Learn more about our native MCP
AI Assistant

Security

Security considerations for using AI Assistant safely with your Directus data.

AI Assistant is designed with security in mind. This page covers how access is controlled and what to consider when using AI with your data.

Access Control

AI Assistant requires authentication and Data Studio access. Unauthenticated users, API-only users, and public roles cannot access it.

The AI operates with your existing Directus permissions - if you can't access a collection or delete items, neither can the AI. This differs from the MCP Server, which uses separate access tokens.

Data Protection

API Keys: Encrypted at rest in the database and masked in the UI. Only administrators can configure them.

Conversations: Stored in your browser only (local storage). Not saved to the server, not shared between devices. See Data Storage.

Data Sent to AI Providers

Your messages, schema information, item data, and tool responses are sent to the configured provider (OpenAI, Anthropic, or Google).

File uploads: When you attach files to a conversation, they are uploaded directly to your configured AI provider's file storage. Google file uploads expire after approximately 24 hours. Review your provider's data retention policies for uploaded files.

Review provider privacy policies:

Be mindful of what you discuss. Avoid sharing sensitive personal data, credentials, or confidential information in AI conversations. This includes files — do not upload documents containing sensitive data unless you trust your provider's data handling policies.

Tool Approvals

All tools require approval by default. Configure per-tool settings in the chat header menu. See Tool Behavior for details.

Best Practices

  1. Review tool calls before approving, especially writes and deletes
  2. Use appropriate roles - don't give users more permissions than needed
  3. Test in development before using AI Assistant with production data
  4. Be selective about what data you discuss with AI

Next Steps

User Guide

Learn how to use AI Assistant effectively.

Available Tools

See what actions the AI can perform.

Tips & Best Practices

Get the most out of AI Assistant.

Get once-a-month release notes & real‑world code tips...no fluff. 🐰

Best Practices

Get the most out of AI Assistant with practical tips, example prompts, and common pitfalls to avoid.

Overview

Connect AI assistants directly to your Directus instance. Let Claude, ChatGPT, and other AI tools manage your content without manual copy-pasting.