Skip to content

[8.19] [Obs AI Assistant] Disallow destructive actions via the Elasticsearch tool (#229497)#229816

Merged
viduni94 merged 1 commit intoelastic:8.19from
viduni94:backport/8.19/pr-229497
Jul 29, 2025
Merged

[8.19] [Obs AI Assistant] Disallow destructive actions via the Elasticsearch tool (#229497)#229816
viduni94 merged 1 commit intoelastic:8.19from
viduni94:backport/8.19/pr-229497

Conversation

@viduni94
Copy link
Copy Markdown
Contributor

@viduni94 viduni94 commented Jul 29, 2025

Backport

This will backport the following commits from main to 8.19:

Questions ?

Please refer to the Backport tool documentation

@viduni94
[Obs AI Assistant] Disallow destructive actions via the Elasticsearch…
42a9ac0 
… tool (elastic#229497)

Closes elastic#229501

## Summary

### Problem
There have been several reports that the AI Assistant goes rogue and
performs destructive actions.

### Solution
- Instruct the LLM to not perform destructive actions and to mention to
the user that these actions can't be performed
- Only allow `GET` requests and `GET`/`POST` requests to the `/_search`
endpoint when executing the Elasticsearch tool
- If the LLM attempts to call disallowed methods, throw an error

The evaluation framework scenarios which expected deletion of an index
was updated to conform to the above changes as well.

### What's not included
- Guardrails for the `query` tool and `kibana` tool
- Allowing destructive actions via a button click to "Confirm"

### Checklist

- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
- [x] Review the [backport
guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)
and apply applicable `backport:*` labels.

(cherry picked from commit 808bac6)

# Conflicts:
#	x-pack/solutions/observability/plugins/observability_ai_assistant_app/scripts/evaluation/scenarios/elasticsearch/index.spec.ts
@viduni94 viduni94 requested a review from kibanamachine as a code owner July 29, 2025 13:51
@viduni94 viduni94 added the backport This PR is a backport of another PR label Jul 29, 2025
@viduni94 viduni94 enabled auto-merge (squash) July 29, 2025 13:51
@viduni94 viduni94 mentioned this pull request Jul 29, 2025
Merged
2 tasks
@viduni94
Copy link
Copy Markdown
Contributor Author

viduni94 commented Jul 29, 2025

/ci

@botelastic botelastic bot added the Team:Obs AI Assistant Observability AI Assistant label Jul 29, 2025
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Jul 29, 2025

Pinging @elastic/obs-ai-assistant (Team:Obs AI Assistant)

@viduni94 viduni94 merged commit cc3806b into elastic:8.19 Jul 29, 2025
13 checks passed
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Jul 29, 2025

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #72 / Security Solution - Telemetry Security Telemetry - Indices metadata task telemetry @ess indices metadata should include ilm_policy in data stream events when defined

Metrics [docs]

✅ unchanged

History

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@neptunian neptunian neptunian approved these changes

@kibanamachine kibanamachine Awaiting requested review from kibanamachine kibanamachine is a code owner

Assignees

No one assigned

Labels

backport This PR is a backport of another PR Team:Obs AI Assistant Observability AI Assistant

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@viduni94 @elasticmachine @neptunian