elastic · benironside · Jan 8, 2026 · Jan 6, 2026 · Jan 8, 2026
@@ -90,7 +90,7 @@ You can select which alerts Attack Discovery will process by filtering based on
 :::{admonition} How to add non-ECS fields to Attack Discovery
 Attack Discovery is designed for use with alerts based on data that complies with ECS, and by default only analyses ECS-compliant fields. However, you can enable Attack Discovery to review additional fields by following these steps:
 
-1.  Select an alert with some of the non-ECS fields you want to analyze, and go to its details flyout. From here, use the **Ask AI Assistant** button to open AI Assistant.
+1.  Select an alert with some of the non-ECS fields you want to analyze, and go to its details flyout. From here, use the **Ask AI Assistant** or **Add to chat** button to open an AI chat.
 2.  At the bottom of the chat window, the alert's information appears. Click **Edit** to open the anonymization window to this alert's fields.
 3.  Search for and select the non-ECS fields you want Attack Discovery to analyze. Set them to **Allowed**.
 4.  Check the `Update presets` box to add the allowed fields to the space's default anonymization settings.
@@ -149,7 +149,7 @@ There are several ways you can incorporate discoveries into your {{elastic-sec}}
 * Hover over an entity’s name to either add the entity to Timeline (![Add to timeline icon](/solutions/images/security-icon-add-to-timeline.png "title =20x20")) or copy its field name and value to the clipboard (![Copy to clipboard icon](/solutions/images/security-icon-copy.png "title =20x20")).
 * Click **Take action**, then select **Add to new case** or **Add to existing case** to add a discovery to a [case](/solutions/security/investigate/cases.md). This makes it easy to share the information with your team and other stakeholders.
 * Click **Investigate in timeline** to explore the discovery in [Timeline](/solutions/security/investigate/timeline.md).
-* Click **View in AI Assistant** to attach the discovery to a conversation with AI Assistant. You can then ask follow-up questions about the discovery or associated alerts.
+* Click **View in AI Assistant** or **Add to chat** to attach the discovery to a conversation. You can then ask follow-up questions about the discovery or associated alerts.
 
 :::{image} /solutions/images/security-add-discovery-to-assistant.gif
 :alt: Attack Discovery view in AI Assistant

@@ -31,6 +31,6 @@ You can take several actions from the alert details flyout:
    The recommended actions are informed by any relevant custom knowledge you may have added to the AI Assistant's [knowledge base](/solutions/security/ai/ai-assistant-knowledge-base.md). For example, if you have specified a particular teammate is responsible for a particular type of alert of part of your infrastructure, it would recommend contacting that person. 
    :::
 
-- **Ask AI Assistant**: To start a conversation with [AI Assistant](/solutions/security/ai/ai-assistant.md), select one of the suggested prompts or click **Ask AI Assistant**. 
+- **Ask AI Assistant** or **Add to chat**: To start an AI chat, select one of the suggested prompts or click **Ask AI Assistant** or **Add to chat**. 
 - **Add to case**: To add an alert to a new or existing case, scroll to the bottom and click **Take action**, then **Add to existing case** or **Add to new case**. 
 - **Apply alert tags**: To add tags to an alert, scroll to the bottom of its flyout and click **Take action**, then **Apply alert tags**. (To create new tags, navigate to the **Advanced settings** page using the navigation menu or the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md), and update the **Alert tagging options**.)
@@ -43,7 +43,7 @@ After Attack discovery outlines your threat landscape, use Elastic AI Assistant
 
 ## Use AI Assistant to analyze a threat [use-case-incident-reporting-use-ai-assistant-to-analyze-a-threat]
 
-From a discovery on the Attack discovery page, click **View in AI Assistant** to start a chat that includes the discovery as context.
+From a discovery on the Attack discovery page, click **View in AI Assistant** or **Add to chat** to start a chat that includes the discovery as context.
 
 :::{image} /solutions/images/security-attck-disc-remediate-threat.gif
 :alt: A dialogue with AI Assistant that has the attack discovery as context