Learn more about our ✨ new ✨ native MCP
AI Chat

Security

Security considerations for using AI Chat safely with your Directus data.

AI Chat is designed with security in mind. This page covers how access is controlled and what to consider when using AI with your data.

Access Control

AI Chat requires authentication and Data Studio access. Unauthenticated users, API-only users, and public roles cannot access it.

The AI operates with your existing Directus permissions - if you can't access a collection or delete items, neither can the AI. This differs from the MCP Server, which uses separate access tokens.

Data Protection

API Keys: Encrypted at rest in the database and masked in the UI. Only administrators can configure them.

Conversations: Stored in your browser only (localStorage). Not saved to the server, not shared between devices. See Data Storage.

Data Sent to AI Providers

Your messages, schema information, item data, and tool responses are sent to the configured provider (OpenAI or Anthropic).

Review provider privacy policies:

Be mindful of what you discuss. Avoid sharing sensitive personal data, credentials, or confidential information in AI conversations.

Tool Approvals

All tools require approval by default. Configure per-tool settings in the chat header menu. See Tool Behavior for details.

Best Practices

  1. Review tool calls before approving, especially writes and deletes
  2. Use appropriate roles - don't give users more permissions than needed
  3. Test in development before using AI Chat with production data
  4. Be selective about what data you discuss with AI

Next Steps

User Guide

Learn how to use AI Chat effectively.

Available Tools

See what actions the AI can perform.

Tips & Best Practices

Get the most out of AI Chat.

Get once-a-month release notes & real‑world code tips...no fluff. 🐰

Tips & Best Practices

Get the most out of AI Chat with practical tips, example prompts, and common pitfalls to avoid.

MCP Server