Graylog Rolls Out AI-Driven Security Update With MCP Server Access, AWS Data Lake Integration

Graylog has released its Fall 2025 update, introducing AI-powered dashboards, Model Context Protocol (MCP) Server Access, and integration with Amazon Security Data Lake. The company says the latest version—Graylog 7.0—aims to help mid-market security operations centers manage data and alerts more efficiently while keeping costs in check.

The update adds AI-enabled dashboards that surface explainable threat insights and trend summaries for Enterprise and Security users. A new MCP Server Access feature securely connects large language models to Graylog data, allowing analysts to query their environments using natural language. The move extends Graylog’s approach to “practical AI” by keeping user permissions and controls intact while speeding up data interpretation.

“Security and IT teams are being pushed to their limits by data growth and alert fatigue,” said Seth Goldhammer, Vice President of Product Management at Graylog. “Our focus is on helping them take back control, with practical AI that drives faster insights, smarter investigations, and measurable efficiency. With this release, we’re giving teams explainable AI they can trust. By combining innovation with simplicity and AI with human insight, organizations can meet security challenges head-on with technology that works for them.”

Expanding access to security data through natural language

Teams can now ask questions like, “Which assets increased in risk score this week?” or “Summarize the top MITRE techniques in failed logins.” The goal, according to the company, is to give analysts a faster, more intuitive way to uncover security insights and system health without changing their workflows.

The release also integrates Amazon Security Data Lake, giving organizations unified visibility across AWS and other environments while managing transfer and storage costs. By filtering what’s collected or retrieved, Graylog says users can avoid paying for unnecessary data movement or redundant storage.

Graylog positions version 7.0 as part of its effort to redefine the modern SOC for teams that need speed and clarity over complexity. The release is available now, with details on new features and the company’s AI assistant “Arti” on the Graylog website.