Elasticsearch vs Speakeasy
Side-by-side trajectory, velocity, and editorial themes.
Elastic ships a coordinated wave of Kibana CVE patches alongside steady Rally tooling work.
Elastic's recent feed is dominated by a single-day cluster of Kibana security advisories (ESA-2026-32 through 40): SSRF, denial-of-service, privilege-escalation, and stored-injection fixes spanning the 8.19, 9.2, 9.3, and 9.4 branches. The only feature-bearing release is Rally 2.13.0, the benchmarking harness.
This is security-hardening mode. A large, synchronized advisory drop points to an internal audit or coordinated-disclosure cycle rather than feature momentum. Rally aside, the product surface is being patched, not expanded.
Expect follow-on point releases (9.4.x, 8.19.x) consolidating these fixes and a return to feature changelogs once the advisory backlog clears. Watch whether more ESA numbers in this sequence surface.
Speakeasy is turning Gram into an enterprise control plane for MCP and agent traffic.
Gram has moved well past being an MCP gateway. The last two weeks added a five-step enterprise onboarding wizard, request-time tool filtering, AI-suggested custom detection rules with a live playground, and Shadow MCP access controls. The platform now spans identity (SSO/SCIM via WorkOS), multi-role RBAC, risk-policy enforcement, and workforce observability. Meanwhile the hosted Project Assistant is steadily absorbing what used to be the bolt-on AI Insights sidebar.
Two arcs are converging. One is governance: detection rules, message-type-scoped risk policies, and runtime Shadow MCP enforcement are hardening Gram into a security layer for agent traffic. The other is the Project Assistant, being rebuilt as a first-class server-side assistant that owns its own conversation state rather than a UI-only sidebar. Enterprise packaging work, the onboarding wizard, device-agent rollout page, and plugin distribution by email, points toward self-serve enterprise adoption.
Expect AI Insights to be fully retired in favor of the Project Assistant, which the release notes already frame as its replacement. The detection-rule and Shadow MCP work is likely to keep consolidating into a single risk-policy surface, and the onboarding wizard points toward self-serve enterprise sign-up.
See more alternatives to Elasticsearch →
See more alternatives to Speakeasy →