> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pwnbook.app/llms.txt
> Use this file to discover all available pages before exploring further.

# AI Chat

> Pwnbook includes an AI security assistant powered by Anthropic Claude or OpenAI GPT. Get help with methodology, payload generation, report writing, and more — right inside the platform.

## Overview

The AI chat assistant is available throughout Pwnbook to help with security research, methodology questions, payload crafting, report writing, and analysis. It understands the context of the platform and can help you work more efficiently without leaving the app.

AI capabilities require at least one AI provider to be configured. See [AI Providers](/admin/ai-providers) for setup instructions.

## Using the AI chat

### From within an engagement

The AI assistant is accessible from any engagement via the **AI Chat** button in the engagement sidebar. When you open the chat from within an engagement, the assistant has context about the engagement — its targets, recent activity, and your current workspace.

To start a conversation:

1. Click **AI Chat** in the engagement sidebar.
2. Type your message in the input field.
3. Press **Enter** or click **Send**.

The assistant responds based on your query and the available context.

### From the global chat

A global AI chat is available from the main navigation bar, outside of any specific engagement. This is useful for general security questions, research, or when you want to start fresh without engagement context.

## Capabilities

The AI assistant can help with a wide range of security tasks:

<CardGroup cols={2}>
  <Card title="Methodology guidance" icon="map">
    Ask for step-by-step testing approaches for specific vulnerability classes, attack surfaces, or technology stacks.
  </Card>

  <Card title="Payload generation" icon="code">
    Generate payloads for XSS, SQLi, SSRF, command injection, and other common vulnerability classes. Customize for specific contexts or WAF bypass.
  </Card>

  <Card title="Report writing" icon="pen">
    Draft finding write-ups, executive summaries, or remediation recommendations. Describe the vulnerability and the assistant drafts professional report language.
  </Card>

  <Card title="Code review" icon="magnifying-glass-code">
    Paste code snippets and ask the assistant to identify security issues, insecure patterns, or misconfigurations.
  </Card>
</CardGroup>

## Public vs. authenticated AI chat

### Authenticated chat

When you're logged into Pwnbook and use the AI chat from within the app, your session is authenticated. This enables:

* Engagement context awareness
* Conversation history saved to your account
* Access to organization-specific configurations

### Public AI chat

Pwnbook optionally exposes a public-facing AI chat that does not require a Pwnbook account. This is useful for:

* Quick security questions without logging in
* Sharing access with external reviewers
* Marketing or demo use cases

The public AI chat does not have access to engagement data and maintains no persistent history.

<Note>Whether the public AI chat is enabled depends on your organization's configuration. Server admins can enable or disable it from the admin panel.</Note>

## Conversation history

Authenticated conversations are saved and accessible from the **AI Chat** history panel. To view past conversations:

1. Click **AI Chat** in the navigation.
2. Click **History** in the chat sidebar.
3. Select any past conversation to resume it.

You can delete individual conversations or clear your full history from the history panel.

## AI provider configuration

Pwnbook supports two AI providers:

| Provider      | Models                                  |
| ------------- | --------------------------------------- |
| **Anthropic** | Claude (recommended for security tasks) |
| **OpenAI**    | GPT-4 and compatible models             |

The AI provider used depends on what your organization's administrator has configured. If multiple providers are available, you may be able to select which one to use in the chat settings.

See [AI Providers](/admin/ai-providers) for information on adding API keys and configuring the default provider.

## Data privacy

<Warning>Do not send confidential client data, credentials, or personally identifiable information to the AI assistant. Queries are processed by the configured AI provider's API (Anthropic or OpenAI) and are subject to their respective data processing terms.</Warning>

For maximum control over data handling, consider:

* Using self-hosted Pwnbook with API keys configured to your own provider accounts
* Reviewing the data processing agreements with your chosen AI provider
* Establishing internal policies about what types of data can be shared in AI queries
