π―Elastic Security has made it super easy for developers to set up security tools using AI. They also built a way to keep an eye on what these AI tools are doing to make sure everything stays safe.
What Happened
On March 16, 2026, Elastic announced a significant update to its Elastic Security platform. They've introduced open-source Agent Skills designed for AI coding agents, enabling users to create a fully populated Elastic Security environment directly from their integrated development environment (IDE). This development aims to streamline the setup process, making it easier for security teams to leverage Elastic Security without diving deep into documentation.
The new skills allow users to prompt their AI agent to create security projects, generate sample data, and manage alerts, all with simple commands. This means that even those unfamiliar with Elastic Security can quickly get started and explore its capabilities.
Who's Affected
This update is particularly beneficial for developers and security teams already using AI coding agents like Cursor, Claude Code, and GitHub Copilot. By integrating Elastic Security knowledge into these tools, teams can enhance their security posture without the usual setup hurdles. The skills cater to both new users and seasoned professionals looking to optimize their security workflows. Additionally, as AI coding assistants become standard tools in engineering workflows, security teams face new challenges regarding visibility into AI agent activities. Elastic's InfoSec team has developed a monitoring pipeline for Claude Code and Claude Cowork, leveraging OpenTelemetry (OTel) to ensure real-time observability of AI agent actions across the organization.
What Data Was Exposed
The new skills enable users to generate synthetic security events that comply with the Elastic Common Schema (ECS). This includes sample alerts for various attack scenarios, such as: These alerts are not random; they are mapped to MITRE ATT&CK techniques, providing users with a realistic experience of how threats manifest in a live environment. Furthermore, the telemetry data from AI agents includes critical information such as API requests, tool results, user prompts, and error messages, which can be used for security audits and incident response.
Windows ransomware chain
Credential access
AWS cloud privilege escalation
Okta identity attack
What You Should Do
To get started with Elastic Security using AI agents, follow these steps:
- Create a Security Project: Use your AI agent to prompt the creation of an Elastic Cloud Serverless Security project.
- Generate Sample Data: Populate your project with ECS-compliant security events to simulate a live environment.
- Manage Alerts: Utilize the AI agent for alert triage, detection rule management, and case management.
For those interested in exploring these new features, all skills are open-source and compatible with various AI coding agents. Visit the Elastic GitHub repository to check out the full catalog and get started today. Additionally, organizations should consider implementing monitoring solutions for their AI agents to maintain visibility and ensure compliance with security protocols.
With the rise of AI tools in security workflows, maintaining oversight of AI agent actions is critical. Elastic's integration of monitoring capabilities ensures that organizations can detect and respond to potential threats effectively.
