When critical context is scattered across proprietary logs, PDF incident reports, and legacy databases that don’t talk to each other, agents hallucinate, miss threats, or fail completely. [MIT study claims 95% of AI projects fail].For a security analyst, that’s not just unhelpful. It’s dangerous.
Today, Elastic (NYSE: ESTC), the Search AI Company, has launched Agent Builder (general availability) and Workflows (technical preview) to solve this for security operations.
AI agents need the right context to perform complex tasks accurately. Built on Elasticsearch, Agent Builder excels at context engineering by delivering relevance in a unified platform that scales, searches, and analyses enterprise data. It dramatically simplifies the entire agent workflow with native data prep and ingestion, retrieval and ranking, built-in and custom tools, native conversational experience, and agent observability. Developers can use Agent Builder to chat with their data or build a context-driven custom agent in minutes.
Here’s the reality: A security agent investigating a potential breach needs to correlate firewall logs, endpoint telemetry, threat intel feeds, and past incident reports, often across multiple vendors and formats. If it can’t access all of that context simultaneously, it either guesses (and gets it wrong) or punts the work back to an already overwhelmed analyst. The promise of AI-assisted security ops collapses the moment the agent hits fragmented data.
Elastic’s tools change that equation. Agent Builder lets security teams create AI agents that are secure, understand context and can search across all their data, no matter where it lives or what format it’s in.
“Agent Builder has native MCP and A2A protocol support, enabling seamless deployments within Microsoft Foundry and Microsoft Agent Framework,” said Amanda Silver, CVP, Microsoft CoreAI. “This gives our users a way to build context-rich, agentic AI leveraging Elasticsearch as a Knowledge Source and powered by Microsoft Foundry.”
“Agentic systems fail today because connecting AI to tools and data is complex,” said Sam Partee, co-founder at Arcade.dev. “Elastic Agent Builder with Arcade.dev gives developers a structured, secure way to handle how agents retrieve context, reason, and act, taking agents from demo to production grade.”
Unlocking enterprise context from unstructured data sources is key to building effective agents,” said Jerry Liu, CEO at LlamaIndex. “Elastic Agent Builder combined with LlamaIndex’s complex document processing strengthens the critical context layer, helping teams retrieve, process, and prepare data so agents can reason more accurately and deliver better outcomes.”
Introducing Workflows
Elastic also introduced Elastic Workflows (tech preview), a new capability that extends Agent Builder’s functionality by enabling agents to reliably take action across systems.
Many agent-building frameworks require LLMs to plan and manage every step of the automation. However, AI lacks the reliability of rule-based actions, a critical capability for organisations. Workflows closes this gap. Now, agents built with Agent Builder can leverage Workflows to orchestrate internal and external systems to take actions, gather and transform data and context with precision. Agent Builder and Workflows enable developers to build context-driven agents that can reason accurately and execute predictably.
If building an agent for security purposes, Workflows could give agents the instructions they need to take action, like isolating a compromised endpoint or updating firewall rules, directly within the platform where the data lives. By automating these instructional steps, the AI doesn’t have to figure out the process every time, leading to more dependable and auditable agent actions.
“Agent Builder simplifies working with messy enterprise data, giving developers a secure, reliable foundation to build context-driven agents at scale,” said Ken Exner, chief product officer at Elastic. “Elastic Workflows complements this foundation by giving those agents built-in, rules-based automation for simple tasks. By enhancing Agent Builder with Workflows, teams get a single system that delivers both intelligent reasoning and dependable automation, which is exactly what enterprises need to move from pilots to real-world impact.”
Agents developed with Agent Builder are model-agnostic and compatible with managed model-as-a-service providers, including the cloud hyperscalers.
Availability
Agent Builder is available in Elastic Cloud Serverless and is included with the Enterprise Tier in Elastic Cloud Hosted and self-managed Elastic Stack releases for existing customers.
Workflows is available in tech preview.
