Security teams face an accelerating threat landscape where execution speed defines success and artificial intelligence-powered tools lower barriers for cyber criminals. Traditional SIEM platforms struggle with data volume, analyst skills gaps and the complexity of translating thousands of alerts into actionable intelligence. The shift toward agentic AI represents more than automation - it demands foundational changes to data architecture, unified schemas and real-time ingestion capabilities that enable contextual decision-making without sacrificing governance or control.

Effective AI integration requires grounding insights in relevant, searchable data while maintaining strict access controls and deployment flexibility across hybrid environments.

In this session, Tim Brophy, international strategic SA at Elastic, will explore:

• How to embed AI into analyst workflows through automated attack discovery, rule migration and data onboarding;
• Leveraging Model Context Protocol (MCP) to expose security capabilities to external agents while preserving existing controls;
• How to build unified data meshes that support real-time threat hunting across observability, infrastructure and security telemetry.