ELASTIC Workflows is generally available in 9.4, delivering production-ready security automation that runs where your data lives across Security, Observability, and Search. According to Elastic Security Labs, the update expands case management to 25 dedicated automation steps covering the full lifecycle, adds human-in-the-loop as a first-class primitive, and introduces broader AI integration and more flow-control primitives.
The platform now supports natural language authoring, with YAML as the target for AI-generated workflows, and a Workflow editor that makes it possible to describe intent in natural language while ensuring the YAML remains inspectable and editable. Workflows also introduces composable patterns, enabling you to build reusable sub-workflows and dispatch based on alert categories, with execution history kept for debugging and auditing.
Pricing and licensing are noted as based on workflow executions under an Enterprise license on Elastic Cloud Hosted and self-managed deployments, with a unified execution-based model coming to Serverless for Security later in 2026.