Skip to content
VaultTerm
Browse docs

Get Started

Credential Vault

Terminal & SSH

Teams & Organizations

Browser Extension

Privacy-First AI

Self-Hosting

Administration

Configuration Reference

Security & Architecture

API & Integrations

Troubleshooting & FAQ

privacy-first-ai

AI overview

VaultTerm's AI features — a command copilot, command-history analysis, an audit-grounded access copilot with citations, a rotation helper, and AI-written JIT justifications — built privacy-first.

Updated Jun 23, 2026

VaultTerm’s AI features help you operate the platform faster without sending your secrets or terminal output off the network by default. The assistance is grounded in your own organization’s data and defaults to a self-hosted model on your LAN — see AI privacy model.

Command copilot

The command copilot turns natural language into a concrete command and tells you whether it is safe to run:

  • Natural language to commands. Describe what you want and the copilot proposes the SSH or fleet command to do it — see Fleet commands.
  • Safe / dangerous classification. Every proposed command is classified, deterministically, as safe or dangerous after the model returns it. A command flagged dangerous is gated behind a step-up before it can run, so the model’s suggestion alone never executes something destructive unchecked.

Command-history analysis

The copilot can analyse command history to support review — summarising what was run and surfacing notable activity — so that going over a session or a stretch of work does not mean reading every line by hand. This analysis is grounded in your recorded activity, not in outside knowledge.

Access copilot

The access copilot answers questions about your environment, grounded in your organization’s own data:

  • Grounded answers. Questions are answered from your audit trail, vault metadata and anomaly signals — for example, what is expiring, what looks risky, or who accessed what.
  • Citations. Answers come with citations back to the records they are based on, so you can verify the claim rather than trust it. Retrieval is scoped to your organization, so the copilot cannot ground an answer in another tenant’s data — see Tenant isolation.

Rotation and access helpers

  • Rotation helper. AI assistance helps with credential rotation, grounded in the same vault and audit data — see Sharing and rotation.
  • AI-written JIT justifications. When you request just-in-time elevation, AI can help draft the justification that accompanies the request — see JIT access. The request still goes through the normal approval and audit path; the assistance is in the writing, not the granting.

Privacy by default

Every AI feature is subject to the same privacy model: assistance defaults to a self-hosted model on your own network, and the cloud path is reachable only behind a redaction gate and a per-organization opt-in. Read AI privacy model before enabling anything, and Self-hosted setup to point AI at your own network.

Where to go next

All docs · Ask a question