diff --git a/x-pack/platform/plugins/shared/osquery/server/lib/get_user_info.test.ts b/x-pack/platform/plugins/shared/osquery/server/lib/get_user_info.test.ts
new file mode 100644
index 0000000000000..1f1a8ee483dea
--- /dev/null
+++ b/x-pack/platform/plugins/shared/osquery/server/lib/get_user_info.test.ts
@@ -0,0 +1,97 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { httpServerMock, loggingSystemMock } from '@kbn/core/server/mocks';
+import type { SecurityPluginStart } from '@kbn/security-plugin/server';
+import { getUserInfo } from './get_user_info';
+
+describe('getUserInfo', () => {
+  const logger = loggingSystemMock.createLogger();
+  const request = httpServerMock.createKibanaRequest();
+
+  it('returns undefined when security is unavailable', async () => {
+    const result = await getUserInfo({ request, logger });
+
+    expect(result).toBeUndefined();
+  });
+
+  it('returns user profile info when available', async () => {
+    const security = {
+      userProfiles: {
+        getCurrent: jest.fn().mockResolvedValue({
+          uid: 'profile-1',
+          user: {
+            username: 'user-name',
+            full_name: 'Full Name',
+            email: 'user@example.com',
+          },
+        }),
+      },
+      authc: {
+        getCurrentUser: jest.fn(),
+      },
+    } as unknown as SecurityPluginStart;
+
+    const result = await getUserInfo({ request, security, logger });
+
+    expect(result).toEqual({
+      username: 'Full Name',
+      full_name: 'Full Name',
+      email: 'user@example.com',
+      profile_uid: 'profile-1',
+    });
+  });
+
+  it('falls back to authc when user profile lookup fails', async () => {
+    const security = {
+      userProfiles: {
+        getCurrent: jest.fn().mockRejectedValue(new Error('failed')),
+      },
+      authc: {
+        getCurrentUser: jest.fn().mockReturnValue({
+          username: 'fallback-user',
+          full_name: null,
+          email: 'fallback@example.com',
+        }),
+      },
+    } as unknown as SecurityPluginStart;
+
+    const result = await getUserInfo({ request, security, logger });
+
+    expect(result).toEqual({
+      username: 'fallback@example.com',
+      full_name: null,
+      email: 'fallback@example.com',
+      profile_uid: null,
+    });
+  });
+
+  it('uses profile_uid from authc fallback when available', async () => {
+    const security = {
+      userProfiles: {
+        getCurrent: jest.fn().mockResolvedValue(null),
+      },
+      authc: {
+        getCurrentUser: jest.fn().mockReturnValue({
+          username: 'cloud-user',
+          full_name: null,
+          email: 'cloud-user@example.com',
+          profile_uid: 'u_cloud_profile_123',
+        }),
+      },
+    } as unknown as SecurityPluginStart;
+
+    const result = await getUserInfo({ request, security, logger });
+
+    expect(result).toEqual({
+      username: 'cloud-user@example.com',
+      full_name: null,
+      email: 'cloud-user@example.com',
+      profile_uid: 'u_cloud_profile_123',
+    });
+  });
+});
diff --git a/x-pack/platform/plugins/shared/osquery/server/lib/get_user_info.ts b/x-pack/platform/plugins/shared/osquery/server/lib/get_user_info.ts
index 890094057a168..75b432705b214 100644
--- a/x-pack/platform/plugins/shared/osquery/server/lib/get_user_info.ts
+++ b/x-pack/platform/plugins/shared/osquery/server/lib/get_user_info.ts
@@ -58,7 +58,7 @@ export const getUserInfo = async ({
         username: displayName,
         full_name: user.full_name ?? null,
         email: user.email ?? null,
-        profile_uid: null,
+        profile_uid: user.profile_uid ?? null,
       };
     }
   } catch (error) {