Graylog, an AI-powered SIEM platform for lean security teams, has announced new capabilities in explainable AI and automated investigation workflows. The company unveiled a Threat Prioritization Engine that groups alerts using entity context and asset criticality, and Context-Aware Incident Response that automates evidence collection, reducing investigation time by up to 50%. Graylog introduced an MCP Server that connects compatible LLMs to security data, enabling conversational queries across security environments. The server is available at no additional cost across all Graylog versions and supports agentic workflows for triage, compliance and false positive analysis. The company's Spring 2026 release will debut risk-triggered automated investigations that open when asset risk scores exceed defined thresholds. Graylog serves 60,000 organisations worldwide.

Graylog appoints Jorda Cire as Chief Financial Officer to drive operational and strategic growth. Seasoned technology finance executive brings expertise in scaling and strategy as Graylog enters next growth phase HOUSTON-(BUSINESS WIRE)-Graylog, a leading provider of SIEM and log management solutions purpose-built to secure lean teams, today announced the appointment of Jorda (Jody) Cire as Chief Financial Officer. Cire joins Graylog following a successful tenure leading finance functions across venture capital- and private equity-backed technology companies. Most recently, he served as CFO at InterVision Systems, until its acquisition by NWN Corporation. Previously, Cire held CFO positions at Prescott's Inc., AllCloud, and LogRhythm, where he helped guide companies through capital raises, IPO readiness, and strategic sales. "Jody brings a combination of operational discipline, capital markets experience, and strategic insight to Graylog," said Andy Grolnick, CEO of Graylog. "His leadership will be instrumental as we accelerate our growth and continue to deliver an AI-powered SIEM and log management platform built for lean and outcome-driven security and IT operations teams worldwide." In his role, Cire will oversee Graylog's global financial operations, including capital planning, budgeting, M&A, and organizational scaling. His focus will be on building the operational infrastructure needed to support both organic and inorganic growth, while serving as a trusted advisor to the CEO and Board on long-term strategy and value creation. "I'm excited to join Graylog at this dynamic stage of growth," said Cire. "The company has a compelling mission, strong leadership, and a vibrant culture rooted in transparency, teamwork, and innovation. I look forward to helping scale the business with financial discipline and to positioning Graylog for continued growth and strategic success." Visit Graylog to learn more about the company or talk to Graylog's AI Concierge Arti. About Graylog Graylog is the AI-powered SIEM and centralized log management platform that transforms noisy data into clear insights. It helps security and IT teams detect and investigate threats faster with explainable AI that summarizes dashboards, prioritizes risks, and automates workflows - without losing human control. Graylog is trusted by 60,000+ organizations worldwide. Learn more at graylog.com or connect with us on Bluesky and LinkedIn.

Graylog's AI features improve security outcomes across hybrid environments. Graylog launched its Graylog Security Fall 2025 release. The latest version introduces AI-driven insights, Model Context Protocol (MCP) Server Access, and Amazon Security Data Lake integration, enabling SOCs to operate with clarity, speed, and cost efficiency. The new platform (version 7.0) features AI-enabled dashboards for Enterprise and Security customers, delivering explainable insights into threats and trends. Additionally, it provides MCP Server access, which securely connects large language models (LLMs) directly to Graylog data for natural language queries. Additionally, the new Amazon Security Data Lake integration further enhances visibility across hybrid environments, providing controls to reduce transfer, storage, and licensing costs. These capabilities deliver measurable efficiency gains for teams that need to accomplish more with fewer resources. "Security and IT teams are being pushed to their limits by data growth and alert fatigue," said Seth Goldhammer, VP of Product Management at Graylog. "Our focus is on helping them take back control, with practical AI that drives faster insights, smarter investigations, and measurable efficiency. With this release, we're giving teams explainable AI they can trust. By combining innovation with simplicity, and AI with human insight, organizations can meet security challenges head-on with technology that works for them." Expanding access to security data through natural language. This release introduces Graylog MCP Server Access, a secure new way for teams to interact with their Graylog environment through natural language. The MCP Server connects user-approved AI agents or LLMs to Graylog, adding a conversational layer for querying and analysis - fully governed by user permissions and license tier and available to all Graylog versions. Analysts (or their AI agents) can ask things like: * "Show me assets that increased in risk score over the past week and are linked to open investigations." * "Summarize the top five MITRE techniques detected across failed logins in the last 24 hours." * "Which indices are nearing rotation thresholds, and how much storage is currently in use across the cluster?" This capability helps teams uncover both security insights and environment health, improving awareness and response times across the SOC. It gives analysts a faster, more intuitive way to interpret and act on data, enhancing productivity, clarity, and confidence without changing what they can access or control. Reducing cost and complexity with AWS Security Data Lake integration. Graylog 7.0 extends the concept introduced previously with the Graylog internal data lake to external data lakes. Using preview, selective retrieval, and filtered collection, customers gain unified visibility across their AWS services and other environments without incurring unnecessary transfer costs, licensing impacts, or redundant storage for log messages that are not aligned with their active analytics, such as dashboards and threat detections. Redefining the SOC for the real world. Built for lean, outcome-driven teams, Graylog unifies log management, SIEM, and AI-powered threat detection and investigation in a single, scalable platform. The result is an analyst-centric workflow that delivers actionable clarity without complexity or overhead. Unlike legacy SIEMs weighed down by cost and complexity, or newer entrants chasing unproven AI claims, Graylog Security delivers transparent and understandable AI that provides analysts with clear context and control. Every alert, summary, and recommendation can be traced and understood, empowering security teams to respond faster and smarter. The Graylog Security Fall 2025 release is available now.