Summary

CoreStack v6.1 (2602) strengthens the platform across three key dimensions: expanding AI-native capabilities for both FinOps and Graphion workflows, deepening Kubernetes cost visibility with multi-cloud support, and enhancing cloud security observability through improved infrastructure dashboards and resource relationship mapping. This release reflects CoreStack's continued investment in making AI-powered cloud governance actionable — connecting intelligence directly into the tools and workflows customers already use.

On the AI front, this release delivers Model Context Protocol (MCP) integrations that bring CoreStack's FinOps data directly into Claude desktop. FinOps teams can now query cloud spend, tagging posture, and cost optimization data through natural-language AI agents — without leaving their preferred tools. Graphion similarly advances with enhanced MCP tooling and continued SBOM/IBOM AI prompt work, enabling security workflows to surface resource relationship context more effectively.

For Kubernetes and multi-cloud cost management, v6.1 adds AKS (Azure), Azure K8s cost ingestion via Prometheus, and OCI compartment-level cost visibility in dashboards. Combined with new cost optimization policies for AWS EBS rightsizing and EC2 Intel-to-AMD migration, this release gives FinOps practitioners a notably more complete picture of cloud resource efficiency across providers.

Release Highlights:

AI MCP Integrations — Connect CoreStack FinOps data to Claude desktop
AKS Onboarding & Cost Ingestion — Discover, onboard, and govern Azure Kubernetes clusters with Prometheus-based cost visibility
OCI Cost Visibility — Compartment and compartment-path cost breakdown in FinOps dashboards
Graphion Infrastructure Dashboards — Workload filtering and resource detail views for Infra Dashboards

FinOps

Azure Kubernetes (AKS) Cost Ingestion via Prometheus

Description: CoreStack now ingests cost and utilization data for Azure Kubernetes Service (AKS) clusters using a Prometheus-based agent, extending Kubernetes cost visibility to Azure-hosted workloads. This enhancement enables consistent K8s cost analysis across AWS and Azure within a single platform. Teams managing hybrid or multi-cloud Kubernetes deployments gain unified spend visibility without requiring separate tooling per cloud provider.

Key Capabilities:

Prometheus agent-based ingestion of AKS cluster cost and utilization metrics
Cost data surfaced in CoreStack Kubernetes cost dashboards alongside AWS EKS data
Supports Azure-hosted K8s workloads within existing FinOps cost allocation workflows

Key Benefits:

Eliminates blind spots for organizations running Kubernetes workloads on Azure
Provides a consistent multi-cloud K8s cost view without additional tooling overhead
Enables chargeback and showback for AKS workloads alongside other cloud resources

AKS (Azure) Kubernetes Cluster Onboarding

Description: CoreStack now supports discovery, onboarding, and governance of Azure Kubernetes Service (AKS) clusters from the Container Platform Accounts workspace. Cloud Admins can onboard AKS clusters through a guided five-step wizard with inline validation and credential testing at every step, then immediately access cost, inventory, and governance data — using the same workflows already established for AWS EKS.

Key Capabilities:

Discover all AKS clusters automatically from onboarded Azure subscriptions and view governance status from a single dashboard
Onboard through a five-step wizard — Cluster Selection, Product Activation, Storage Configuration, Agent Deployment, and Advanced Settings
Connect Azure Blob Storage as metrics storage using Service Principal, Storage Account Key, or existing cloud account credentials — with live validation before proceeding
Deploy the CoreStack Kubernetes Agent via a cluster-specific YAML manifest and a single kubectl command
Monitor AKS cost spend in FinOps dashboards by cluster and workload type, with post-onboarding configuration updates supported

Key Benefits:

Eliminates Azure Kubernetes blind spots with full cost attribution for AKS workloads within hours of onboarding
Reduces onboarding errors through guided validation and credential testing at every step
Enforces consistent multi-cloud governance by managing AKS and EKS clusters through the same controls, policies, and FinOps workflows
Meets data residency requirements by storing metrics in the customer's own Azure Blob Storage account

Azure Kubernetes Cost Support in FinOps Dashboards

Description: Following AKS cost ingestion, CoreStack now surfaces Azure Kubernetes cost data in existing FinOps cost dashboards, providing the same visualization and drill-down capabilities that are available for AWS EKS. Users can analyze AKS cluster spend by namespace, workload, or resource alongside other cloud costs in a unified view.

Key Capabilities:

AKS cluster cost data displayed in Kubernetes Cost Dashboards
Drill-down by namespace, workload, and resource for AKS clusters
Consistent dashboard experience across AWS and Azure Kubernetes workloads

Key Benefits:

Finance and FinOps teams gain full Azure K8s cost visibility within existing dashboards
No new dashboards or tools required — AKS data integrates into current workflows
Supports accurate cost allocation for Azure Kubernetes workloads

OCI Compartment-Level Cost Visibility in Dashboards

Description: CoreStack FinOps dashboards now support cost breakdowns by OCI Compartment and Compartment Path, giving OCI users the ability to analyze cloud spend at the organizational hierarchy level native to Oracle Cloud Infrastructure. This enhancement aligns OCI cost reporting with the granular views already available for AWS and Azure.

Key Capabilities:

Filter and segment dashboard cost widgets by OCI Compartment
Compartment Path-based cost grouping for hierarchical OCI organizations
Compartment-level data available across cost trend, spend summary, and allocation widgets

Key Benefits:

OCI teams can perform department- or project-level cost analysis without exporting raw data
Aligns OCI cost governance with organizational compartment structures defined in OCI console
Improves showback/chargeback accuracy for multi-compartment OCI deployments

Resource Tags in Billing Inventory

Description: Billing Inventory now displays cloud provider resource tags for each resource, enabling users to view and validate tag assignments directly within the billing data view. This enhancement bridges the gap between cost data and tagging governance by making resource tags visible in the same context as billing line items.

Key Capabilities:

Cloud provider resource tags displayed as columns in Billing Inventory resource table
Tags visible per resource row without requiring a separate inventory lookup
Supports tags from all major cloud providers within the billing context

Key Benefits:

Reduces manual effort when validating tag-based cost allocation rules
Enables faster identification of untagged or incorrectly tagged resources in billing data
Supports FinOps tagging governance workflows without switching between modules

Policy Configuration at Account Scope

Description: Governance policy configuration can now be set at the individual cloud account scope, giving administrators finer control over policy behavior without requiring changes at the tenant or organization level. This enhancement supports organizations with heterogeneous governance requirements across accounts — such as production vs. development environments requiring different policy thresholds.

Key Capabilities:

Policy configuration parameters settable at the cloud account level
Account-scope settings override tenant-level defaults where configured
Supports selective policy customization without duplicating policy definitions

Key Benefits:

Enables differentiated governance for production, staging, and development accounts within a single tenant
Reduces misconfiguration risk by scoping policy changes to only the accounts that need them
Simplifies multi-team governance where different teams own different cloud accounts

Cost Trend Widget — Hide Variance Display Option

Description: The Cost Trend widget in the FinOps Executive Dashboard now supports an option to hide the variance percentage and display only absolute cost values. This addresses feedback from finance stakeholders who prefer clean cost figures for reporting without the visual noise of percentage change columns.

Key Capabilities:

Toggle to hide variance (%) column in the Cost Trend widget
Display switches to absolute cost values only when variance is hidden
Setting persists per dashboard configuration

Key Benefits:

Cleaner cost reporting views for executive and finance audiences
Reduces confusion when variance percentages are not relevant to a particular reporting use case
Increases dashboard usability by allowing teams to tailor views to their audience

Webhook, Teams Webhook & Slack Notification Support for Dimension-Level Cost Anomaly

Description: Cost Anomaly Detection in CoreStack supports three notification channels at the account level — Email, Webhook, and Microsoft Teams Webhook. CoreStack 2602 extends this same notification breadth to dimension-level anomaly detection, and introduces Slack as a new channel across both levels. FinOps teams can now receive real-time anomaly alerts for Dimension Grouping Rules through the same channels already trusted for account-level alerts, mapped directly to their business context — without relying solely on email delivery.

Key Capabilities:

Generic Webhook for dimension-level anomalies: Configure a webhook URL on a Dimension Grouping Rule; when an anomaly is detected, the system POSTs the anomaly summary payload to the configured endpoint and tracks delivery status (COMPLETED or FAILED) in notification history.
Microsoft Teams Webhook for dimension-level anomalies: Configure a Teams Incoming Webhook URL on a Dimension Grouping Rule; on anomaly detection, the summary is formatted and delivered as an Adaptive Card to the configured Teams channel, mirroring the Teams Webhook support already available at the account level.
Slack Webhook (new channel, all levels): Configure a Slack Incoming Webhook URL on a Dimension Grouping Rule; on anomaly detection, the summary is formatted as a Slack message payload and POSTed to the configured webhook, with the same notification history lifecycle as email and other channels.
Independent channel dispatch: Each channel operates independently — failure of one channel does not block delivery to others. Notification history records are created per channel per dispatch cycle, consistent with the existing email history pattern.
Master notifications toggle respected: All three new channels honor the notifications_enabled master toggle on the grouping rule notification config.

Key Benefits:

Extend anomaly signal to where teams already work by routing dimension-level cost anomalies to Slack, Teams, or custom webhook endpoints — without requiring email-based workflows.
Improve response time to cost spikes mapped to business units or projects by delivering dimension-scoped anomaly alerts directly to team channels, not shared inboxes.
Achieve full notification parity between account-level and dimension-level anomaly detection, simplifying the alert configuration model for FinOps administrators managing both levels.

Graphion

Enhancing Graphion MCP with Resource Relationship

Description: The Graphion Model Context Protocol (MCP) toolset now incorporates resource relationship context, allowing AI agents and external tools connected via MCP to understand how cloud resources relate to one another when responding to security queries. This enhancement moves Graphion MCP beyond simple resource lookups to relationship-aware security intelligence.

Key Capabilities:

Resource relationship data exposed through Graphion MCP tool calls for core resource types including Compute Instances, Load Balancers, Network Security Groups, Kubernetes Clusters, Subnets, Virtual Networks, and Object Storage Buckets
AI agents consuming Graphion MCP can now traverse resource relationships in their responses
Enables more contextual security queries such as identifying resources connected to a compromised instance

Key Benefits:

Security analysts using AI tools get relationship-aware answers rather than isolated resource data
Reduces manual investigation steps when triaging incidents that involve connected resources
Strengthens the value of Graphion MCP as a foundation for AI-driven security workflows

Resource Details View on Infrastructure Dashboards

Description: Infrastructure Dashboards in Graphion now include a Resource Details view, allowing security engineers to click through from an infrastructure topology view to see full resource-level detail — including configuration, relationships, compliance status, and risk indicators — without leaving the dashboard context.

Key Capabilities:

Clickable resource detail panel accessible from Infra Dashboard topology views
Resource detail view shows configuration attributes, compliance posture, and risk indicators
Supports drill-down without navigating away from the infrastructure overview

Key Benefits:

Reduces context switching for security engineers investigating infrastructure anomalies
Provides faster access to resource-level detail during incident investigation
Connects infrastructure topology view with resource-level security context in a single experience

Workload Filter on Infrastructure Dashboards

Description: Infrastructure Dashboards in Graphion now support filtering by Workload, enabling security teams to scope their infrastructure view to a specific application or business workload. This enhancement helps organizations with large, multi-workload environments focus security analysis on the resources that matter most to them at any given time.

Key Capabilities:

Workload-based filter available on Infra Dashboard views
Filter scopes topology, resource lists, and risk indicators to selected workload(s)
Consistent with workload filtering available in other CoreStack modules

Key Benefits:

Reduces noise in security dashboards for organizations with dozens of workloads
Enables workload-specific security posture reviews without building separate filtered views
Aligns infrastructure security views with business-context workload groupings

Navigation Menu Consolidation — Graphion

Description: The navigation menu for Graphion has been consolidated and restructured for improved usability. Menu items have been reorganized to reduce depth and improve discoverability of key AppSecOps features for both new and experienced users.

Key Capabilities:

Consolidated navigation structure for Graphion modules
Improved menu item grouping and labelling for key security features
Reduced navigation depth for commonly accessed AppSecOps workflows

Key Benefits:

Faster access to frequently used AppSecOps features
Reduced onboarding friction for new users learning the platform
Consistent navigation experience across Graphion modules

Vulnerability Graph Usability Improvements

Description: Usability issues identified by QA in the Vulnerability Graph have been resolved, improving the accuracy and reliability of the graph view for security teams analyzing software supply chain risk and vulnerability relationships. The graph now renders and interacts more predictably across typical use cases.

Key Capabilities:

Resolved rendering and interaction issues in the Vulnerability Graph view
Improved stability for graph traversal and node selection interactions

Key Benefits:

More reliable vulnerability relationship analysis for Graphion users
Reduces analyst frustration from inconsistent graph behavior during security investigations

AppSecOps AI Agent — Improvements to SBOM and IBOM Response Quality

Description: CoreStack continues to advance AI-powered analysis of Software Bill of Materials (SBOM) and Infrastructure Bill of Materials (IBOM) data, with prompt engineering improvements that improve the quality, accuracy, and depth of AI-generated insights on supply chain and infrastructure risk.

Key Capabilities:

Refined AI prompts for SBOM-based vulnerability and dependency analysis
Improved IBOM AI analysis for infrastructure component risk assessment
Enhanced natural-language outputs for AI-driven SBOM/IBOM queries

Key Benefits:

Higher quality AI insights for supply chain and infrastructure risk analysis
More actionable AI-generated recommendations from SBOM and IBOM data
Advances CoreStack's AI-native security analysis capabilities

Platform

AI Agent: CoreStack MCP Integration for Claude Desktop

Description: CoreStack's AI Agent capabilities now include MCP integrations for Claude desktop, enabling users to query CoreStack's FinOps data and security insights through natural-language conversations in their preferred AI assistant. This brings CoreStack's cloud intelligence directly into the AI tools that teams use every day.

Key Capabilities:

CoreStack MCP server compatible with Claude desktop MCP clients
Exposes CoreStack FinOps tools — cost queries, anomaly data, optimization recommendations, tagging status — to AI assistant conversations
Supports natural-language queries against live CoreStack data from within Claude desktop

Key Benefits:

Enables FinOps practitioners to ask cost and anomaly questions directly in their AI assistant
Removes the need to switch between CoreStack and AI tools for cost analysis and reporting
Lowers the adoption barrier for AI-powered FinOps analysis by meeting users in tools they already use

AI Agent: FinOps MCP

Description: CoreStack introduces a dedicated FinOps MCP server that exposes a curated set of FinOps-specific tools through the Model Context Protocol. This server is the foundation for all AI agent integrations in this release and can be connected to any MCP-compatible AI client or automation platform.

Key Capabilities:

Dedicated MCP server exposing CoreStack FinOps tools as callable AI agent functions
Covers cost data queries, tagging governance, budget status, anomaly detection, and optimization recommendations
Standard MCP protocol compliance for compatibility with any MCP-capable AI platform

Key Benefits:

Provides a single, well-defined integration point for connecting AI platforms to CoreStack FinOps data
Enables consistent FinOps tool behavior regardless of which AI client is connected
Extensible foundation for adding new FinOps tool capabilities to the MCP surface in future releases

AKS (Azure) Kubernetes Cluster Onboarding

Description: CoreStack now supports onboarding of Azure Kubernetes Service (AKS) clusters, bringing AKS within the scope of CoreStack's Kubernetes visibility, cost management, and governance capabilities. Users can onboard AKS clusters through the standard K8s onboarding flow and immediately access cost, inventory, and compliance data for Azure-hosted Kubernetes workloads.

Key Capabilities:

AKS cluster onboarding via CoreStack's K8s onboarding workflow
Post-onboarding access to AKS cluster cost, inventory, and compliance data
Consistent onboarding experience aligned with existing EKS onboarding for AWS

Key Benefits:

Extends CoreStack's Kubernetes management capabilities to Azure-hosted clusters
Enables unified multi-cloud Kubernetes governance from a single platform
Reduces operational overhead for teams managing both AWS EKS and Azure AKS clusters

Import Cloud Account Tags from Hyperscaler

Description: Cloud Tag Import enables CoreStack users to pull existing cloud account-level tags directly from AWS, Azure, GCP, and OCI into the platform — eliminating manual tag re-entry and keeping CoreStack aligned with the tagging strategy already established in each cloud environment. This helps FinOps, SecOps, and CloudOps teams maintain a single, accurate source of tag-based cost allocation, governance, and resource filtering without duplicating work across systems.

Key Capabilities:

Import cloud-native tags automatically: Pull cloud account-level tags from AWS, Azure, GCP, and OCI directly into CoreStack's Cloud Account Tags framework — no manual re-entry needed.
Map imported tags to organizational levels: Align imported cloud tags to CoreStack's Account Master, Tenant, and Cloud Account hierarchy for consistent categorization across the platform.
Sync tagging strategies across environments: Ensure that the tagging conventions and key-value pairs defined in each cloud provider are reflected accurately inside CoreStack.
Filter and manage resources using imported tags: Use imported cloud tags across CoreStack modules — dashboards, reports, governance policies, and cost views — just like manually created Custom Tags.

Key Benefits:

Eliminate hours of manual tag re-entry by importing existing cloud tags in bulk, freeing FinOps and CloudOps teams to focus on optimization rather than data entry.
Improve tag accuracy and consistency by sourcing tags directly from cloud providers, reducing human error and tag drift between systems.
Accelerate cloud account onboarding by auto-populating tags during or after account setup, cutting onboarding time for large multi-account environments.
Enable faster cross-cloud reporting and governance by ensuring CoreStack's tag data matches what's already in place across AWS, Azure, GCP, and OCI.

Supported Providers: AWS, Azure, GCP, OCI

The following table lists each cloud provider account level which supports account-level tags that can be discovered and imported into CoreStack.

Provider	Enrollment Type	Account Level
AWS	—	Management Account
AWS	—	Member Account
AWS	—	Organization Unit
Azure	Standard	Subscription
Azure	CSP	CSP Subscription
Azure	EA	EA Subscription
Azure	MCA	MCA Subscription
GCP	—	Organization
GCP	—	Folder
GCP	—	Project
OCI	—	Tenancy

FinOps for SaaS — Landing Page Enhancement

Description: The FinOps for SaaS landing page has been updated with UX and content improvements that make it easier for users to discover, connect, and manage SaaS spend tools within CoreStack. The enhanced landing page provides clearer onboarding guidance and better surfacing of available SaaS integrations.

Key Capabilities:

Updated landing page layout for FinOps for SaaS module
Improved onboarding guidance for connecting SaaS spend data sources
Clearer surfacing of available SaaS tool integrations

Key Benefits:

Reduces time-to-first-value for users setting up SaaS spend visibility in CoreStack
Improves discoverability of SaaS integrations for new users
Provides a more polished entry point for the FinOps for SaaS module

Bug Fixes

Vulnerability Graph Usability Issues Resolved

Description: Multiple usability issues in the Vulnerability Graph — identified during QA testing — caused inconsistent rendering and interaction behavior when analysts navigated and explored vulnerability relationship data.

Resolution: Engineering addressed the reported usability issues. The Vulnerability Graph now renders correctly and interaction behaviors (node selection, graph traversal) work consistently across typical use cases. Security analysts can rely on the graph view for vulnerability relationship analysis without encountering the previously reported rendering inconsistencies.

External APIs

To see the external APIs which have been added, modified, and removed in this release, refer to: External APIs 6.1 (2602)
To see all the available external APIs, refer to: https://docs.corestack.io/reference/accesssummarycount