AI Assistant

Breeze ships with a built-in AI assistant that can investigate device issues, query fleet state, and execute actions through the same controls your team uses. Every mutating call is governed by the AI Risk Engine, so nothing touches a device without policy and approval checks behind it.

AI Risk Engine

The Risk Engine classifies every AI operation into one of four tiers:

• Tier 1: Read-only operations that auto-execute.
• Tier 2: Low-risk mutating actions that auto-execute and audit log.
• Tier 3: Higher-risk actions that require explicit human approval.
• Tier 4: Blocked actions that never execute.

Tier assignment is action-level and context-aware. The same tool can run at different tiers depending on intent, scope, and timing — a reboot inside a maintenance window is Tier 2, but the same call outside one escalates to Tier 3.

Approvals, rejections, rate-limit state, and security events all surface in the Risk Engine dashboard. See AI Risk Engine for the full model.

Fleet-Oriented AI Operations

From the Fleet view, the AI can orchestrate cross-fleet workflows for policies, deployments, patches, groups, automations, alert rules, and reports. The same tooling handles one-device triage and large-scale maintenance — useful for both daily help-desk work and quarterly remediation pushes.

Device context memory keeps known issues, quirks, follow-ups, and preferences scoped to each organization, so the assistant doesn’t lose state between conversations.

Connecting External AI Clients

External AI assistants — Claude.ai, ChatGPT, Cursor, Windsurf — connect to Breeze through a full OAuth 2.1 stack with Dynamic Client Registration and PKCE. Clients self-register on first connect, the user approves scopes through a standard authorization screen, and the client receives short-lived access tokens with rotating refresh. Revoking a grant invalidates every sibling token immediately — no waiting for expiry.

The MCP endpoint speaks both SSE and the newer Streamable HTTP transport defined in the latest MCP specification, so modern OAuth-capable clients and legacy SSE clients work side by side. Pasted API keys remain an option for self-hosters who prefer them; audit logging is identical on both paths.

Deeper details live in Authentication and MCP Server.

BYOK vs LanternOps Brain

BYOK (included free) handles single-event reactive triage. The AI receives an event, investigates with the tool catalog, and recommends or executes inside the risk engine. One event at a time, no memory between sessions.

LanternOps Brain (managed upgrade) adds the intelligence layer that makes AI operations production-grade:

• Persistent memory across incidents, device quirks, and client preferences.
• Cross-tenant pattern matching that anonymously surfaces shared incidents and known-fix success rates across every managed tenant — your fleet data never leaves your boundary, the brain only sees aggregate signal.
• Automated playbooks assembled from successful past resolutions.
• Compliance automation against NIST 800-171, CIS v8, SOC 2, and HIPAA with evidence artifact generation.
• Multi-agent orchestration with specialized triage, remediation, and compliance agents coordinating through the Claude Agent SDK.
• Proactive analysis that scans for issues before they become incidents.

The upgrade path is one click: Settings → AI Brain → LanternOps → Connect.

Double Risk Validation

When LanternOps Brain is connected, every action passes through two independent safety layers:

1. LanternOps pre-validation checks cross-tenant intelligence, timing analysis, and historical failure patterns before any request reaches your RMM.
2. Breeze Risk Engine re-validates the action locally against your risk classifications, maintenance windows, and approval policies.

Your Breeze instance is always the final authority. LanternOps can request actions — Breeze decides whether to allow them. The RMM stays sovereign regardless of which brain is connected.

Tenant Isolation and Rate Limits

Every AI call carries the tenant context of the caller, and tenant boundaries are enforced down to the database with row-level security. An assistant connected for one customer cannot see or touch another, regardless of which tool is called.

AI tool calls and MCP connections are rate-limited per organization, with state visible in the Risk Engine dashboard. Exceeding a limit returns a throttle response with retry timing instead of silently dropping requests — so misbehaving clients fail loudly and stay observable.

Tool Catalog

The assistant exposes the same tool groups across BYOK and LanternOps modes:

• Device tools — list devices, get details, query fleet state.
• Alert tools — retrieve alerts, update status, link to tickets.
• Action tools — reboot, shutdown, lock, isolate, install, uninstall.
• Patch tools — patch status and scheduled deployments.
• Script tools — execute PowerShell, Bash, or Python with result retrieval.
• Report tools — compliance, security, inventory, and executive reports.
• Documentation tools — runbooks, incident notes, change logs.

Every tool inherits a tier classification, and the same tool can resolve to different tiers depending on context.

Optional Browser Telemetry

Self-hosters can opt in to browser-side error tracking and on-error session replay by providing a Sentry DSN. When enabled, text, inputs, URLs, IDs, cookies, headers, and request bodies are aggressively masked before anything leaves the browser. Telemetry stays off by default — nothing is collected unless you explicitly turn it on. See Error Tracking for the full configuration model.

Learn More

• AI Risk Engine — tier definitions, approval workflow, and rate-limit visibility.
• MCP Server — how external AI clients connect to the same toolset.
• Authentication — OAuth 2.1, scoped keys, and identity across humans and agents.
• What Breeze AI Can Do For Your Help Desk — practical triage and remediation walkthroughs.