## Summary The **Security Analyst** foundational chat agent is no longer visible/selectable in GitLab Duo Chat on a Dedicated instance after upgrading from 18.10 to 18.11. The agent is being filtered out of the `aiFoundationalChatAgents` GraphQL response, even though the customer is on a paid DAP (Duo Agent Platform) pilot. Reported via Zendesk ticket [#722802](https://gitlab.zendesk.com/agent/tickets/722802) and tracked internally in [gitlab-com/request-for-help#4880](https://gitlab.com/gitlab-com/request-for-help/-/work_items/4880). ## Affected versions / upgrade path The customer's Dedicated instance was upgraded during weekly maintenance windows: - 2026-05-26: `18.10.6` → `18.11.3` - 2026-06-02: `18.11.3` → `18.11.4` The issue started appearing after the upgrade from 18.10 to 18.11. ## Steps to reproduce Run the following GraphQL query against an affected Dedicated instance (paid pilot using trial credits): ```graphql query getFoundationalChatAgents($projectId: ProjectID, $namespaceId: NamespaceID) { aiFoundationalChatAgents(projectId: $projectId, namespaceId: $namespaceId) { nodes { id name description referenceWithVersion avatarUrl selectableInChat } } } ``` With parameters: ```json { "projectId": null, "namespaceId": "gid://gitlab/Group/<top-level-group-id>" } ``` ## Expected behavior The `Security Analyst` agent (`gid://gitlab/Ai::FoundationalChatAgent/security_analyst_agent-v1`) is returned alongside the other foundational agents (as it is on the sandbox instance). ## Actual behavior The `Security Analyst` agent is missing from the response on the customer's Dedicated instance. All other agents (GitLab Duo, Planner, Data Analyst, CI Expert, Permissions Assistant) are returned as expected. No errors appear in the relevant OpenSearch logs for the correlation ID, so the agent is being filtered silently. ## Related - RFH: [gitlab-com/request-for-help#4880](https://gitlab.com/gitlab-com/request-for-help/-/work_items/4880) - Suspected origin MR: !228648