaller security teams by bringing routine investigation and response work into a single interface.

Security workflows

The security app includes alert triage, attack discovery and threat hunting functions. These include severity grouping, AI verdicts, process trees and case creation, along with correlated attack chains with MITRE ATT&CK mapping, risk scoring and bulk case creation.

Threat hunting features include an ES|QL workbench with auto-executed queries, clickable entities and an investigation graph. Together, these tools are intended to support both automated and manual investigative tasks from the same conversational environment.

Mandy Andress, chief information security officer at Elastic, gave an internal example of how the product was used. "The MCP App for Elastic Security bridges the gap between automated detection and manual hunting," Andress said.

"By bringing our security data directly into a single interface within Claude Desktop, we surfaced 'silent' threats in under an hour, risks that didn't trigger standard alerts but required immediate action. It's a force multiplier for our analysts," she said.

Observability push

Elastic also introduced an observability app that brings distributed traces, service dependencies and system health information into the same kind of AI interface. It is designed to help engineering teams move from detection to root cause analysis without leaving the conversation.

The observability app includes Kubernetes and application performance monitoring investigation tools. Users can view cluster and service health roll-ups, degraded services, memory use, anomaly severity and service throughput in a single inline view.

Other functions include anomaly explanations with actual versus typical values, service topology graphs, node failure diagrams, one-shot metric queries, live threshold watching and alert rule management. These features are intended to give engineering and operations teams a way to inspect incidents and create alerts from inside AI tools they already use.

Search features

Alongside security and observability, Elastic has added a search and data exploration app. It lets users query data in natural language, build dashboards and edit visualisations within an AI conversation.

Dashboard panels can be generated automatically from existing data, while query results can be rendered inline and then refined, rearranged or exported. This extends the MCP app model beyond operations and security into broader analytics use cases.

Ken Exner, chief product officer at Elastic, said the launch reflects a change in how customers want to work with software tools. "Our customers are increasingly working inside AI-native environments," Exner said.

"With our MCP Apps, Elastic meets them there by bringing security, observability and search workflows into the AI tools they are using, so teams can investigate threats and diagnose systems without switching tools. The answer is no longer a summary, it's the workflow itself," he said.

Early adopters of MCP apps in the wider market have largely focused on productivity software such as collaboration and design tools. Elastic is positioning its move as an expansion of that model into more complex operational tasks, particularly those that rely on visual investigation and interactive data handling rather than text responses alone.

The apps are supported across Claude, Claude Desktop, VS Code, GitHub Copilot, Goose, Postman and MCPJam.

Related stories
MacPaw survey finds green concerns may drive file cleanups
Alteryx launches AI Insights Agent on Google Cloud
Thrive launches Abacode compliance services after deal
Thales launches Imperva for Google Cloud in controlled availability
Anthropic & OpenAI split on cyber AI release strategy

Top stories

VIPRE report says attackers shift to trusted services
Temenos report says five trends will reshape banking
Datadog launches GPU Monitoring to curb AI cloud costs
NetApp deepens Google Cloud tie-up with Gemini rollout
Tredence launches agentic AI suite with Google Cloud