As AI coding assistants like Claude Code and Cowork become integrated into engineering workflows, security teams require visibility into their actions. Elastic's InfoSec team has developed a monitoring pipeline using native OpenTelemetry (OTel) export capabilities to track shell commands, file interactions, and API calls. By routing this telemetry through an OTel gateway or Elastic Cloud's managed OTLP endpoint, organizations can support threat detection and compliance requirements.
The architecture relies on custom Elasticsearch mappings and ingest pipelines to handle specific telemetry events such as tool results, user prompts, and session context. This data allows security analysts to perform tool invocation auditing, session reconstruction, and cost anomaly detection. By correlating AI agent telemetry with EDR data from Elastic Defend, teams can bridge the gap between AI intent and host-level impact for more effective incident response.
Top comments (0)