Keeper Security has announced the launch of KeeperAI, a new artificial intelligence-powered feature within its KeeperPAM platform. The tool has been designed to detect and stop cyber threats in real time by monitoring and analysing privileged sessions, which are often prime targets for attacks.
Addressing the rise of AI-driven attacks
With cyber attacks becoming faster, more widespread and increasingly powered by artificial intelligence, organisations face growing challenges in keeping their systems secure. Privileged accounts, which provide access to an organisation’s most critical systems, remain a major focus for attackers. However, many traditional security tools only detect insider threats or unusual session behaviour after a breach has already occurred.
KeeperAI has been introduced to close this gap by providing continuous monitoring and immediate responses. According to Keeper Security, the feature offers automated threat classification and instant countermeasures, giving organisations the ability to customise responses according to their needs.
“The reality is that cyber threats are no longer just a question of if, but when and how quickly you respond,” said Craig Lurey, CTO and Co-founder of Keeper Security. “KeeperAI’s agentic capabilities allow you to automatically monitor, identify and mitigate threats in real time, shutting down high-risk sessions, unauthorised access or improper account elevations.”
How KeeperAI works
KeeperAI is designed to counter insider threats, privilege misuse and advanced persistent threats, all of which have challenged security teams for years. By relying on real-time monitoring and machine-driven risk classification, the system eliminates the delays associated with manual reviews and rule-based alerts.
The platform analyses session metadata, keystroke logs and command execution records to identify unusual behaviour. Threats are automatically categorised into risk levels ranging from critical to low. Administrators can set policies for how to respond to each category, whether that means automatically ending a session, flagging it for review, or continuing to monitor activity.
As a sovereign AI product, KeeperAI gives organisations full control over the data they use and generate. It can integrate with leading large language model providers such as AWS Bedrock, Anthropic, Google Gemini and OpenAI, supporting both cloud and on-premises deployments without vendor lock-in.
Jeremy London, Director of Engineering, AI and Threat Analytics at Keeper Security, highlighted the benefit of automating threat response. “Security teams shouldn’t have to waste hours reviewing logs or manually shutting down risky sessions. That’s why we built KeeperAI as an agentic AI system – it doesn’t just detect anomalies, it actively monitors and takes action on them in real time,” he said. “This eliminates alert fatigue, accelerates response times to seconds and allows teams to focus on strategy instead of firefighting.”
Deployment and availability
KeeperAI is initially compatible with SSH-based sessions and will soon expand to support RDP, VNC, RBI and database protocols. All incident data and risk assessments are displayed within the Keeper Vault interface, enabling teams to investigate issues, meet compliance requirements and connect with existing SIEM and SOC tools through Keeper’s Advanced Reporting and Alerts Module.
The solution combines AI-driven monitoring with a zero-knowledge architecture, ensuring that sensitive information remains encrypted and under customer control. This approach allows organisations to strengthen their security operations while maintaining compliance with data protection standards.
KeeperAI is now available to all KeeperPAM customers running PAM Gateway version 1.7.0 or higher. It can be deployed across both cloud and Docker-based environments.
