Keeper Security has today unveiled KeeperAI, a new agentic AI feature for its KeeperPAM® platform. KeeperAI enables real-time session monitoring and analysis, automated threat classification and instant response to combat cyber attacks and suspicious behaviour – customisable to meet an organisation’s exact specifications.
Cyberattacks are getting faster, more widespread, and increasingly more automated with AI, making it hard for organisations to keep up. Privileged accounts, which control access to the most sensitive systems, are still the primary targets. However, traditional security tools often can’t detect sophisticated threats or unusual activity until after a breach has already happened.
“The reality is that cyber threats are no longer just a question of if, but when and how quickly you respond,” said Craig Lurey, CTO and Co-founder of Keeper Security. “KeeperAI’s agentic capabilities allow you to automatically monitor, identify and mitigate threats in real time, shutting down high-risk sessions, unauthorised access or improper account elevations.”
Meeting Today’s Security Challenges
Insider threats, privilege misuse and advanced persistent threats have long challenged security teams. In the era of pervasive, AI-powered cyber attacks, traditional manual session reviews and rule-based alerts leave organisations falling woefully behind today’s fast-moving threats. KeeperAI addresses this challenge with continuous monitoring of privileged sessions, automatic risk classification and session summaries, and configurable responses that can terminate sessions or trigger alerts when suspicious and malicious behaviour is detected – without the need for human intervention. As a sovereign AI product, each organisation using KeeperAI has full ownership and control over the data it uses and generates.
KeeperAI’s key features provide a powerful solution for modern security challenges. Its automated session analysis detects unusual behaviour by examining session metadata, keystroke logs, and command execution logs. The platform then uses threat classification to automatically categorise these threats and assign risk levels. Based on these classifications, KeeperAI can trigger automatic session termination to stop a threat in its tracks. With a customisable configuration, you can adjust risk parameters and detection rules to fit your specific environment, while the session search feature allows you to quickly find specific keywords or activities across all sessions. Finally, KeeperAI offers flexible deployment, supporting third-party, cloud-based, and on-premises large language model (LLM) inference.
KeeperAI will categorise commands into threat risk levels from Critical to High, Medium and Low. Once KeeperAI is enabled, administrators can customise the risk level classification and policy on detection, giving admins the ability to define rule-based policies for specific command patterns – with the choice to automatically terminate risky sessions or simply monitor them when threats are detected. The solution allows customers to integrate with major LLM providers such as AWS Bedrock, Anthropic, Google Gemini and OpenAI. It supports compatible cloud and on-premises deployments without vendor lock-in.
Jeremy London, Director of Engineering, AI and Threat Analytics at Keeper Security, said: “Security teams shouldn’t have to waste hours reviewing logs or manually shutting down risky sessions. That’s why we built KeeperAI as an agentic AI system – it doesn’t just detect anomalies, it actively monitors and takes action on them in real time. With controls and parameters configured by humans, KeeperAI independently terminates high-risk sessions and enforces security policies instantly. This eliminates alert fatigue, accelerates response times to seconds and allows teams to focus on strategy instead of firefighting.”
KeeperAI currently supports SSH-based sessions, with plans to extend support to RDP, VNC, RBI and database protocols. All risk assessments and incident data feed directly into the Keeper Vault UI, allowing teams to investigate incidents, maintain compliance and integrate with Security Information and Event Management (SIEM) and Security Operations Center (SOC) tools through Keeper’s Advanced Reporting and Alerts Module (ARAM).
The solution combines agentic AI with a zero-knowledge architecture so all sensitive data remains encrypted and under customer control. Organisations gain scalable security operations while meeting compliance requirements.
KeeperAI is available now to all KeeperPAM customers running PAM Gateway version 1.7.0 or higher and can be deployed in both cloud and Docker-based environments.
