ContextQMD
Back to Infisical

AI Session Insights

docs/documentation/platform/pam/product-reference/ai-session-insights.mdx

0.159.255.6 KB
Original Source

AI Session Insights is disabled by default and must be enabled per resource. Once enabled, it automatically generates a summary of what happened during a PAM session once it ends. Instead of manually reviewing raw logs, administrators get a concise, human-readable overview of the user's activity along with any flagged actions that may warrant further review.

<Warning> AI Session Insights are generated by a large language model and may not be fully accurate. Summaries and warnings should be used as a starting point for investigation, not as a definitive record of session activity. Always refer to the raw session logs for authoritative information. </Warning>

How It Works

When a session ends (whether the user disconnects, it times out, or an admin terminates it), Infisical asynchronously processes the session logs using the AI model configured for that resource. The model produces a structured output containing:

  • Summary: A 2–4 sentence overview of what the user was trying to accomplish during the session, grouping related actions together.
  • Warnings: Specific actions the model flagged as potentially destructive or suspicious (e.g., a DROP TABLE on a production database or a rm -rf on a server). Each warning includes a short description and, for database sessions, a reference to the specific log entry.

The insights are encrypted at rest using the same KMS key as the rest of your project's data.

Supported Resources

AI Session Insights are currently supported for the following resource types:

  • PostgreSQL: Summarizes SQL queries and flags destructive or suspicious operations such as dropping tables, bulk deletes, and privilege changes.
  • SSH: Summarizes terminal commands and flags dangerous operations such as file deletion, privilege escalation, or data exfiltration attempts.
<Note> Support for additional resource types is planned for future releases. </Note>

Prerequisites

  • An Anthropic App Connection configured in your organization. This is the connection Infisical uses to call the Claude API on your behalf.

Configuration

AI Session Insights are configured per resource. To enable them:

<Steps> <Step title="Open the resource"> Navigate to your PAM project and click on the resource you want to configure. </Step> <Step title="Edit Session Recording settings"> On the resource detail page, click the **Edit** button in the **Session Recording** section. 
    ![Session Recording Edit](/images/pam/product-reference/ai-session-insights/session-recording-edit.png)
</Step>
<Step title="Enable AI Insights">
    Toggle **AI Insights** on. Two additional fields will appear:

    - **App Connection**: Select the Anthropic connection to use for generating summaries.
    - **Model**: Choose the Claude model to use. We recommend **Claude Sonnet 4.6** for a balance of quality and cost, or **Claude Opus 4.6** for the most detailed analysis.

    ![AI Insights Configuration](/images/pam/product-reference/ai-session-insights/ai-insights-configuration.png)
</Step>
<Step title="Save">
    Click **Update Details** to save the configuration. AI Insights will be generated for all new sessions on this resource going forward.
</Step>
</Steps>

Viewing AI Insights

After a session ends, Infisical processes the logs and generates insights in the background. To view them:

  1. Navigate to the Sessions page in your PAM project.
  2. Click on a completed session.
  3. The AI Insights card appears at the top of the session detail page, showing the summary and any warnings.

For PostgreSQL sessions, each warning links directly to the relevant log entry so you can inspect the raw activity in context. SSH warnings do not include log entry references.

FAQ

<AccordionGroup> <Accordion title="Does Infisical share my session data with Anthropic?"> AI Insights uses the Anthropic connection you configure in your organization, meaning requests go through your own API key and are subject to your agreement with Anthropic. Only the logs from the specific session being summarized are included in the request. No secrets, credentials, or other project data are shared. Refer to [Anthropic's privacy policy](https://www.anthropic.com/legal/privacy) for details on how they handle API inputs. </Accordion> <Accordion title="Can I use AI Insights with any Claude model?"> AI Insights supports Claude Sonnet 4.6, Claude Opus 4.6, and Claude Haiku 4.5. Sonnet 4.6 is recommended for most use cases as a balance of quality and cost. </Accordion> <Accordion title="How long does it take for insights to appear after a session ends?"> Insights are generated asynchronously and typically appear within a few seconds to a minute after a session ends, depending on the length of the session logs and the model selected. For very long sessions, generation may take longer. </Accordion> <Accordion title="Can I configure different AI models for different resources?"> Yes. AI Insights are configured per resource, so each resource can use a different Anthropic connection or Claude model. This lets you apply a more powerful model to high-risk resources and a lighter model elsewhere. </Accordion> <Accordion title="What happens if the session log is very long?"> If the session logs exceed the size limit, Infisical will not generate an AI summary for that session. The raw logs are always available to review regardless of session length. </Accordion> </AccordionGroup>