Feature: KeeperAI in Privileged Sessions
KeeperAI enables real-time, agentic AI threat detection and response, ensuring that high-risk sessions are automatically terminated and all user activity is analyzed and categorized.
Automatically analyzes live session activity and categorizes behaviors into Critical, High, Medium and Low risk levels. Each threat is explained with detailed command-by-command context, so security teams understand why an action is risky, not just that it occurred.
KeeperAI can instantly terminate sessions when critical or high-risk behavior is detected, drastically reducing time to response and exposure windows.
Define your own risk indicators using custom string or regex pattern matching. Prevent activity with “Terminate Session” actions, or allow activity through “Monitor Only” actions, based on your environment’s needs.
Bring any Large Language Model (LLM). KeeperAI integrates with all LLM Providers that support OpenAI compatible endpoints, including AWS Bedrock, Azure, Google Vertex AI, Grok and self-hosted runtimes.
Generate encrypted summaries of activity with video playback of the session. These AI-based summaries offer precise forensic detail for audit and incident response.
KeeperAI provides full AI-powered monitoring and threat detection for SSH sessions. All activity within the remote sessions is analyzed in real time, enabling precise risk classification, automated response and encrypted session summaries.
Automatically detect malicious or suspicious behavior by privileged users, including data exfiltration attempts, unauthorized access and privilege escalation.
Security teams no longer need to manually review hundreds of session recordings each day.
False alarms that overwhelm security teams are no longer an issue.
All AI processing happens within the customer environment. Data is never exposed to Keeper and is built on zero-trust principles with end-to-end encryption. All data is encrypted with the customer’s private key.
KeeperAI currently provides full support for SSH sessions. It performs real-time threat analysis, automated session termination and generates encrypted session summaries for forensic review.
Support for RDP, VNC, database sessions and Remote Browser Isolation (RBI) is planned for future releases. These will expand KeeperAI’s monitoring capabilities across all critical privileged access channels.
All AI processing takes place at your local PAM gateway within your environment, with LLM calls routed to your chosen provider (cloud-based or on-premises). All data is encrypted locally at your gateway before being sent to Keeper. KeeperAI adheres to a zero-knowledge security architecture and ensures Keeper never has access to your unencrypted session data.
Yes, organizations can define custom string or regex patterns to trigger automated responses, such as terminating a session or applying heightened monitoring.
No, KeeperAI is a core capability included with KeeperPAM. It requires no additional licensing beyond PAM deployment. LLM provider costs may apply depending on your chosen deployment option.
You must accept cookies to use Live Chat.