AI Assistant

Breeze ships with a built-in AI assistant that can investigate device issues, query fleet state, and execute actions through the same platform controls used by human operators. AI actions are governed by the AI Risk Engine so mutating operations are never silently executed without policy and approval checks.

AI Risk Engine

The Risk Engine classifies AI operations into four tiers:

• Tier 1: Read-only operations that can auto-execute.
• Tier 2: Low-risk mutating actions that auto-execute and are audit logged.
• Tier 3: Higher-risk actions that require explicit human approval before execution.
• Tier 4: Blocked actions that are never executed.

Tier assignment is action-level. The same tool can run at different tiers depending on what action is requested.

Approval and Audit Controls

When the AI proposes a Tier 3 action, the request enters a pending state and waits for approval in the Risk Engine workflow. The platform records approval decisions, rejections, and execution outcomes for traceability.

The Risk Engine dashboard exposes:

• tier overview
• tool execution analytics
• approval history
• rate limit status
• rejection and denial logs

Fleet-Oriented AI Operations

From the Fleet view, the AI can orchestrate cross-fleet workflows for policies, deployments, patches, groups, automations, alert rules, and report generation. This makes the AI useful for day-to-day triage and large-scale maintenance operations, not just one-device troubleshooting.

Device Context Memory

The AI can retain device-specific operational context across conversations, including known issues, quirks, follow-ups, and preferences. Context is organization-scoped and helps keep troubleshooting state consistent over time.

Brain Connector

The Brain Connector is the API boundary between Breeze and any AI brain. It exposes every RMM capability as a standardized tool definition that any Claude-compatible agent can consume. The tool catalog includes device management, alert handling, patch deployment, script execution, reporting, and documentation tools.

The Brain Connector serves two modes through the same interface:

• BYOK Mode: The agent runs locally inside your Breeze instance. Tools call local functions directly. You provide your own Anthropic API key.
• LanternOps Mode: The agent runs in the LanternOps cloud. Tools call your Breeze instance remotely via authenticated HTTPS. LanternOps connects through an OAuth registration flow.

Both modes use identical tool schemas. The only difference is where the agent runs and the network path. Switching between modes requires zero migration — your data, tools, and risk policies stay exactly the same.

BYOK vs LanternOps Brain

BYOK (included free) provides single-event reactive triage. The AI receives an event, investigates using the tool catalog, and recommends or executes actions within the risk engine constraints. It handles one event at a time with no memory between sessions.

LanternOps Brain (managed upgrade) adds the intelligence layer that makes AI operations production-grade:

• Persistent Memory: Remembers past incidents, device quirks, client preferences, and resolution history across every conversation.
• Cross-Tenant Intelligence: Matches patterns anonymously across all managed tenants. “This error was seen on 847 devices across 62 tenants — known fix has 94% success rate.”
• Automated Playbooks: Multi-step workflows built from successful past resolutions. Diagnose → act → verify → document, automatically.
• Compliance Automation: Continuous compliance monitoring against NIST 800-171, CIS v8, SOC 2, and HIPAA with automated evidence artifact generation.
• Multi-Agent Orchestration: Specialized agents for triage, remediation, and compliance that coordinate through the Claude Agent SDK.
• Proactive Analysis: Background scanning for potential issues before they become incidents.

The upgrade path is one click: Settings → AI Brain → LanternOps → Connect.

Double Risk Validation

When LanternOps Brain is connected, actions pass through two independent safety layers:

1. LanternOps pre-validation checks cross-tenant intelligence, timing analysis, and historical failure patterns before sending any request to your RMM.
2. Breeze Risk Engine re-validates every action locally against your risk classifications, maintenance windows, and approval policies.

Your Breeze instance is always the final authority. LanternOps can request actions — Breeze decides whether to allow them. This architecture means the RMM is sovereign regardless of which brain is connected.

Tool Catalog

The Brain Connector exposes these tool groups to connected brains:

• Device Tools: List devices, get device details, query fleet state
• Alert Tools: Retrieve alerts, update status, link to tickets
• Action Tools: Reboot, shutdown, lock, isolate, install, uninstall
• Patch Tools: Get patch status, deploy patches with scheduling
• Script Tools: Execute PowerShell, Bash, or Python with result retrieval
• Report Tools: Generate compliance, security, inventory, and executive reports
• Documentation Tools: Create runbooks, incident notes, change logs

Each tool has a risk classification (Tier 1 through Tier 4) that determines whether it auto-executes, notifies, requires approval, or is blocked. The same tool can operate at different tiers depending on context — a reboot during a maintenance window is Tier 2, but outside one it escalates to Tier 3.