New AI features streamline threat detection, accelerate investigations, and improve security outcomes across hybrid environments

Graylog, a leading provider of SIEM and threat detection solutions purpose-built to secure mid-market enterprises, today launched its Graylog Security Fall 2025 release. The latest version introduces AI-driven insights, Model Context Protocol (MCP) Server Access, and Amazon Security Data Lake integration, enabling SOCs to operate with greater clarity, speed, and cost efficiency.

The new platform (version 7.0) features AI-enabled dashboards for Enterprise and Security customers, delivering instant, explainable insights into threats and trends. Additionally, it provides MCP Server access, which securely connects large language models (LLMs) directly to Graylog data for natural language queries. Additionally, the new Amazon Security Data Lake integration further enhances visibility across hybrid environments, providing controls to reduce transfer, storage, and licensing costs. These capabilities deliver measurable efficiency gains for teams that need to accomplish more with fewer resources.

“Security and IT teams are being pushed to their limits by data growth and alert fatigue,” said Seth Goldhammer, Vice President of Product Management at Graylog. “Our focus is on helping them take back control, with practical AI that drives faster insights, smarter investigations, and measurable efficiency. With this release, we’re giving teams explainable AI they can trust. By combining innovation with simplicity, and AI with human insight, organizations can meet security challenges head-on with technology that works for them.”

Expanding Access to Security Data Through Natural Language

This release introduces Graylog MCP Server Access, a secure new way for teams to interact with their Graylog environment through natural language. The MCP Server connects user-approved AI agents or LLMs to Graylog, adding a conversational layer for querying and analysis - fully governed by user permissions and license tier and available to all Graylog versions.

Analysts (or their AI agents) can ask things like:

• “Show me assets that increased in risk score over the past week and are linked to open investigations.”
• “Summarize the top five MITRE techniques detected across failed logins in the last 24 hours.”
• “Which indices are nearing rotation thresholds, and how much storage is currently in use across the cluster?”

This capability helps teams quickly uncover both security insights and environment health, improving awareness and response times across the SOC. It gives analysts a faster, more intuitive way to interpret and act on data - enhancing productivity, clarity, and confidence without changing what they can access or control.

Reducing Cost and Complexity with AWS Security Data Lake Integration

Graylog 7.0 extends the concept introduced previously with the Graylog internal data lake to external data lakes. Using preview, selective retrieval, and filtered collection, customers gain unified visibility across their AWS services and other environments without incurring unnecessary transfer costs, licensing impacts, or redundant storage for log messages that are not aligned with their active analytics, such as dashboards and threat detections.

Redefining the SOC For the Real World

Built for lean, outcome-driven teams, Graylog unifies log management, SIEM, and AI-powered threat detection and investigation in a single, scalable platform. The result is an analyst-centric workflow that delivers actionable clarity without complexity or overhead. Unlike legacy SIEMs weighed down by cost and complexity, or newer entrants chasing unproven AI claims, Graylog Security delivers transparent and understandable AI that provides analysts with clear context and control. Every alert, summary, and recommendation can be traced and understood, empowering security teams to respond faster and smarter.

The Graylog Security Fall 2025 release is available today. Visit Graylog to explore new features or talk to Graylog’s AI Concierge Arti.

About Graylog

Graylog is the AI-powered SIEM and log management platform built for security and IT operations. The platform centralizes and analyzes event data from across complex environments to help teams detect threats faster, investigate smarter, and control data costs - without compromise.

Graylog combines scalable log management with explainable AI, summarizing dashboards, prioritizing real risks, and automating investigation workflows - while keeping analysts in control. With products including Graylog Security, Enterprise, API Security, and Open, Graylog serves more than 60,000 organizations across 180 countries. Headquartered in Houston with roots in open source, Graylog continues to redefine how modern teams achieve clarity, context, and control across their environments.

Learn more at graylog.com or connect with us on Bluesky and LinkedIn.

View source version on businesswire.com: https://www.businesswire.com/news/home/20251103429160/en/