AI assistant: From generalist to specialist

RAG isn’t about reinventing the wheel. It’s about enhancing what already exists. By pairing a powerful LLM with a domain-specific knowledge base (KB), you give the AI access to the expertise it lacks. Think of it as teaching a gifted linguist the nuances of your industry — from intricate standards like the BSI security guidelines to internal policies, playbooks, and beyond. Instead of training a model from scratch, you’re simply equipping it with the tools to answer detailed questions and provide actionable insights specific to your needs.

Imagine a scenario where you’re poring over an 850-page document packed with technical recommendations. With RAG, you don’t have to read through endless pages or search for a needle in a haystack. Instead, you can ask the AI questions in plain language, and it will fetch answers from the document directly — efficiently and accurately. Or consider internal standards and guidelines: RAG lets your AI assistant provide meaningful, context-aware support to your team, saving time and reducing confusion.

Ultimately, RAG lets you turn a general-purpose AI into your own bespoke expert without the hefty price tag or complexity of creating something from scratch. It’s the smarter, more practical way forward for those who want AI that actually understands their world. And that’s what makes RAG more than just another acronym.

Imagine this: You’re navigating a technical document — say, the 850+ page BSI (Bundesamt für Sicherheit in der Informationstechnik // German Federal Office for Information Security) security guidelines. You’ve got a specific question about securing an OT environment with obsolete software, but the sheer volume of the document makes it nearly impossible to find what you need without spending hours digging through it. That’s where RAG shines.

With a RAG-powered AI assistant, you can bypass the manual search entirely. You ask a question in plain English — something like, “What does the BSI recommend for securing systems with Windows XP?” — and the assistant not only provides a concise answer but cites the relevant sections of the guidelines to back it up. It’s like having a domain expert who’s read the entire document and remembers exactly where everything is.

Take the example of OT environments tied to legacy software. While Windows XP is long outdated in IT, in OT it’s often a critical component of expensive machinery and cannot be replaced for the lifetime of the equipment. The BSI guidelines recognize this reality and offer a framework for securing such systems. Instead of dismissing their use outright, the assistant provides context-aware advice, breaking down recommendations like:

Other blogs from Elastic go into the details of RAG, including vector databases, semantic search, and other such technologies that make it all work. If you want to go deeper, you’re welcome to explore those resources. One such blog from my colleague Christine Komander shows the technical steps to enrich an LLM-driven AI assistant with local expertise by building a semantic search knowledge base (KB) Elasticsearch index from PDFs. 

However, I’ve distilled all this into a simple script that does all the technical lifting for you. You can use it in three easy steps:

1. Configure it to connect to your Elasticsearch instance.

2. Let it set up the inferencing, ingest pipeline, and index for you.

3. Read in as many PDFs as you want.

Please refer to the README.md of that project for details on the script’s usage, as well as its capabilities and features — such as how it handles excerpt extraction. The README also provides an example of how to load the BSI guidelines discussed in previous sections of this blog.

Once you’ve set up your knowledge base, you’ll probably want to see it in action. You can add it to the AI Assistant for Observability or Security in their respective configuration panels. But here, we’ll demonstrate using the Search AI Playground in Kibana:


1. In Kibana, open the navigation menu and click on Playground under the “Search” application.

While the idea of using AI and RAG might seem like it’s tailored exclusively for tech enthusiasts or data scientists, its applications extend far beyond. This approach makes complex regulatory, technical, or operational documents accessible to everyone, available at the point of requirement and distilled to exactly what is needed, including those with limited technical expertise.

Providing the full text of a conversation with an AI assistant would make this blog far too lengthy. Instead I’ll summarise example interactions to illustrate how this technology can address complex, real-world scenarios. If you’re curious to see it in action, you’re welcome to recreate these experiences in your own Elasticsearch deployment.

Let’s explore how this works using an example related to the NIS II directive:

Question: “As a dairy farmer, describe how NIS II might apply to me and what actions I should be taking.”

The AI assistant reviews relevant documents and explains how the dairy farming sector is categorized as a critical sector under NIS II. It outlines practical steps, including implementing risk management measures, reporting significant incidents, and ensuring compliance with national supervision requirements. The response is detailed but accessible, showing how even non-technical users can engage with complex regulations.

Question: “As a dairy farmer, all of this is beyond my capability and understanding.”

In this case, the assistant provides actionable advice tailored to someone unfamiliar with cybersecurity concepts. It recommends starting with basic cyber hygiene, seeking professional help, and leveraging industry resources to meet compliance requirements.

Question: “My tractor is computerized and I assume it is connecting to its manufacturer, however I am not allowed nor able to make alterations.”

Here, the assistant advises engaging with the manufacturer to ensure security measures are in place, understanding the connectivity of the tractor, and ensuring updates and incident reporting processes are followed. It highlights steps that can be taken within the farmer’s control to address cybersecurity concerns without needing deep technical knowledge.

Through these examples, it’s clear that AI assistants (empowered by RAG) are not just for tech-savvy users — they are designed to make critical information usable and actionable for everyone, regardless of their technical background.

The release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.

In this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use. 

Elastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.