Elastic, the Search AI Company, today announced MCP Apps for Elastic, delivering first-of-their-kind agent-native UI experiences for security and observability workflows across third-party coding tools and chat clients. The new MCP Apps enable teams to investigate threats, diagnose system behavior, and act on data directly within the AI tools they already use, without switching tools or stitching together separate systems. Built on the Model Context Protocol (MCP) apps spec, the open standard co-authored by Anthropic and OpenAI, these apps allow AI assistants to return fully interactive user interfaces rendered directly within environments such as Claude, VS Code, GitHub Copilot, Goose, Postman, and MCPJam.
Elastic launches MCP Apps for security, observability, and search workflows inside third-party AI tools including Claude, VS Code, GitHub Copilot, Goose, Postman, and MCPJam.
Built on MCP apps spec co-authored by Anthropic and OpenAI for fully interactive UIs rendered within AI assistants.
Security MCP App provides alert triage, attack discovery with MITRE ATT&CK mapping, and threat hunting with ES|QL workbench.
Observability MCP App provides Kubernetes & APM incident investigation, anomaly detection, dependency mapping, and live monitoring.
Search MCP App enables dashboard creation from natural language and interactive data exploration.
MCP Apps are available now in public preview.
"The MCP App for Elastic Security bridges the gap between automated detection and manual hunting," said Mandy Andress, CISO of Elastic. "By bringing our security data directly into a single interface within Claude Desktop, we surfaced 'silent' threats in under an hour, risks that didn't trigger standard alerts but required immediate action. It's a force multiplier for our analysts."
"Our customers are increasingly working inside AI-native environments," said Ken Exner, chief product officer at Elastic. "With our MCP Apps, Elastic meets them there by bringing security, observability, and search workflows into the AI tools that they are using so that teams can investigate threats and diagnose systems without switching tools. The answer is no longer a summary, it's the workflow itself."
Most AI integrations today stop at conversational text. That works for simple queries, but breaks down for workflows that are inherently visual and interactive, including alert triage, investigation graphs, dashboards, and distributed traces. Elastic's MCP Apps close that gap by supporting security and observability workflows in a live AI-native interface that users can explore, filter, and act on. The MCP App for Security provides core tasks for analysts, including:
Alert triage: severity grouping, AI verdicts, process trees, and one-click case creation
Attack discovery: correlated attack chains with MITRE ATT&CK mapping, risk scoring, and bulk case creation
Threat hunting: an ES|QL workbench with auto-executed queries, clickable entities, and an investigation graph
The Elastic Observability MCP App enables teams to explore distributed traces, inspect service dependencies, and diagnose system health through interactive views rendered directly in the conversation, helping engineers move from detection to root cause analysis without switching tools. The MCP App for Observability provides end-to-end Kubernetes & APM incident investigation, including:
Cluster & service health rollup: overall health badges, degraded services with reasons, top pod memory consumers, ML anomaly severity breakdown, and service throughput in a single adaptive inline view
Anomaly detection & dependency mapping: ML-powered anomaly explanations with actual vs. typical values and time-series context, plus interactive service topology graphs with per-edge call volume and latency, and node failure blast radius diagrams
Live monitoring & alerting: ES|QL-backed observe mode for one-shot metric queries, live threshold watching, and ML anomaly triggers, alongside persistent Kibana alert rule creation and management
Elastic also provides MCP Apps for search and data exploration. The Search MCP App enables users to explore data and build dashboards through natural language, with results rendered as interactive visualizations that can be edited and exported. The MCP App for Search includes:
Dashboard creation: build dashboards from natural language with panels automatically generated from your data
Data exploration: query and analyze data using ES|QL with results rendered inline
Interactive editing: refine, rearrange, and export dashboards directly from the conversation
Elastic MCP Apps for Security, Observability, and Search are available now in public preview, with support across platforms including Claude, Claude Desktop, VS Code, GitHub Copilot, Goose, Postman, and MCPJam.
About Elastic
Elastic enables organizations to search, analyze, and act on all types of data in real time. Its solutions for search, observability, and security are built on the Elastic Search AI Platform, helping teams solve problems faster and operate more efficiently at scale.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.