# Panther AI

## Overview <a href="#overview" id="overview"></a>

Panther AI includes a set of generative AI features designed to accelerate your detection and response workflows. It operates with the persona of a security engineer and has access to many of the same [tools](#tools) available to human users of Panther.

Panther AI can quickly assess data, such as alerts and logs, to rapidly deliver insights. You can run predefined workflows or ask your own questions to Panther AI—it will leverage its available tools (such as [querying the data lake](#data-search-and-analysis)) to answer them, generally much faster than a human analyst would be able to.

<figure><img src="https://4011785613-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LgdiSWdyJcXPahGi9Rs-2910905616%2Fuploads%2Flx3hEPreONH4ciOfk4yh%2FScreenshot%202026-01-20%20at%205.25.06%E2%80%AFPM.png?alt=media&#x26;token=581d414f-f6bf-463a-94e3-71f203efa1b0" alt="On the right side is a slide-out panel titled &#x22;ALB Web Scanning Analysis.&#x22; Below, there are various sections, like Summary, Key Findings, and Security Implications."><figcaption></figcaption></figure>

{% hint style="info" %}
[Watch video demos of various Panther AI workflows here](https://docs.panther.com/ai/examples).
{% endhint %}

{% hint style="warning" %}
**Panther AI runs with your permissions.** Every AI operation — including tool invocations, data lake queries, alert access, and detection modifications — executes with the permissions of the Panther user who initiated it. If your role cannot access certain log types, neither can AI. If your role cannot modify detections, AI cannot create or edit them on your behalf. This applies to Console interactions, API calls (where AI runs with the API token's permissions), and [scheduled prompts](https://docs.panther.com/ai/scheduled-ai-prompts) (which always run as the user who created them).
{% endhint %}

Panther AI uses [Claude AI models by Anthropic](https://www.anthropic.com/claude) through [Amazon Bedrock](https://aws.amazon.com/bedrock/). Panther AI does not use your data for AI training—[learn more about data security below](#ai-permissions-and-scope).

When using Panther AI, you may want to view previous responses or rename, pin, save, or delete certain interactions. Learn how to perform these actions in [Managing Panther AI Response History](https://docs.panther.com/ai/managing-ai-response-history).

{% hint style="info" %}
Use of Panther AI features is subject to the [AI disclaimer found on the Legal page](https://docs.panther.com/resources/help/legal#ai-disclaimer).
{% endhint %}

## Getting started

1. **Enable Panther AI** — An admin enables AI in **Settings** > **Panther AI** > **Configuration** and toggles **Enable Panther AI** to `ON`.
2. **Grant permissions** — Assign the **Run Panther AI** and **Read Settings & SAML Preferences** permissions to the appropriate [roles](https://docs.panther.com/system-configuration/rbac#update-a-roles-permissions). The default **Admin** role receives **Run Panther AI** automatically.
3. **Try alert triage** — Navigate to any alert and click **View Panther AI Triage** to see Panther AI analyze the alert and its associated data.
4. **Explore from there** — Ask follow-up questions in the prompt bar, try [search summarization](https://docs.panther.com/search/search-tool#panther-ai-search-results-summary), or create a [scheduled prompt](https://docs.panther.com/ai/scheduled-ai-prompts).

## Using Panther AI agents in the Console

Find Panther AI in the Panther Console in the following locations:

* Panther AI
  * In the left-hand navigation bar, click **Panther AI**. Ask Panther AI anything—there is no context-dependent data being analyzed (like alerts or log events at the above entry points), so it's a good place to ask general security questions. Here, you'll see [suggested and favorite prompts](#suggested-and-favorite-prompts).

    <figure><img src="https://4011785613-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LgdiSWdyJcXPahGi9Rs-2910905616%2Fuploads%2FkYYXEoZ0DrhYGSZ2Lznd%2Fimage.png?alt=media&#x26;token=f9f3fa0c-c6b8-4c51-bec1-aeba48c3d396" alt="" width="563"><figcaption></figcaption></figure>
  * [Scheduled AI prompts](https://docs.panther.com/ai/scheduled-ai-prompts): Create prompts that run automatically to triage alerts, analyze security posture, or summarize alert queues.
* Panther AI alert triage
  * [AI alert triage](https://docs.panther.com/alerts#panther-ai-alert-triage): Gather information about and analyze an alert. You can [run AI alert triage on demand](https://docs.panther.com/alerts#run-ai-alert-triage-on-demand), or enable [auto-run](https://docs.panther.com/alerts#auto-run-ai-alert-triage), which runs AI alert triage on new alerts automatically.
  * [Alert list AI triage](https://docs.panther.com/alerts#panther-ai-summary-of-alerts-list): Triage multiple alerts in your alerts list at once.
  * When you triage one or more alerts, you will see a [Risk Classification score](https://docs.panther.com/ai/risk-scoring-and-classification-framework).
* Panther AI search
  * Use AI to [generate PantherFlow queries with natural language](https://docs.panther.com/search/search-tool#ai-powered-pantherflow-query-generation).
  * Use AI to [generate SQL queries in the Data Explorer](https://github.com/panther-labs/panther-docs/blob/main/docs/gitbook/data-analytics/data-explorer.md#ai-powered-sql-query-generation).
  * [Search results AI summary](https://docs.panther.com/search/search-tool#panther-ai-search-results-summary): Summarize a set of result events.
* Panther AI Detection Builder
  * [AI Detection Builder](https://docs.panther.com/detections/rules/ai-builder): Create and modify rules and scheduled rules with AI assistance directly in the rule editor. The AI Detection Builder can generate detection code, add test cases, and explain detection logic.
  * In a follow-up prompt to a [Search results AI summary](https://docs.panther.com/search/search-tool#panther-ai-search-results-summary), you can direct Panther AI to, "Write a Panther detection for this activity."
  * In a follow-up prompt to an [AI alert triage](https://docs.panther.com/alerts#panther-ai-alert-triage), you can ask Panther AI, "How should I tune the detection this alert was triggered by?"
  * On Detection detail pages, in the **Overview** tab, review the [AI-generated summary](https://docs.panther.com/detections#ai-detection-summaries).<br>

    <figure><img src="https://4011785613-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LgdiSWdyJcXPahGi9Rs-2910905616%2Fuploads%2F3AIcYxJ1esd3hzuSChCv%2FScreenshot%202026-01-20%20at%205.42.43%E2%80%AFPM.png?alt=media&#x26;token=89ac96e4-511e-4959-9d7e-e26ca7194a06" alt="" width="563"><figcaption></figcaption></figure>
* Panther AI schema builder
  * [Infer schemas from sample logs](https://docs.panther.com/data-onboarding/custom-log-types#how-to-infer-a-schema)

There are also AI GraphQL API operations available to [Cloud Connected](https://docs.panther.com/system-configuration/panther-deployment-types/cloud-connected) customers and [SaaS](https://docs.panther.com/system-configuration/panther-deployment-types/saas) customers with pass-through billing—view them in the [GraphQL API schema](https://docs.panther.com/panther-developer-workflows/api/graphql#discover-the-panther-graphql-schema).

In addition to Panther AI, Panther offers an [MCP server](https://docs.panther.com/panther-developer-workflows/mcp-server).

### File attachments

Panther AI supports file attachments to provide additional context for your AI conversations. You can upload images, PDFs, and text files that Panther AI can analyze alongside your prompts.

{% hint style="info" %}
File attachments are only available when Web Access is enabled in your [Panther AI settings](https://docs.panther.com/system-configuration#panther-ai).
{% endhint %}

#### Supported file types

* **Images**: PNG, JPEG, GIF, WebP formats
* **Documents**: PDF files
* **Text files**: Plain text and other text-based formats

#### Attachment limits

* **Images and PDFs**: Up to 5 MB per file
* **Text files**: Up to 10 MB per file
* **Total attachments**: Maximum of 5 files per conversation

#### Using attachments effectively

* **Security analysis**: Upload screenshots of suspicious activity, security alerts, or system logs for AI analysis.
* **Documentation review**: Attach PDFs of security reports, compliance documents, or vendor documentation for AI to reference.
* **Visual evidence**: Include network diagrams, architecture screenshots, or other visual materials to help AI understand your environment.
* **Log samples**: Upload text files containing log samples or configuration files for analysis.

Attachments are processed securely and stored temporarily for the duration of your AI conversation. Once the conversation ends, attachment data is removed. Panther AI can reference and analyze the content of your attachments throughout the conversation.

## Enabling Panther AI <a href="#enabling-panther-ai" id="enabling-panther-ai"></a>

To use Panther AI features, your Panther instance's **Enable Panther AI** setting must be set to `ON` and your user role must have the **Run Panther AI** and **Read Settings & SAML Preferences** permissions.

To enable Panther AI:

1. In the upper-right corner of your Panther Console, click the gear icon (**Settings**) > **Panther AI**.
2. On the Configuration tab, click the **Enable Panther AI** toggle to `ON`.
   * The **Enable Panther AI** setting is set to `OFF` by default, and can only be updated by a user with the **Edit Settings & SAML Preferences** permission. See [System Configuration](https://docs.panther.com/system-configuration#panther-ai) to learn more about Panther AI settings.
   * Once **Enable Panther AI** is set to `ON`, the **Run Panther AI** permission will be:
     * Granted automatically to the [default](https://docs.panther.com/system-configuration/rbac#default-panther-roles) **Admin** role.
     * Available to assign to additional roles. [Learn how to update a role's permissions here](https://docs.panther.com/system-configuration/rbac#update-a-roles-permissions). (A user must additionally have the **Read Settings & SAML Preferences** permission to use Panther AI.)

       <figure><img src="https://4011785613-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LgdiSWdyJcXPahGi9Rs-2910905616%2Fuploads%2Fgit-blob-470dd02928565a604ee3ddccf7bf3d5ed0017bce%2FPanther_AI_Config.png?alt=media" alt="On a page titled &#x22;Configuration&#x22; an empty checkbox and its label, Run Panther AI, are circled."><figcaption></figcaption></figure>

## How Panther AI uses your data <a href="#how-panther-ai-uses-your-data" id="how-panther-ai-uses-your-data"></a>

Panther AI does not use your data for AI training. Your prompts, Panther AI responses, and any intermediate data from tool calls all remain in your dedicated, single-tenant AWS account (like your logs). Amazon Bedrock, the underlying inference service, also does not use customer data for model training — [learn more about Bedrock's data handling commitments](https://docs.aws.amazon.com/bedrock/latest/userguide/data-protection.html).

You can enable [Panther-managed detections for Amazon Bedrock](https://github.com/search?q=repo%3Apanther-labs%2Fpanther-analysis+path%3A%2F%5Erules%5C%2Faws_cloudtrail_rules%5C%2F%2F+bedrock\&type=code) to monitor its activity. If you are a [Cloud Connected ](https://docs.panther.com/system-configuration/panther-deployment-types/cloud-connected)customer, you can also set up [Amazon Bedrock Guardrails](https://aws.amazon.com/bedrock/guardrails/) for extra protection.

{% hint style="info" %}
Learn more in [FAQs: Panther AI architecture and security](https://docs.panther.com/resources/panther-architecture#faqs-panther-ai-architecture-and-security).
{% endhint %}

## AI permissions and scope <a href="#ai-permissions-and-scope" id="ai-permissions-and-scope"></a>

All AI inference runs under the identity and permissions of the invoking user. In the Console, this is the logged-in user. For API calls, this is the user or API token that initiated the request. For [scheduled prompts](https://docs.panther.com/ai/scheduled-ai-prompts), this is the user who created the prompt.

This means Panther AI cannot access data, modify resources, or perform actions that the invoking user could not perform themselves. This includes:

* [**Log type access restrictions**](https://docs.panther.com/system-configuration/rbac#how-to-restrict-log-types-for-a-certain-role): If a user's role restricts access to certain log types, AI cannot query or summarize those log types.
* **Data lake access**: AI can only execute data lake queries if the user has the appropriate data analytics permissions.
* **Detection modifications**: AI can only create or edit detections if the user has the relevant `PolicyModify` or `RuleModify` permissions.
* **Alert modifications**: AI can only update alerts, add comments, or assign alerts if the user has `AlertModify` permission.

### Response visibility <a href="#response-visibility" id="response-visibility"></a>

The default visibility of AI conversations depends on where they are created:

* **Panther AI page** (left-hand navigation): New conversations default to **private** when privacy controls are enabled.
* **Alert triage, Search summaries, and other entry points**: Conversations default to **shared** (visible to all users).
* **Scheduled prompts**: Conversations default to **shared**, but can be configured as private when creating or editing the prompt.

Users can toggle a conversation between shared and private at any time using the privacy control in the conversation header. Other users with the **View AI Private Responses** permission can view private conversations created by other users. Regardless of sharing settings, response visibility follows the same role-based access controls as the rest of Panther — if a user cannot access a certain alert, they also cannot view AI triage responses for that alert.

### Tool approval for write operations <a href="#tool-approval" id="tool-approval"></a>

Panther AI includes a human-in-the-loop approval system for tools that perform write operations. Before Panther AI can execute actions that modify your data, you must explicitly approve or deny the operation. This gives you full control over what changes Panther AI makes in your environment.

#### Tools requiring approval

The following [tools](#tools) require explicit user approval before execution:

| Tool                                | Description                                                                                          | Required permission      |
| ----------------------------------- | ---------------------------------------------------------------------------------------------------- | ------------------------ |
| `panther_ai_detections_write`       | Create or update detection rules and policies                                                        | PolicyModify, RuleModify |
| `panther_ai_detections_author`      | Test and validate detection code for rules and policies                                              | PolicyModify, RuleModify |
| `panther_ai_alerts_add_comment`     | Add comments to alerts                                                                               | AlertModify              |
| `panther_ai_alerts_update`          | Update alert status, quality assessment, or context tags                                             | AlertModify              |
| `panther_ai_alerts_assign`          | Assign alerts to users                                                                               | AlertModify              |
| `panther_ai_alerts_bulk_update`     | Update multiple alerts at once                                                                       | AlertModify              |
| `panther_ai_utilities_ask_question` | Ask the user a structured multiple-choice question to gather information needed for the current task | RunPantherAI             |

Additionally, the `panther_ai_utilities_fetch_web` tool requires approval when accessing domains not on the approved domains list, if the **Require Approval for Non-Approved Domains** setting is enabled. Approved domains do not require approval. See [Web Access](https://docs.panther.com/system-configuration#web-access) for configuration details.

#### How tool approval works

When Panther AI attempts to use a [tool that requires approval](#tools-requiring-approval), Panther AI pauses and displays the proposed action, including the tool name and the parameters it intends to use.

<figure><img src="https://4011785613-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LgdiSWdyJcXPahGi9Rs-2910905616%2Fuploads%2Fv8ZpJocFtthluy5LhySt%2Fimage.png?alt=media&#x26;token=af0f8572-343c-4599-980c-31b67f5443e5" alt=""><figcaption></figcaption></figure>

Review the details of the proposed operation, then click **Accept** or **Reject**. If you reject the operation, you can optionally provide a reason for denial. If no decision is made within two minutes, the operation times out and is not executed.

#### Audit logging

All tool approval decisions are recorded in [Panther audit logs](https://docs.panther.com/data-onboarding/supported-logs/panther-audit-logs), including:

* Whether the tool was approved or denied
* The rejection reason (if denied)
* The tool name and parameters
* The user who made the decision
* Timestamp of the decision

This provides a complete audit trail of all write operations performed by Panther AI.

## Panther AI settings

Panther AI configurations are made in two places: on the Panther AI settings page, and in the AI prompt bar itself.

### Panther AI settings page

The Panther AI settings page has settings for enabling Panther AI, auto-running AI alert triage, and configuring web access for Panther AI.

To access your Panther AI settings, click the gear icon in the upper right corner of your Panther Console, then select **Panther AI.** [Learn more about these settings on System Configuration](https://docs.panther.com/system-configuration#panther-ai). Changes to AI settings save automatically and may take up to 10 minutes to take effect due to configuration caching across the platform.

### AI prompt settings

Use AI prompt settings to tailor AI-generated content in Panther to your preferences. AI settings are universally applied to all AI entry points in Panther, but are specific to each Panther user.

To set your AI prompt settings:

1. Navigate to one of the AI prompt bars in the Panther Console.
2. On the right side of the prompt bar, click the **Edit prompt settings** icon: <img src="https://4011785613-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LgdiSWdyJcXPahGi9Rs-2910905616%2Fuploads%2Fgit-blob-f23aec81508ed2c8e45f90c3dae7d2690282be14%2Fimage.png?alt=media" alt="" data-size="line">.
3. Set the [reasoning level setting](#reasoning-level).
4. Click **Save Settings**. Changes may take up to 10 minutes to take effect due to configuration caching.

#### **Reasoning level**

The reasoning level setting controls reasoning depth, model selection, and tool invocation limits—not just output length. The setting determines how thoroughly Panther AI analyzes the input and the sophistication of its analysis approach.

The reasoning level AI setting has three possible values:

* **Basic**: runs quickly and produces a brief summary
* **Standard**: recommended for initial [alert triage](https://docs.panther.com/alerts#panther-ai-alert-triage)
* **Advanced**: allows Panther AI to investigate deeply and produce detailed analysis outputs

<figure><img src="https://4011785613-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LgdiSWdyJcXPahGi9Rs-2910905616%2Fuploads%2FsfkTInst9gGRO6AOD57p%2FScreenshot%202026-01-20%20at%2011.22.31%E2%80%AFAM.png?alt=media&#x26;token=39579b90-1163-4bd9-b176-e27f999409f3" alt="Under an &#x22;Edit prompt settings&#x22; title, there are three radio buttons: Basic, Standard, and Advanced." width="227"><figcaption></figcaption></figure>

{% hint style="info" %}
The reasoning level of auto-run AI triages for alerts triggered by a certain detection can be set by adding a tag to the detection. Learn more in [Auto-run AI alert triage](https://docs.panther.com/alerts#auto-run-ai-alert-triage).
{% endhint %}

### Personal AI preferences

You can customize how Panther AI communicates with you by setting a personal AI preference in your [Profile Settings](https://docs.panther.com/system-configuration#profile-settings). This allows you to specify your preferred communication style, role, expertise level, or other preferences that will be applied to all AI interactions.

To set your personal AI preferences:

1. In the upper-right corner of your Panther Console, click your initials, then select **Profile Settings**.
2. Navigate to the **AI Preferences** tab.
3. Enter your preferred AI communication style in the text area (up to 2048 characters).
   * For example: "Please respond as a senior security analyst with expertise in cloud environments. Use technical language and provide detailed explanations."
4. Click **Save**. Changes to AI preferences may take up to 10 minutes to take effect due to configuration caching.

Your personal AI preferences are combined with your organization's profile settings to provide contextual information that helps Panther AI tailor its responses to your specific needs and communication style.

## Suggested and favorite prompts

When opening Panther AI from the left-hand navigation menu, under **Suggested questions to get started**, you'll see some randomly generated suggested prompts. Click a suggestion to execute it.

<figure><img src="https://4011785613-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LgdiSWdyJcXPahGi9Rs-2910905616%2Fuploads%2Fgit-blob-3d9c93798a09789a946ef645a33547e3cbecdc91%2Fimage.png?alt=media" alt=""><figcaption></figcaption></figure>

You can customize this list by favoriting a prompt:

1. Execute a prompt (in any of the Panther AI entry points).
2. To the right of the prompt text, click the star.

   <figure><img src="https://4011785613-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LgdiSWdyJcXPahGi9Rs-2910905616%2Fuploads%2Fgit-blob-ea97c7635c8f89637cb81988ffecf080ec41dfb4%2Fimage.png?alt=media" alt=""><figcaption></figcaption></figure>

   * The prompt will be added to your list of favorite prompts, which appears under **Suggested questions to get started**, to the left of suggested prompts.

<figure><img src="https://4011785613-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LgdiSWdyJcXPahGi9Rs-2910905616%2Fuploads%2Fgit-blob-3272066d355deec13bd63699082494eb9d3c7c73%2Fimage.png?alt=media" alt=""><figcaption></figcaption></figure>

Favorites are specific to you, and are not shared with any other users. To remove a favorite, in the upper-right corner of the prompt tile, click **X**.

## Citations

When Panther AI aids in triaging or summarizing your data, it will return links to relevant data so you can verify its findings. Citations may include alerts, detections, and/or data queries.

<figure><img src="https://4011785613-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LgdiSWdyJcXPahGi9Rs-2910905616%2Fuploads%2Fgit-blob-8dc6ecf00213dd944e05792ee330d5cecab78012%2FScreenshot%202025-05-09%20at%203.47.37%E2%80%AFPM.png?alt=media" alt="Under a &#x22;Panther AI&#x22; header at the top, there is text starting with &#x22;I&#x27;ll help you triage this alert.&#x22; Below, text is circled in two places: one starting with Alert and the other starting with Rule." width="563"><figcaption></figcaption></figure>

## Amazon Bedrock service quotas

If you are leveraging Panther AI often (e.g., you are using [auto-run AI alert triage](https://docs.panther.com/alerts#auto-run-ai-alert-triage)), you may hit [Amazon Bedrock service quotas](https://docs.aws.amazon.com/general/latest/gr/bedrock.html#limits_bedrock). When this happens, Panther AI may not run as expected, or you may see an error in its output.

To remedy this:

* If you are a [Cloud Connected](https://docs.panther.com/system-configuration/panther-deployment-types/cloud-connected) customer, follow [this Amazon documentation to request an increase for Amazon Bedrock quotas](https://docs.aws.amazon.com/bedrock/latest/userguide/quotas-increase.html).
* If you are a [SaaS](https://docs.panther.com/system-configuration/panther-deployment-types/saas) customer with pass-through billing, reach out to Support.

## Frequently asked questions <a href="#faq" id="faq"></a>

<details>

<summary>Can Panther AI access data from all my log sources?</summary>

Panther AI can access any log source and log type that the invoking user's role has permission to access. This includes both built-in and custom log types. If [log type access restrictions](https://docs.panther.com/system-configuration/rbac#how-to-restrict-log-types-for-a-certain-role) are configured for a user's role, Panther AI respects those restrictions — it will not query, summarize, or display data from restricted log types.

</details>

<details>

<summary>Can other users see my AI conversations?</summary>

The default visibility depends on the entry point — conversations started from the Panther AI page default to private (when privacy controls are enabled), while alert triage and other entry points default to shared. You can toggle any conversation between shared and private at any time using the privacy control in the conversation header. Other users with the **View AI Private Responses** permission can still view your private conversations. Regardless of sharing settings, users can never view AI responses that reference data they do not have permission to access (such as restricted log types or alerts outside their scope).

</details>

<details>

<summary>Can Panther AI make mistakes?</summary>

Like all AI systems, Panther AI can occasionally produce inaccurate or incomplete results. This is why Panther AI provides [citations](#citations) linking to the underlying data (alerts, detections, queries) so you can verify its findings. Write operations (such as creating detections or updating alerts) require [explicit approval](#tool-approval) before execution, giving you the opportunity to review proposed changes. Use of Panther AI is subject to the [AI disclaimer](https://docs.panther.com/resources/help/legal#ai-disclaimer).

</details>

<details>

<summary>What happens if I disable Panther AI?</summary>

When an admin sets **Enable Panther AI** to `OFF`, all AI features become unavailable across the Console. [Scheduled prompts](https://docs.panther.com/ai/scheduled-ai-prompts) will not execute while AI is disabled, but they are preserved and will resume when AI is re-enabled. Previously generated AI responses remain accessible in the [response history](https://docs.panther.com/ai/managing-ai-response-history) and continue to follow the 30-day retention policy (unless explicitly [saved](https://docs.panther.com/managing-ai-response-history#saving-an-ai-response)).

</details>

<details>

<summary>Does Panther AI work with custom log types?</summary>

Yes. Panther AI works with both built-in and custom log types. It can query, summarize, and analyze data from any log type onboarded to your Panther instance, and can also help you [infer schemas from sample logs](https://docs.panther.com/data-onboarding/custom-log-types#how-to-infer-a-schema) when onboarding new custom log types.

</details>

<details>

<summary>How is Panther AI billed?</summary>

Panther AI usage is powered by Amazon Bedrock. For [Cloud Connected](https://docs.panther.com/system-configuration/panther-deployment-types/cloud-connected) customers, Bedrock inference costs appear on your AWS bill. For [SaaS](https://docs.panther.com/system-configuration/panther-deployment-types/saas) customers, contact your Panther account team for details on AI billing. See [Amazon Bedrock service quotas](#amazon-bedrock-service-quotas) for information about usage limits.

</details>

<details>

<summary>Can Panther AI be used via API?</summary>

Yes. [Cloud Connected](https://docs.panther.com/system-configuration/panther-deployment-types/cloud-connected) customers and [SaaS](https://docs.panther.com/system-configuration/panther-deployment-types/saas) customers with pass-through billing can use AI GraphQL API operations. When invoked via API, Panther AI runs with the permissions of the API token used to authenticate the request. View available operations in the [GraphQL API schema](https://docs.panther.com/panther-developer-workflows/api/graphql#discover-the-panther-graphql-schema).

</details>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.panther.com/ai.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.