From 2eba3b6fc90738123609fde90e545e728bd5d6a0 Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein <benjamin.ironside@elastic.co>
Date: Fri, 31 Oct 2025 14:40:02 -0700
Subject: [PATCH 01/13] Creates a page summarizing all Elastic's AI-powered
 features

---
 .../{ => ai-features}/ai-assistant.md         |   0
 explore-analyze/ai-features/ai-features.md    | 155 ++++++++++++++++++
 .../manage-access-to-ai-assistant.md          |   0
 explore-analyze/toc.yml                       |   6 +-
 redirects.yml                                 |   4 +-
 solutions/security/ai/ai-assistant.md         |   6 +-
 .../automatic-troubleshooting.md              |   4 +-
 7 files changed, 167 insertions(+), 8 deletions(-)
 rename explore-analyze/{ => ai-features}/ai-assistant.md (100%)
 create mode 100644 explore-analyze/ai-features/ai-features.md
 rename explore-analyze/{ => ai-features}/manage-access-to-ai-assistant.md (100%)

diff --git a/explore-analyze/ai-assistant.md b/explore-analyze/ai-features/ai-assistant.md
similarity index 100%
rename from explore-analyze/ai-assistant.md
rename to explore-analyze/ai-features/ai-assistant.md
diff --git a/explore-analyze/ai-features/ai-features.md b/explore-analyze/ai-features/ai-features.md
new file mode 100644
index 0000000000..46de41cc8b
--- /dev/null
+++ b/explore-analyze/ai-features/ai-features.md
@@ -0,0 +1,155 @@
+---
+navigation_title: AI-powered features
+applies_to:
+  stack: ga
+  serverless: ga
+products:
+  - id: kibana
+  - id: observability
+  - id: security
+  - id: cloud-serverless
+---
+
+# AI-powered features
+
+AI is built into many parts of the {{stack}}. This page describes Elastaic's AI-powered features, organized by solution, and provides links to more detailed information about each of them.
+
+To learn about enabling and disabling these features in your deployment, refer to [](/explore-analyze/ai-features/manage-access-to-ai-assistant.md). To learn about setting up large language model (LLM) connectors used by AI-powered features, refer to [](/solutions/security/ai/set-up-connectors-for-large-language-models-llm.md).
+
+
+## AI-powered features in {{es}}
+
+### Agent builder
+
+```{applies_to}
+stack: preview 9.2
+serverless:
+  elasticsearch: preview
+  observability: unavailable
+  security: unavailable
+```
+
+[Agent Builder](/solutions/search/elastic-agent-builder.md) enables you to create AI agents that can interact with your Elasticsearch data, execute queries, and provide intelligent responses. It provides a complete framework for building conversational AI experiences on top of your search infrastructure.
+
+### AI Assistant
+```{applies_to}
+stack:
+serverless:
+```
+
+[](/solutions/observability/observability-ai-assistant.md) helps you understand, analyze, and interact with your Elastic data throughout {{kib}}. It provides a chat interface where you can ask questions about the {{stack}} and your data, and provides contextual insights throughout {{kib}} that explain errors and messages and suggest remediation steps.
+
+### AI-powered search
+```{applies_to}
+stack:
+serverless:
+```
+
+[AI-powered search](/solutions/search/ai-search/ai-search.md) helps you find data based on intent and contextual meaning using vector search technology, which uses machine learning models to capture meaning in content. These vector representations come in two forms: dense vectors that capture overall meaning, and sparse vectors that focus on key terms and their relationships. 
+
+Depending on your team's technical expertise and requirements, you can choose from two main paths to implement AI-powered search in {{es}}. You can use managed workflows that abstract away much of the complexity, or you can work directly with the underlying vector search technology.
+
+### Hybrid search
+```{applies_to}
+stack:
+serverless:
+```
+[Hybrid search](/solutions/search/hybrid-search.md) combines traditional full-text search with AI-powered search for more powerful search experiences that serve a wider range of user needs.
+
+### Playground
+```{applies_to}
+stack: preview 9.0, beta 9.1
+serverless: beta
+```
+
+[Playground](/solutions/search/rag/playground.md) enables you to use large language models (LLMs) to understand, explore, and analyze your {{es}} data using retrieval augmented generation (RAG), via a chat interface. Playground is also very useful for testing and debugging your {{es}} queries, using the [retrievers](/solutions/search/retrievers-overview.md) syntax with the `_search` endpoint.
+
+### Model context protocol
+```{applies_to}
+stack:
+serverless:
+```
+
+The [Model Context Protocol (MCP)](/solutions/search/mcp.md) lets you connect AI agents and assistants to your {{es}} data to enable natural language interactions with your indices.
+
+
+## AI-powered features in {{observability}}
+
+### AI Assistant
+```{applies_to}
+stack:
+serverless:
+```
+
+[](/solutions/observability/observability-ai-assistant.md) helps you understand, analyze, and interact with your Elastic data throughout {{kib}}. It provides a chat interface where you can ask questions about the {{stack}} and your data, and provides contextual insights throughout {{kib}} that explain errors and messages and suggest remediation steps.
+
+### Streams 
+```{applies_to}
+serverless: ga
+stack: preview 9.1, ga 9.2
+```
+
+[Streams](/solutions/observability/streams/streams.md) provides a single, centralized UI within Kibana that streamlines common tasks like extracting fields, setting data retention, and routing data, so you don't need to use multiple applications or manually configure underlying Elasticsearch components. Streams incorporates AI in the following ways:
+
+#### Generate significant events with AI
+```{applies_to}
+serverless: ga
+stack: preview 9.1, ga 9.2
+```
+[Significant Events](/solutions/observability/streams/management/significant-events.md) periodically runs a query on your stream to find important events. These can include error messages, exceptions, and other relevant log messages. You can use AI to suggest queries based on previously identified significant events in your Stream.
+
+#### Generate Grok patterns
+```{applies_to}
+serverless: ga
+stack: preview 9.1, ga 9.2
+```
+You can [generate Grok patterns](/solutions/observability/streams/management/extract/grok.md#streams-grok-patterns) using AI instead of writing them by by hand. 
+
+## AI-powered features in {{elastic-sec}}
+
+### AI Assistant for Security
+```{applies_to}
+stack: all
+serverless:
+  security: all
+```
+
+[Elastic AI Assistant for Security](/solutions/security/ai/ai-assistant.md) helps you interact with your {{elastic-sec}} data and assists with tasks such as alert investigation, incident response, and query generation. It provides a chat interface where you can ask questions about the {{stack}} and your data, and provides contextual insights throughout {{kib}} that explain errors and messages and suggest remediation steps.
+
+### Attack Discovery
+```{applies_to}
+stack: ga
+serverless:
+  security: ga
+```
+
+[Attack Discovery](/solutions/security/ai/attack-discovery.md) leverages large language models (LLMs) to analyze alerts in your environment and identify threats. Each "discovery" represents a potential attack and describes relationships among multiple alerts to tell you which users and hosts are involved, how alerts correspond to the MITRE ATT&CK matrix, and which threat actor might be responsible. This can help make the most of each security analyst’s time, fight alert fatigue, and reduce your mean time to respond.
+
+### Automatic Migration
+
+[Automatic Migration](/solutions/security/get-started/automatic-migration.md) helps you quickly migrate Splunk assets to {{elastic-sec}}. The following asset types are supported:
+
+* {applies_to}`stack: preview 9.0, ga 9.1` {applies_to}`serverless: ga` Splunk rules
+* {applies_to}`stack: preview 9.2` {applies_to}`serverless: preview` Splunk dashboards
+
+### Automatic Import
+```{applies_to}
+stack: ga
+serverless:
+  security: ga
+```
+
+[Automatic Import](/solutions/security/get-started/automatic-import.md) helps you quickly parse, ingest, and create ECS mappings for data from sources that don’t yet have prebuilt Elastic integrations. This can accelerate your migration to {{elastic-sec}}, and help you quickly add new data sources to an existing SIEM solution in {{elastic-sec}}. 
+
+### Automatic Troubleshooting
+```{applies_to}
+stack: ga 9.2, preview 9.0
+serverless:
+  security: ga
+```
+[Automatic troubleshooting](/solutions/security/manage-elastic-defend/automatic-troubleshooting.md) helps you identify and resolve issues that could prevent {{elastic-defend}} from working as intended. It provides actionable insights into the following common problem areas:
+
+* {applies_to}`stack: ga 9.2` {applies_to}`serverless: ga` **Policy responses**: Detect warnings or failures in {{elastic-defend}}’s integration policies.
+* **Third-party antivirus (AV) software**: Identify installed third-party antivirus (AV) products that may conflict with {{elastic-defend}}.
+
+This helps you resolve configuration errors, address incompatibilities, and ensure that your hosts remain protected.
\ No newline at end of file
diff --git a/explore-analyze/manage-access-to-ai-assistant.md b/explore-analyze/ai-features/manage-access-to-ai-assistant.md
similarity index 100%
rename from explore-analyze/manage-access-to-ai-assistant.md
rename to explore-analyze/ai-features/manage-access-to-ai-assistant.md
diff --git a/explore-analyze/toc.yml b/explore-analyze/toc.yml
index eb67af306d..4790130770 100644
--- a/explore-analyze/toc.yml
+++ b/explore-analyze/toc.yml
@@ -152,8 +152,10 @@ toc:
       - file: scripting/modules-scripting-expression.md
       - file: scripting/modules-scripting-engine.md
       - file: scripting/painless-lab.md
-  - file: ai-assistant.md
-  - file: manage-access-to-ai-assistant.md
+  - file: ai-features/ai-features.md
+    children:
+      - file: ai-features/ai-assistant.md
+      - file: ai-features/manage-access-to-ai-assistant.md
   - file: discover.md
     children:
       - file: discover/discover-get-started.md
diff --git a/redirects.yml b/redirects.yml
index f81cb02bc9..b82a5afad8 100644
--- a/redirects.yml
+++ b/redirects.yml
@@ -582,5 +582,7 @@ redirects:
 # Remote cluster settings moved to reference: https://github.com/elastic/docs-content/issues/579
   'deploy-manage/remote-clusters/remote-clusters-settings.md': 'elasticsearch://reference/elasticsearch/configuration-reference/remote-clusters.md'
 
-
+# Moved explore-analyze AI assistant content into a subfolder (docs-content-internal/issues/455)
+  'explore-analyze/manage-access-to-ai-assistant.md': 'explore-analyze/ai-features/manage-access-to-ai-assistant.md'
+  'explore-analyze/ai-assistant.md': 'explore-analyze/ai-features/ai-assistant.md'
 
diff --git a/solutions/security/ai/ai-assistant.md b/solutions/security/ai/ai-assistant.md
index dbdd51f343..83b5d76435 100644
--- a/solutions/security/ai/ai-assistant.md
+++ b/solutions/security/ai/ai-assistant.md
@@ -12,9 +12,9 @@ products:
 navigation_title: AI Assistant
 ---
 
-# AI Assistant for {{elastic-sec}}
+# Elastic AI Assistant for Security
 
-The Elastic AI Assistant utilizes generative AI to bolster your cybersecurity operations team. It allows users to interact with {{elastic-sec}} for tasks such as alert investigation, incident response, and query generation or conversation using natural language and much more.
+Elastic AI Assistant for Security helps you interact with your {{elastic-sec}} data and assists with tasks such as alert investigation, incident response, and query generation. It provides a chat interface where you can ask questions about the {{stack}} and your data, and provides contextual insights throughout {{kib}} that explain errors and messages and suggest remediation steps.
 
 :::{image} /solutions/images/security-assistant-basic-view.png
 :alt: Image of AI Assistant chat window
@@ -23,7 +23,7 @@ The Elastic AI Assistant utilizes generative AI to bolster your cybersecurity op
 :::
 
 ::::{warning}
-The Elastic AI Assistant is designed to enhance your analysis with smart dialogues. Its capabilities are still developing. Users should exercise caution as the quality of its responses might vary. Your insights and feedback will help us improve this feature. Always cross-verify AI-generated advice for accuracy.
+The Elastic AI Assistant is designed to enhance your analysis with smart dialogues. Its capabilities are still developing. You should exercise caution as the quality of its responses might vary. Your insights and feedback will help us improve this feature. Always cross-verify AI-generated advice for accuracy.
 ::::
 
 ::::{admonition} Requirements
diff --git a/solutions/security/manage-elastic-defend/automatic-troubleshooting.md b/solutions/security/manage-elastic-defend/automatic-troubleshooting.md
index 0986f2c550..4edfe77963 100644
--- a/solutions/security/manage-elastic-defend/automatic-troubleshooting.md
+++ b/solutions/security/manage-elastic-defend/automatic-troubleshooting.md
@@ -12,12 +12,12 @@ products:
 
 # Automatic troubleshooting
 
-Automatic troubleshooting helps you identify and resolve issues that could prevent {{elastic-defend}} from working as intended. This feature provides actionable insights into the following common problem areas:
+Automatic troubleshooting helps you identify and resolve issues that could prevent {{elastic-defend}} from working as intended. It provides actionable insights into the following common problem areas:
 
 * {applies_to}`stack: ga 9.2` {applies_to}`serverless: ga` **Policy responses**: Detect warnings or failures in {{elastic-defend}}’s integration policies.
 * **Third-party antivirus (AV) software**: Identify installed third-party antivirus (AV) products that may conflict with {{elastic-defend}}.
 
-With these checks, you can resolve configuration errors, address incompatibilities, and ensure that your hosts remain protected.
+This helps you resolve configuration errors, address incompatibilities, and ensure that your hosts remain protected.
 
 ::::{admonition} Requirements
 To use this feature, you need:

From ebff65f612abb045713340bebbbb340d967265e0 Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein <benjamin.ironside@elastic.co>
Date: Fri, 31 Oct 2025 14:48:01 -0700
Subject: [PATCH 02/13] fixes broken refs

---
 .../hotfrozen-high-availability.md                        | 2 +-
 explore-analyze/ai-features/ai-assistant.md               | 8 ++++----
 solutions/observability/observability-ai-assistant.md     | 2 +-
 solutions/security/ai/ai-assistant.md                     | 2 +-
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/deploy-manage/reference-architectures/hotfrozen-high-availability.md b/deploy-manage/reference-architectures/hotfrozen-high-availability.md
index cbf3490d06..f24c976a02 100644
--- a/deploy-manage/reference-architectures/hotfrozen-high-availability.md
+++ b/deploy-manage/reference-architectures/hotfrozen-high-availability.md
@@ -27,7 +27,7 @@ This Hot/Frozen – High Availability architecture is intended for organizations
 * Have a requirement for cost effective long term data storage (many months or years).
 * Provide insights and alerts using logs, metrics, traces, or various event types to ensure optimal performance and quick issue resolution for applications.
 * Apply [machine learning anomaly detection](/explore-analyze/machine-learning/anomaly-detection.md) to help detect patterns in time series data to find root cause and resolve problems faster.
-* Use an AI assistant ([Observability](/explore-analyze/ai-assistant.md), [Security](/solutions/security/ai/ai-assistant.md), or [Playground](/solutions/search/rag/playground.md)) for investigation, incident response, reporting, query generation, or query conversion from other languages using natural language.
+* Use an AI assistant ([Observability](/explore-analyze/ai-features/ai-assistant.md), [Security](/solutions/security/ai/ai-assistant.md), or [Playground](/solutions/search/rag/playground.md)) for investigation, incident response, reporting, query generation, or query conversion from other languages using natural language.
 * Deploy an architecture model that allows for maximum flexibility between storage cost and performance.
 
 ::::{important}
diff --git a/explore-analyze/ai-features/ai-assistant.md b/explore-analyze/ai-features/ai-assistant.md
index d388363ab6..2673d09481 100644
--- a/explore-analyze/ai-features/ai-assistant.md
+++ b/explore-analyze/ai-features/ai-assistant.md
@@ -33,12 +33,12 @@ $$$token-limits$$$
 
 AI Assistant requires specific privileges and a large language model (LLM) connector. The capabilities and ways to interact with AI Assistant can differ for each solution. To learn more about how it works in each solution, refer to:
 
-- [{{obs-ai-assistant}}](../solutions/observability/observability-ai-assistant.md)
-- [AI Assistant for Security](../solutions/security/ai/ai-assistant.md)
+- [{{obs-ai-assistant}}](../../solutions/observability/observability-ai-assistant.md)
+- [AI Assistant for Security](../../solutions/security/ai/ai-assistant.md)
 
 To learn more about configuring LLM connectors, refer to:
 
-- [Enable LLM access](../solutions/security/ai/set-up-connectors-for-large-language-models-llm.md)
+- [Enable LLM access](../../solutions/security/ai/set-up-connectors-for-large-language-models-llm.md)
 
 ## Prompt best practices [rag-for-esql]
 Elastic AI Assistant allows you to take full advantage of the Elastic platform to improve your operations. It can help you write an ES|QL query for a particular use case, or answer general questions about how to use the platform. Its ability to assist you depends on the specificity and detail of your questions. The more context and detail you provide, the more tailored and useful its responses will be.
@@ -57,5 +57,5 @@ Elastic does not control third-party tools, and assumes no responsibility or lia
 
 ## Elastic Managed LLM [elastic-managed-llm-ai-assistant]
 
-:::{include} ../solutions/_snippets/elastic-managed-llm.md
+:::{include} ../../solutions/_snippets/elastic-managed-llm.md
 :::
diff --git a/solutions/observability/observability-ai-assistant.md b/solutions/observability/observability-ai-assistant.md
index 48ecea825e..471e81df0a 100644
--- a/solutions/observability/observability-ai-assistant.md
+++ b/solutions/observability/observability-ai-assistant.md
@@ -60,7 +60,7 @@ stack: ga 9.2
 serverless: ga
 ```
 
-The [**GenAI settings**](/explore-analyze/manage-access-to-ai-assistant.md) page allows you to:
+The [**GenAI settings**](/explore-analyze/ai-features/manage-access-to-ai-assistant.md) page allows you to:
 
 - Manage which AI connectors are available in your environment. 
 - Enable or disable AI Assistant and other AI-powered features in your environment.
diff --git a/solutions/security/ai/ai-assistant.md b/solutions/security/ai/ai-assistant.md
index 83b5d76435..4a71d0e193 100644
--- a/solutions/security/ai/ai-assistant.md
+++ b/solutions/security/ai/ai-assistant.md
@@ -42,7 +42,7 @@ stack: ga 9.2
 serverless: ga
 ```
 
-The [**GenAI settings**](/explore-analyze/manage-access-to-ai-assistant.md) page allows you to:
+The [**GenAI settings**](/explore-analyze/ai-features/manage-access-to-ai-assistant.md) page allows you to:
 
 - Manage which AI connectors are available in your environment. 
 - Enable or disable AI Assistant and other AI-powered features in your environment.

From 36f40b42c8d6279001666edee8e0fe13305f865f Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein <benjamin.ironside@elastic.co>
Date: Thu, 6 Nov 2025 20:00:19 -0600
Subject: [PATCH 03/13] incorporates review

---
 explore-analyze/ai-features/ai-features.md | 29 +++++++++++++++++-----
 1 file changed, 23 insertions(+), 6 deletions(-)

diff --git a/explore-analyze/ai-features/ai-features.md b/explore-analyze/ai-features/ai-features.md
index 46de41cc8b..1dba465d1a 100644
--- a/explore-analyze/ai-features/ai-features.md
+++ b/explore-analyze/ai-features/ai-features.md
@@ -14,7 +14,14 @@ products:
 
 AI is built into many parts of the {{stack}}. This page describes Elastaic's AI-powered features, organized by solution, and provides links to more detailed information about each of them.
 
-To learn about enabling and disabling these features in your deployment, refer to [](/explore-analyze/ai-features/manage-access-to-ai-assistant.md). To learn about setting up large language model (LLM) connectors used by AI-powered features, refer to [](/solutions/security/ai/set-up-connectors-for-large-language-models-llm.md).
+To learn about enabling and disabling these features in your deployment, refer to [](/explore-analyze/ai-features/manage-access-to-ai-assistant.md). 
+
+## Requirements 
+
+To use Elastic's AI-powered features, you need:
+
+- An appropriate license and feature tier. These vary by solution and feature. Refer to each feature's documentation to learn more.
+- At least one working LLM connector. To learn about setting up large language model (LLM) connectors used by AI-powered features, refer to [](/solutions/security/ai/set-up-connectors-for-large-language-models-llm.md).
 
 
 ## AI-powered features in {{es}}
@@ -22,7 +29,7 @@ To learn about enabling and disabling these features in your deployment, refer t
 ### Agent builder
 
 ```{applies_to}
-stack: preview 9.2
+[Agent Builder](/solutions/search/elastic-agent-builder.md) enables you to create AI agents that can interact with your {{es}} data, execute queries, and provide intelligent responses. It provides a complete framework for building conversational AI experiences on top of your search infrastructure.
 serverless:
   elasticsearch: preview
   observability: unavailable
@@ -45,9 +52,12 @@ stack:
 serverless:
 ```
 
-[AI-powered search](/solutions/search/ai-search/ai-search.md) helps you find data based on intent and contextual meaning using vector search technology, which uses machine learning models to capture meaning in content. These vector representations come in two forms: dense vectors that capture overall meaning, and sparse vectors that focus on key terms and their relationships. 
+[AI-powered search](/solutions/search/ai-search/ai-search.md) helps you find data based on intent and contextual meaning using vector search technology, which uses machine learning models to capture meaning in content.  
 
-Depending on your team's technical expertise and requirements, you can choose from two main paths to implement AI-powered search in {{es}}. You can use managed workflows that abstract away much of the complexity, or you can work directly with the underlying vector search technology.
+Depending on your team's technical expertise and requirements, you can choose from two broad paths:  
+
+- For a minimal configuration, managed workflow use [semantic_text](https://www.elastic.co/docs/solutions/search/semantic-search/semantic-search-semantic-text) 
+- For more control over the implementation details, implement dense or sparse [vector search](https://www.elastic.co/docs/solutions/search/vector) 
 
 ### Hybrid search
 ```{applies_to}
@@ -81,7 +91,7 @@ stack:
 serverless:
 ```
 
-[](/solutions/observability/observability-ai-assistant.md) helps you understand, analyze, and interact with your Elastic data throughout {{kib}}. It provides a chat interface where you can ask questions about the {{stack}} and your data, and provides contextual insights throughout {{kib}} that explain errors and messages and suggest remediation steps.
+[](/solutions/observability/observability-ai-assistant.md) helps you understand, analyze, and interact with your Elastic data throughout {{kib}}. It provides a chat interface where you can ask questions about the {{stack}} and your data, and provides [contextual insights](/solutions/observability/observability-ai-assistant.md#obs-ai-prompts) throughout {{kib}} that explain errors and messages and suggest remediation steps.
 
 ### Streams 
 ```{applies_to}
@@ -103,7 +113,14 @@ stack: preview 9.1, ga 9.2
 serverless: ga
 stack: preview 9.1, ga 9.2
 ```
-You can [generate Grok patterns](/solutions/observability/streams/management/extract/grok.md#streams-grok-patterns) using AI instead of writing them by by hand. 
+You can [generate Grok patterns](/solutions/observability/streams/management/extract/grok.md#streams-grok-patterns) using AI instead of writing them by hand. 
+
+#### Generate stream descriptions and feature identification
+```{applies_to}
+serverless: ga
+stack: preview 9.1, ga 9.2
+```
+On the Streams [advanced settings](/solutions/observability/streams/management/advanced.md) page, you can use AI to generate your [stream description](/solutions/observability/streams/management/advanced.md#streams-advanced-description) and [feature identification](/solutions/observability/streams/management/advanced.md#streams-advanced-features).
 
 ## AI-powered features in {{elastic-sec}}
 

From 0d2ed49d4a16fc3bfcf037e3e0b98cdcd80e8a8e Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein <benjamin.ironside@elastic.co>
Date: Thu, 6 Nov 2025 20:12:45 -0600
Subject: [PATCH 04/13] bugfix

---
 explore-analyze/ai-features/ai-features.md | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/explore-analyze/ai-features/ai-features.md b/explore-analyze/ai-features/ai-features.md
index 1dba465d1a..f8a4475c76 100644
--- a/explore-analyze/ai-features/ai-features.md
+++ b/explore-analyze/ai-features/ai-features.md
@@ -29,16 +29,15 @@ To use Elastic's AI-powered features, you need:
 ### Agent builder
 
 ```{applies_to}
-[Agent Builder](/solutions/search/elastic-agent-builder.md) enables you to create AI agents that can interact with your {{es}} data, execute queries, and provide intelligent responses. It provides a complete framework for building conversational AI experiences on top of your search infrastructure.
 serverless:
   elasticsearch: preview
   observability: unavailable
   security: unavailable
 ```
 
-[Agent Builder](/solutions/search/elastic-agent-builder.md) enables you to create AI agents that can interact with your Elasticsearch data, execute queries, and provide intelligent responses. It provides a complete framework for building conversational AI experiences on top of your search infrastructure.
+[Agent Builder](/solutions/search/elastic-agent-builder.md) enables you to create AI agents that can interact with your Elasticsearch data, run queries, and provide intelligent responses. It provides a complete framework for building conversational AI experiences on top of your search infrastructure.
 
-### AI Assistant
+### AI assistant
 ```{applies_to}
 stack:
 serverless:
@@ -85,7 +84,7 @@ The [Model Context Protocol (MCP)](/solutions/search/mcp.md) lets you connect AI
 
 ## AI-powered features in {{observability}}
 
-### AI Assistant
+### AI assistant
 ```{applies_to}
 stack:
 serverless:

From 5d924ca6e01144ed958669e690df19b30ee12509 Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein <benjamin.ironside@elastic.co>
Date: Thu, 6 Nov 2025 20:45:19 -0600
Subject: [PATCH 05/13] Addresses more feedback

---
 explore-analyze/ai-features/ai-features.md | 29 +++++++++++++++++++---
 1 file changed, 25 insertions(+), 4 deletions(-)

diff --git a/explore-analyze/ai-features/ai-features.md b/explore-analyze/ai-features/ai-features.md
index f8a4475c76..aacfee227e 100644
--- a/explore-analyze/ai-features/ai-features.md
+++ b/explore-analyze/ai-features/ai-features.md
@@ -16,12 +16,12 @@ AI is built into many parts of the {{stack}}. This page describes Elastaic's AI-
 
 To learn about enabling and disabling these features in your deployment, refer to [](/explore-analyze/ai-features/manage-access-to-ai-assistant.md). 
 
-## Requirements 
+For pricing information, refer to [pricing](https://www.elastic.co/pricing).
 
-To use Elastic's AI-powered features, you need:
+## Requirements 
 
-- An appropriate license and feature tier. These vary by solution and feature. Refer to each feature's documentation to learn more.
-- At least one working LLM connector. To learn about setting up large language model (LLM) connectors used by AI-powered features, refer to [](/solutions/security/ai/set-up-connectors-for-large-language-models-llm.md).
+- To use Elastic's AI-powered features, you need an appropriate license and feature tier. These vary by solution and feature. Refer to each feature's documentation to learn more.
+- Most features require at least one working LLM connector. To learn about setting up large language model (LLM) connectors used by AI-powered features, refer to [](/solutions/security/ai/set-up-connectors-for-large-language-models-llm.md).
 
 
 ## AI-powered features in {{es}}
@@ -45,6 +45,27 @@ serverless:
 
 [](/solutions/observability/observability-ai-assistant.md) helps you understand, analyze, and interact with your Elastic data throughout {{kib}}. It provides a chat interface where you can ask questions about the {{stack}} and your data, and provides contextual insights throughout {{kib}} that explain errors and messages and suggest remediation steps.
 
+### Elastic inference
+```{applies_to}
+stack:
+serverless:
+```
+[Elastic Inference](/explore-analyze/elastic-inference.md) helps you use machine learning models to make predictions or enact operations — such as text embedding, or reranking - on your data.
+
+To learn more, refer to:
+
+- [Elastic Inference Service (EIS)](/explore-analyze/elastic-inference/eis.md): a managed service that runs inference outside your cluster resources.
+- [The inference API](/explore-analyze/elastic-inference/inference-api.md): a general-purpose API that enables you to run inference using EIS, your own models, or third-party services.
+
+### Natural language processing
+```{applies_to}
+stack:
+serverless:
+```
+Natural Language Processing (NLP) allows you to analyze natural language data and make predictions.
+
+Elastic offers a range of [built-in NLP models](/explore-analyze/machine-learning/nlp/ml-nlp-built-in-models.md) such as the Elastic-trained [ELSER](/explore-analyze/machine-learning/nlp/ml-nlp-elser.md). You can also [deploy custom models](/explore-analyze/machine-learning/nlp/ml-nlp-overview.md).
+
 ### AI-powered search
 ```{applies_to}
 stack:

From 0a6a44048aa2cb95185e2e68453727174f0fd128 Mon Sep 17 00:00:00 2001
From: Mike Birnstiehl <114418652+mdbirnstiehl@users.noreply.github.com>
Date: Fri, 7 Nov 2025 09:17:13 -0600
Subject: [PATCH 06/13] Add partitioning description

---
 explore-analyze/ai-features/ai-features.md | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/explore-analyze/ai-features/ai-features.md b/explore-analyze/ai-features/ai-features.md
index aacfee227e..b76c4c5904 100644
--- a/explore-analyze/ai-features/ai-features.md
+++ b/explore-analyze/ai-features/ai-features.md
@@ -133,14 +133,21 @@ stack: preview 9.1, ga 9.2
 serverless: ga
 stack: preview 9.1, ga 9.2
 ```
-You can [generate Grok patterns](/solutions/observability/streams/management/extract/grok.md#streams-grok-patterns) using AI instead of writing them by hand. 
+You can [generate Grok patterns](/solutions/observability/streams/management/extract/grok.md#streams-grok-patterns) to parse your data using AI instead of writing them by hand. 
+
+#### Generate stream descriptions and feature identification
+```{applies_to}
+serverless: preview
+stack: preview 9.2
+```
+[Partitioning](/solutions/observability/streams/management/partitioning.md) helps you organize log data into meaningful child streams within a wired stream. You can let AI suggest logical groupings based on your data, which you can review and accept.
 
 #### Generate stream descriptions and feature identification
 ```{applies_to}
 serverless: ga
 stack: preview 9.1, ga 9.2
 ```
-On the Streams [advanced settings](/solutions/observability/streams/management/advanced.md) page, you can use AI to generate your [stream description](/solutions/observability/streams/management/advanced.md#streams-advanced-description) and [feature identification](/solutions/observability/streams/management/advanced.md#streams-advanced-features).
+On the Streams [advanced settings](/solutions/observability/streams/management/advanced.md) tab, you can use AI to generate your [stream description](/solutions/observability/streams/management/advanced.md#streams-advanced-description) and [feature identification](/solutions/observability/streams/management/advanced.md#streams-advanced-features) that AI features like significant events use when generating suggestions.
 
 ## AI-powered features in {{elastic-sec}}
 
@@ -189,4 +196,4 @@ serverless:
 * {applies_to}`stack: ga 9.2` {applies_to}`serverless: ga` **Policy responses**: Detect warnings or failures in {{elastic-defend}}’s integration policies.
 * **Third-party antivirus (AV) software**: Identify installed third-party antivirus (AV) products that may conflict with {{elastic-defend}}.
 
-This helps you resolve configuration errors, address incompatibilities, and ensure that your hosts remain protected.
\ No newline at end of file
+This helps you resolve configuration errors, address incompatibilities, and ensure that your hosts remain protected.

From 2f90b099214990b865ae34af4a277aaaec073408 Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
 <91905639+benironside@users.noreply.github.com>
Date: Fri, 7 Nov 2025 11:26:53 -0600
Subject: [PATCH 07/13] Update explore-analyze/ai-features/ai-features.md

Co-authored-by: Liam Thompson <leemthompo@gmail.com>
---
 explore-analyze/ai-features/ai-features.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/explore-analyze/ai-features/ai-features.md b/explore-analyze/ai-features/ai-features.md
index b76c4c5904..ceb7ad0ea5 100644
--- a/explore-analyze/ai-features/ai-features.md
+++ b/explore-analyze/ai-features/ai-features.md
@@ -12,7 +12,7 @@ products:
 
 # AI-powered features
 
-AI is built into many parts of the {{stack}}. This page describes Elastaic's AI-powered features, organized by solution, and provides links to more detailed information about each of them.
+AI is built into many parts of the {{stack}}. This page describes Elastic's AI-powered features, organized by solution, and provides links to more detailed information about each of them.
 
 To learn about enabling and disabling these features in your deployment, refer to [](/explore-analyze/ai-features/manage-access-to-ai-assistant.md). 
 

From e5589488543b28886b1fcf2b62ec1499a2d9bc28 Mon Sep 17 00:00:00 2001
From: Mike Birnstiehl <114418652+mdbirnstiehl@users.noreply.github.com>
Date: Fri, 7 Nov 2025 16:26:02 -0600
Subject: [PATCH 08/13] Fixe heading

Updated the AI features documentation to clarify the use of AI in suggesting queries based on data.
---
 explore-analyze/ai-features/ai-features.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/explore-analyze/ai-features/ai-features.md b/explore-analyze/ai-features/ai-features.md
index ceb7ad0ea5..3a63f64291 100644
--- a/explore-analyze/ai-features/ai-features.md
+++ b/explore-analyze/ai-features/ai-features.md
@@ -126,7 +126,7 @@ stack: preview 9.1, ga 9.2
 serverless: ga
 stack: preview 9.1, ga 9.2
 ```
-[Significant Events](/solutions/observability/streams/management/significant-events.md) periodically runs a query on your stream to find important events. These can include error messages, exceptions, and other relevant log messages. You can use AI to suggest queries based on previously identified significant events in your Stream.
+[Significant Events](/solutions/observability/streams/management/significant-events.md) periodically runs a query on your stream to find important events. These can include error messages, exceptions, and other relevant log messages. You can use AI to suggest queries based on your data.
 
 #### Generate Grok patterns
 ```{applies_to}
@@ -135,7 +135,7 @@ stack: preview 9.1, ga 9.2
 ```
 You can [generate Grok patterns](/solutions/observability/streams/management/extract/grok.md#streams-grok-patterns) to parse your data using AI instead of writing them by hand. 
 
-#### Generate stream descriptions and feature identification
+#### Generate partition suggestions
 ```{applies_to}
 serverless: preview
 stack: preview 9.2

From 7f3fa71b34407cc990652ca18afd7418ca2198e1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Istv=C3=A1n=20Zolt=C3=A1n=20Szab=C3=B3?=
 <szabosteve@gmail.com>
Date: Tue, 18 Nov 2025 13:55:47 +0100
Subject: [PATCH 09/13] Adds platform section, rearranges sections.

---
 explore-analyze/ai-features/ai-features.md | 56 +++++++++++-----------
 1 file changed, 29 insertions(+), 27 deletions(-)

diff --git a/explore-analyze/ai-features/ai-features.md b/explore-analyze/ai-features/ai-features.md
index 3a63f64291..ff5f7173ea 100644
--- a/explore-analyze/ai-features/ai-features.md
+++ b/explore-analyze/ai-features/ai-features.md
@@ -18,53 +18,55 @@ To learn about enabling and disabling these features in your deployment, refer t
 
 For pricing information, refer to [pricing](https://www.elastic.co/pricing).
 
-## Requirements 
+## Requirements
 
 - To use Elastic's AI-powered features, you need an appropriate license and feature tier. These vary by solution and feature. Refer to each feature's documentation to learn more.
 - Most features require at least one working LLM connector. To learn about setting up large language model (LLM) connectors used by AI-powered features, refer to [](/solutions/security/ai/set-up-connectors-for-large-language-models-llm.md).
 
+## AI-powered features on the Elastic platform
 
-## AI-powered features in {{es}}
-
-### Agent builder
-
+### Elastic {{infer-cap}}
 ```{applies_to}
+stack:
 serverless:
-  elasticsearch: preview
-  observability: unavailable
-  security: unavailable
 ```
 
-[Agent Builder](/solutions/search/elastic-agent-builder.md) enables you to create AI agents that can interact with your Elasticsearch data, run queries, and provide intelligent responses. It provides a complete framework for building conversational AI experiences on top of your search infrastructure.
+[Elastic {{infer-cap}}](/explore-analyze/elastic-inference.md) enables you to use {{ml}} or AI models to make predictions or enact operations — such as text embedding, or reranking - on your data.
 
-### AI assistant
+To learn more, refer to:
+
+- [Elastic {{infer-cap}} Service (EIS)](/explore-analyze/elastic-inference/eis.md): a managed service that runs {{infer}} outside your cluster resources.
+- [The {{infer}} API](/explore-analyze/elastic-inference/inference-api.md): a general-purpose API that enables you to run {{infer}} using EIS, your own models, or third-party services.
+
+### Natural language processing
 ```{applies_to}
 stack:
 serverless:
 ```
+Natural Language Processing (NLP) enables you to analyze natural language data and make predictions.
 
-[](/solutions/observability/observability-ai-assistant.md) helps you understand, analyze, and interact with your Elastic data throughout {{kib}}. It provides a chat interface where you can ask questions about the {{stack}} and your data, and provides contextual insights throughout {{kib}} that explain errors and messages and suggest remediation steps.
+Elastic offers a range of [built-in NLP models](/explore-analyze/machine-learning/nlp/ml-nlp-built-in-models.md) such as the Elastic-trained [ELSER](/explore-analyze/machine-learning/nlp/ml-nlp-elser.md). You can also [deploy custom models](/explore-analyze/machine-learning/nlp/ml-nlp-overview.md).
+
+## AI-powered features in {{es}}
+
+### Agent builder
 
-### Elastic inference
 ```{applies_to}
-stack:
 serverless:
+  elasticsearch: preview
+  observability: unavailable
+  security: unavailable
 ```
-[Elastic Inference](/explore-analyze/elastic-inference.md) helps you use machine learning models to make predictions or enact operations — such as text embedding, or reranking - on your data.
 
-To learn more, refer to:
-
-- [Elastic Inference Service (EIS)](/explore-analyze/elastic-inference/eis.md): a managed service that runs inference outside your cluster resources.
-- [The inference API](/explore-analyze/elastic-inference/inference-api.md): a general-purpose API that enables you to run inference using EIS, your own models, or third-party services.
+[Agent Builder](/solutions/search/elastic-agent-builder.md) enables you to create AI agents that can interact with your {{es}} data, run queries, and provide intelligent responses. It provides a complete framework for building conversational AI experiences on top of your search infrastructure.
 
-### Natural language processing
+### AI assistant for {{es}}
 ```{applies_to}
 stack:
 serverless:
 ```
-Natural Language Processing (NLP) allows you to analyze natural language data and make predictions.
 
-Elastic offers a range of [built-in NLP models](/explore-analyze/machine-learning/nlp/ml-nlp-built-in-models.md) such as the Elastic-trained [ELSER](/explore-analyze/machine-learning/nlp/ml-nlp-elser.md). You can also [deploy custom models](/explore-analyze/machine-learning/nlp/ml-nlp-overview.md).
+[](/solutions/observability/observability-ai-assistant.md) helps you understand, analyze, and interact with your Elastic data throughout {{kib}}. It provides a chat interface where you can ask questions about the {{stack}} and your data, and provides contextual insights throughout {{kib}} that explain errors and messages and suggest remediation steps.
 
 ### AI-powered search
 ```{applies_to}
@@ -72,18 +74,19 @@ stack:
 serverless:
 ```
 
-[AI-powered search](/solutions/search/ai-search/ai-search.md) helps you find data based on intent and contextual meaning using vector search technology, which uses machine learning models to capture meaning in content.  
+[AI-powered search](/solutions/search/ai-search/ai-search.md) helps you find data based on intent and contextual meaning using vector search technology, which uses {{ml}} models to capture meaning in content.  
 
-Depending on your team's technical expertise and requirements, you can choose from two broad paths:  
+Depending on your team's technical expertise and requirements, you can choose from two broad paths:
 
-- For a minimal configuration, managed workflow use [semantic_text](https://www.elastic.co/docs/solutions/search/semantic-search/semantic-search-semantic-text) 
-- For more control over the implementation details, implement dense or sparse [vector search](https://www.elastic.co/docs/solutions/search/vector) 
+- For a minimal configuration, managed workflow use [semantic_text](https://www.elastic.co/docs/solutions/search/semantic-search/semantic-search-semantic-text) which is the recommended way to perform semantic search.
+- For more control over the implementation details, implement dense or sparse [vector search](https://www.elastic.co/docs/solutions/search/vector).
 
 ### Hybrid search
 ```{applies_to}
 stack:
 serverless:
 ```
+
 [Hybrid search](/solutions/search/hybrid-search.md) combines traditional full-text search with AI-powered search for more powerful search experiences that serve a wider range of user needs.
 
 ### Playground
@@ -102,10 +105,9 @@ serverless:
 
 The [Model Context Protocol (MCP)](/solutions/search/mcp.md) lets you connect AI agents and assistants to your {{es}} data to enable natural language interactions with your indices.
 
-
 ## AI-powered features in {{observability}}
 
-### AI assistant
+### AI assistant for {{observability}}
 ```{applies_to}
 stack:
 serverless:

From 5d6590c7eff9cdd5338da51b4ea300be1384e509 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Istv=C3=A1n=20Zolt=C3=A1n=20Szab=C3=B3?=
 <szabosteve@gmail.com>
Date: Tue, 18 Nov 2025 14:43:17 +0100
Subject: [PATCH 10/13] Apply suggestion from @florent-leborgne

Co-authored-by: florent-leborgne <florent.leborgne@elastic.co>
---
 explore-analyze/toc.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/explore-analyze/toc.yml b/explore-analyze/toc.yml
index a924efcfcc..309f73e892 100644
--- a/explore-analyze/toc.yml
+++ b/explore-analyze/toc.yml
@@ -165,7 +165,6 @@ toc:
           - file: scripting/painless-lab.md
       - file: scripting/modules-scripting-expression.md
       - file: scripting/modules-scripting-engine.md
-      - file: scripting/painless-lab.md
   - file: ai-features/ai-features.md
     children:
       - file: ai-features/ai-assistant.md

From e82998a92a42e8ad1c36156d040ecf7d7832f162 Mon Sep 17 00:00:00 2001
From: Mike Birnstiehl <michael.birnstiehl@elastic.co>
Date: Wed, 19 Nov 2025 14:30:45 -0600
Subject: [PATCH 11/13] update obs ai section

---
 explore-analyze/ai-features/ai-features.md | 41 +++++-----------------
 1 file changed, 9 insertions(+), 32 deletions(-)

diff --git a/explore-analyze/ai-features/ai-features.md b/explore-analyze/ai-features/ai-features.md
index ff5f7173ea..c09ae38a53 100644
--- a/explore-analyze/ai-features/ai-features.md
+++ b/explore-analyze/ai-features/ai-features.md
@@ -14,7 +14,7 @@ products:
 
 AI is built into many parts of the {{stack}}. This page describes Elastic's AI-powered features, organized by solution, and provides links to more detailed information about each of them.
 
-To learn about enabling and disabling these features in your deployment, refer to [](/explore-analyze/ai-features/manage-access-to-ai-assistant.md). 
+To learn about enabling and disabling these features in your deployment, refer to [](/explore-analyze/ai-features/manage-access-to-ai-assistant.md).
 
 For pricing information, refer to [pricing](https://www.elastic.co/pricing).
 
@@ -74,7 +74,7 @@ stack:
 serverless:
 ```
 
-[AI-powered search](/solutions/search/ai-search/ai-search.md) helps you find data based on intent and contextual meaning using vector search technology, which uses {{ml}} models to capture meaning in content.  
+[AI-powered search](/solutions/search/ai-search/ai-search.md) helps you find data based on intent and contextual meaning using vector search technology, which uses {{ml}} models to capture meaning in content.
 
 Depending on your team's technical expertise and requirements, you can choose from two broad paths:
 
@@ -115,41 +115,18 @@ serverless:
 
 [](/solutions/observability/observability-ai-assistant.md) helps you understand, analyze, and interact with your Elastic data throughout {{kib}}. It provides a chat interface where you can ask questions about the {{stack}} and your data, and provides [contextual insights](/solutions/observability/observability-ai-assistant.md#obs-ai-prompts) throughout {{kib}} that explain errors and messages and suggest remediation steps.
 
-### Streams 
+### Streams
 ```{applies_to}
 serverless: ga
 stack: preview 9.1, ga 9.2
 ```
 
-[Streams](/solutions/observability/streams/streams.md) provides a single, centralized UI within Kibana that streamlines common tasks like extracting fields, setting data retention, and routing data, so you don't need to use multiple applications or manually configure underlying Elasticsearch components. Streams incorporates AI in the following ways:
+[Streams](/solutions/observability/streams/streams.md) is an AI-assisted centralized UI within {{kib}} that streamlines common tasks like extracting fields, setting data retention, and routing data. Streams incorporates AI in the following features:
 
-#### Generate significant events with AI
-```{applies_to}
-serverless: ga
-stack: preview 9.1, ga 9.2
-```
-[Significant Events](/solutions/observability/streams/management/significant-events.md) periodically runs a query on your stream to find important events. These can include error messages, exceptions, and other relevant log messages. You can use AI to suggest queries based on your data.
-
-#### Generate Grok patterns
-```{applies_to}
-serverless: ga
-stack: preview 9.1, ga 9.2
-```
-You can [generate Grok patterns](/solutions/observability/streams/management/extract/grok.md#streams-grok-patterns) to parse your data using AI instead of writing them by hand. 
-
-#### Generate partition suggestions
-```{applies_to}
-serverless: preview
-stack: preview 9.2
-```
-[Partitioning](/solutions/observability/streams/management/partitioning.md) helps you organize log data into meaningful child streams within a wired stream. You can let AI suggest logical groupings based on your data, which you can review and accept.
-
-#### Generate stream descriptions and feature identification
-```{applies_to}
-serverless: ga
-stack: preview 9.1, ga 9.2
-```
-On the Streams [advanced settings](/solutions/observability/streams/management/advanced.md) tab, you can use AI to generate your [stream description](/solutions/observability/streams/management/advanced.md#streams-advanced-description) and [feature identification](/solutions/observability/streams/management/advanced.md#streams-advanced-features) that AI features like significant events use when generating suggestions.
+* [Significant Events](/solutions/observability/streams/management/significant-events.md): Use AI to suggest queries based on your data that find important events in your stream.
+* [Grok processing](/solutions/observability/streams/management/extract/grok.md#streams-grok-patterns): Use AI to generate grok patterns that extract meaningful fields from your data.
+* [Partitioning](/solutions/observability/streams/management/partitioning.md): {applies_to}`stack: preview 9.2` Use AI to suggest logical groupings and child streams based on your data when using wired streams.
+* [advanced settings](/solutions/observability/streams/management/advanced.md): Use AI to generate a [stream description](/solutions/observability/streams/management/advanced.md#streams-advanced-description) and a [feature identification](/solutions/observability/streams/management/advanced.md#streams-advanced-features) that other AI features, like significant events, use when generating suggestions.
 
 ## AI-powered features in {{elastic-sec}}
 
@@ -185,7 +162,7 @@ serverless:
   security: ga
 ```
 
-[Automatic Import](/solutions/security/get-started/automatic-import.md) helps you quickly parse, ingest, and create ECS mappings for data from sources that don’t yet have prebuilt Elastic integrations. This can accelerate your migration to {{elastic-sec}}, and help you quickly add new data sources to an existing SIEM solution in {{elastic-sec}}. 
+[Automatic Import](/solutions/security/get-started/automatic-import.md) helps you quickly parse, ingest, and create ECS mappings for data from sources that don’t yet have prebuilt Elastic integrations. This can accelerate your migration to {{elastic-sec}}, and help you quickly add new data sources to an existing SIEM solution in {{elastic-sec}}.
 
 ### Automatic Troubleshooting
 ```{applies_to}

From f73f636b152816fc71ef2e0767dbf03e3bd2247f Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein <benjamin.ironside@elastic.co>
Date: Tue, 25 Nov 2025 14:20:24 -0800
Subject: [PATCH 12/13] Updates security section and Attack Disc doc

---
 explore-analyze/ai-features/ai-features.md | 12 +++++-------
 solutions/security/ai/attack-discovery.md  |  4 ++--
 2 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/explore-analyze/ai-features/ai-features.md b/explore-analyze/ai-features/ai-features.md
index c09ae38a53..3095dcbd65 100644
--- a/explore-analyze/ai-features/ai-features.md
+++ b/explore-analyze/ai-features/ai-features.md
@@ -137,7 +137,7 @@ serverless:
   security: all
 ```
 
-[Elastic AI Assistant for Security](/solutions/security/ai/ai-assistant.md) helps you interact with your {{elastic-sec}} data and assists with tasks such as alert investigation, incident response, and query generation. It provides a chat interface where you can ask questions about the {{stack}} and your data, and provides contextual insights throughout {{kib}} that explain errors and messages and suggest remediation steps.
+[Elastic AI Assistant for Security](/solutions/security/ai/ai-assistant.md) helps you with tasks such as alert investigation, incident response, and query generation throughout {{elastic-sec}}. It provides a chat interface where you can ask questions about the {{stack}} and your data, and provides contextual insights that explain errors and messages and suggest remediation steps.
 
 ### Attack Discovery
 ```{applies_to}
@@ -146,11 +146,11 @@ serverless:
   security: ga
 ```
 
-[Attack Discovery](/solutions/security/ai/attack-discovery.md) leverages large language models (LLMs) to analyze alerts in your environment and identify threats. Each "discovery" represents a potential attack and describes relationships among multiple alerts to tell you which users and hosts are involved, how alerts correspond to the MITRE ATT&CK matrix, and which threat actor might be responsible. This can help make the most of each security analyst’s time, fight alert fatigue, and reduce your mean time to respond.
+[Attack Discovery](/solutions/security/ai/attack-discovery.md) uses AI to identify potential threats. Each "discovery" represents a potential attack and describes relationships among multiple alerts to identify related users and hosts, map alerts to the MITRE ATT&CK matrix, and help identify threat actors. 
 
 ### Automatic Migration
 
-[Automatic Migration](/solutions/security/get-started/automatic-migration.md) helps you quickly migrate Splunk assets to {{elastic-sec}}. The following asset types are supported:
+[Automatic Migration](/solutions/security/get-started/automatic-migration.md) helps you quickly migrate Splunk assets to {{elastic-sec}}. It supports the following asset types:
 
 * {applies_to}`stack: preview 9.0, ga 9.1` {applies_to}`serverless: ga` Splunk rules
 * {applies_to}`stack: preview 9.2` {applies_to}`serverless: preview` Splunk dashboards
@@ -162,7 +162,7 @@ serverless:
   security: ga
 ```
 
-[Automatic Import](/solutions/security/get-started/automatic-import.md) helps you quickly parse, ingest, and create ECS mappings for data from sources that don’t yet have prebuilt Elastic integrations. This can accelerate your migration to {{elastic-sec}}, and help you quickly add new data sources to an existing SIEM solution in {{elastic-sec}}.
+[Automatic Import](/solutions/security/get-started/automatic-import.md) helps you quickly parse, ingest, and create ECS mappings for data from sources without prebuilt Elastic integrations. 
 
 ### Automatic Troubleshooting
 ```{applies_to}
@@ -173,6 +173,4 @@ serverless:
 [Automatic troubleshooting](/solutions/security/manage-elastic-defend/automatic-troubleshooting.md) helps you identify and resolve issues that could prevent {{elastic-defend}} from working as intended. It provides actionable insights into the following common problem areas:
 
 * {applies_to}`stack: ga 9.2` {applies_to}`serverless: ga` **Policy responses**: Detect warnings or failures in {{elastic-defend}}’s integration policies.
-* **Third-party antivirus (AV) software**: Identify installed third-party antivirus (AV) products that may conflict with {{elastic-defend}}.
-
-This helps you resolve configuration errors, address incompatibilities, and ensure that your hosts remain protected.
+* **Third-party antivirus (AV) software**: Identify installed third-party antivirus (AV) products that might conflict with {{elastic-defend}}.
\ No newline at end of file
diff --git a/solutions/security/ai/attack-discovery.md b/solutions/security/ai/attack-discovery.md
index 2323b5ae6b..082dda8569 100644
--- a/solutions/security/ai/attack-discovery.md
+++ b/solutions/security/ai/attack-discovery.md
@@ -56,12 +56,12 @@ Attack Discovery is designed for use with alerts based on data that complies wit
 3.  Search for and select the non-ECS fields you want Attack Discovery to analyze. Set them to **Allowed**.
 4.  Check the `Update presets` box to add the allowed fields to the space's default anonymization settings.
 
-The selected fields can now be analyzed the next time you run Attack Discovery.
+The next time you run Attack Discovery it will be able to analyze the selected fields.
 :::
 
 ## Generate discoveries manually[attack-discovery-generate-discoveries]
 
-You’ll need to select an LLM connector before you can analyze alerts. Attack Discovery uses the same LLM connectors as [AI Assistant](/solutions/security/ai/ai-assistant.md). To get started:
+You’ll need to select an LLM connector before you can analyze alerts. To get started:
 
 1. Click the **Attack Discovery** page from {{elastic-sec}}'s navigation menu.
 2. Do one of the following:

From 052c880d50dc5fa6ec7727c1047245880185958a Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein <benjamin.ironside@elastic.co>
Date: Tue, 25 Nov 2025 14:33:51 -0800
Subject: [PATCH 13/13] Update ai-features.md

---
 explore-analyze/ai-features/ai-features.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/explore-analyze/ai-features/ai-features.md b/explore-analyze/ai-features/ai-features.md
index 3095dcbd65..1eb1476d6a 100644
--- a/explore-analyze/ai-features/ai-features.md
+++ b/explore-analyze/ai-features/ai-features.md
@@ -130,6 +130,8 @@ stack: preview 9.1, ga 9.2
 
 ## AI-powered features in {{elastic-sec}}
 
+{{elastic-sec}}'s AI-powered features all rely on [LLM connectors](/solutions/security/ai/set-up-connectors-for-large-language-models-llm.md). When you use one of these features, you can select any LLM connector that's configured in your environment. The connector you select for one feature does not affect which connector any other feature uses. For specific configuration instructions, refer to each feature's documentation.
+
 ### AI Assistant for Security
 ```{applies_to}
 stack: all