> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pwnbook.app/llms.txt
> Use this file to discover all available pages before exploring further.

# AI Providers

> Configure Anthropic or OpenAI API keys to enable the AI assistant and AI-powered features across Pwnbook. Manage provider settings from the server admin panel.

## Overview

Pwnbook's AI features — the in-app chat assistant, PR threat model analysis, and AI-assisted report writing — require at least one AI provider to be configured with a valid API key. AI providers are configured by server admins in the admin panel.

Pwnbook supports:

* **Anthropic** (Claude models) — recommended for security-focused tasks
* **OpenAI** (GPT models)

Both providers can be configured simultaneously, allowing you to designate a default while keeping a fallback available.

## Adding an Anthropic API key

1. Obtain an API key from [console.anthropic.com](https://console.anthropic.com).
2. Go to **Server Admin** → **AI Providers**.
3. Click **Add Provider** → **Anthropic**.
4. Paste your API key in the **API Key** field.
5. Select the default model to use (e.g., `claude-opus-4-5`, `claude-sonnet-4-5`).
6. Click **Save**.

Pwnbook validates the key by making a test API call. If the key is invalid or has insufficient permissions, you'll see an error.

<Tip>Use a dedicated API key for Pwnbook rather than a shared key used by other services. This makes it easy to rotate the key without affecting other systems and allows you to monitor usage specifically for Pwnbook.</Tip>

## Adding an OpenAI API key

1. Obtain an API key from [platform.openai.com](https://platform.openai.com).
2. Go to **Server Admin** → **AI Providers**.
3. Click **Add Provider** → **OpenAI**.
4. Paste your API key in the **API Key** field.
5. Select the default model (e.g., `gpt-4o`, `gpt-4-turbo`).
6. Click **Save**.

## Setting the default provider

If you have multiple providers configured, designate one as the default:

1. Go to **Server Admin** → **AI Providers**.
2. Click **Set as Default** next to the provider you want to use by default.

The default provider is used for all AI features unless overridden by user preferences (if user-level provider selection is enabled).

## Enabling and disabling AI features

Individual AI features can be enabled or disabled independently:

| Feature                      | Description                                                  |
| ---------------------------- | ------------------------------------------------------------ |
| **AI Chat (authenticated)**  | In-app chat assistant for logged-in users                    |
| **AI Chat (public)**         | Public-facing AI chat that doesn't require a Pwnbook account |
| **PR threat model analysis** | Automatic threat analysis on GitHub pull requests            |
| **AI report assistance**     | AI-powered suggestions in the report editor                  |

To configure feature toggles:

1. Go to **Server Admin** → **AI Providers** → **Feature Settings**.
2. Toggle the features you want to enable or disable.
3. Click **Save**.

## Monitoring AI usage

The AI Providers admin page shows basic usage metrics:

* Total API calls made per provider
* Token consumption (input and output tokens)
* Cost estimate (based on provider pricing)
* Errors and failed calls

This helps you track spending and identify unusual usage patterns.

<Note>Usage data is aggregated at the platform level. Pwnbook does not store individual conversation content — only metadata (call counts, token usage, timestamps).</Note>

## Rotating API keys

To rotate an AI provider's API key:

1. Generate a new API key in the provider's console (Anthropic or OpenAI).
2. Go to **Server Admin** → **AI Providers**.
3. Click **Edit** on the provider.
4. Replace the existing API key with the new one.
5. Click **Save**.

Pwnbook validates the new key before saving. The old key can be revoked from the provider's console after the new key is confirmed working.

## Using environment variables

As an alternative to configuring API keys through the admin UI, you can set them as environment variables:

```bash theme={null}
ANTHROPIC_API_KEY=sk-ant-...
OPENAI_API_KEY=sk-...
```

Keys set via environment variables are treated as the default provider configuration and are visible (but not editable) in the admin UI. To override them, use the admin UI to add additional provider configurations.

<Warning>Avoid hardcoding API keys in your `docker-compose.yml` or committing them to version control. Use a `.env` file or a secrets manager.</Warning>
