ContextQMD
Back to Directus

Security

content/guides/11.ai/1.assistant/5.security.md

latest2.9 KB
Original Source

AI Assistant is designed with security in mind. This page covers how access is controlled and what to consider when using AI with your data.

Access Control

AI Assistant requires authentication and Data Studio access. Unauthenticated users, API-only users, and public roles cannot access it.

The AI operates with your existing Directus permissions - if you can't access a collection or delete items, neither can the AI. This differs from the MCP Server, which uses separate access tokens.

Data Protection

API Keys: Encrypted at rest in the database and masked in the UI. Only administrators can configure them.

Conversations: Stored in your browser only (local storage). Not saved to the server, not shared between devices. See Data Storage.

Data Sent to AI Providers

Your messages, schema information, item data, and tool responses are sent to the configured provider (OpenAI, Anthropic, or Google).

File uploads: When you attach files to a conversation, they are uploaded directly to your configured AI provider's file storage. Google file uploads expire after approximately 24 hours. Review your provider's data retention policies for uploaded files. Files uploaded from your local machine are not added to your Directus File Library.

Review provider privacy policies:

::callout{icon="material-symbols:warning" color="warning"} Be mindful of what you discuss. Avoid sharing sensitive personal data, credentials, or confidential information in AI conversations. This includes files — do not upload documents containing sensitive data unless you trust your provider's data handling policies. ::

Tool Approvals

All tools require approval by default. Configure per-tool settings in the chat header menu. See Tool Behavior for details.

Best Practices

  1. Review tool calls before approving, especially writes and deletes
  2. Use appropriate roles - don't give users more permissions than needed
  3. Test in development before using AI Assistant with production data
  4. Be selective about what data you discuss with AI

Next Steps

::card-group

:::card{title="User Guide" icon="material-symbols:chat" to="/guides/ai/assistant/usage"} Learn how to use AI Assistant effectively. :::

:::card{title="Available Tools" icon="material-symbols:construction" to="/guides/ai/assistant/tools"} See what actions the AI can perform. :::

:::card{title="Tips & Best Practices" icon="material-symbols:lightbulb" to="/guides/ai/assistant/tips"} Get the most out of AI Assistant. :::

::