Security model in one minute
Studio assumes network operations need speed and guardrails at the same time:- The desktop app keeps live work local and talks directly to your devices.
- Organization data syncs so teammates can share operational context.
- Secrets live in Keychain and are referenced by hosts, procedures, and connectors instead of copied into text.
- Sensitive synced fields are encrypted before they leave the device.
- Copilot tool use is classified and approval-gated by risk.
- Sign-out removes local access material and decrypted cache from the workstation.
Where your data lives
| Data | Where |
|---|---|
| Your active work (open tabs, conversations, unsaved edits) | Your machine. |
| Organization-scoped records (hosts, diagrams, procedures, memories) | Your machine and the cloud, synchronized. |
| Private records | Your machine. If you’re signed in, they sync to your account for cross-device recall. |
| Session recordings | Your machine. Shared if you share the session. |
| Credentials in Keychain | Encrypted on your machine. Pointers sync, secrets don’t leave. |
What’s encrypted
Sensitive fields are encrypted with keys scoped to your organization, so two teammates can decrypt the same shared record but someone outside the organization cannot. The encryption happens before the data leaves your device.- Host protocol fields — passwords, key paths, tokens, and ONVIF credentials for the devices you connect to.
- Connector authentication — whatever credentials or tokens you set on a REST or SOAP connector.
- MCP server authentication — tokens, keys, or custom headers configured for an MCP server.
- Procedure body — the markdown steps themselves, so a runbook’s contents aren’t readable outside your organization.
- Procedure runs — arguments, messages, tool-call summaries, and the final output of every run.
- Keychain entries — the credential payload itself, always private to you.
What stays plaintext
Some fields stay readable so search, lists, and admin operations can work without unlocking every secret. These are the kinds of things you use to find, sort, and manage items — never the values themselves. Hostnames, display names, IDs, folder paths, ownership rows, and audit metadata remain in the clear. Anything you’d expect to see in a sortable list or a filter sidebar stays readable; anything you’d expect to be secret is encrypted.Approval gates
Copilot asks before doing anything that could change state on a device, hit an external API, or affect shared records. The approval prompt shows the exact command or call Copilot wants to make. You approve, reject, or edit before it runs — so a proposed command is never the same as an executed one. Approvals are the single most important control on Copilot. They’re how you let Copilot move quickly on safe operations while keeping you in the loop on anything with consequences. Review approvals as if you were about to type the command yourself. Check the host, organization, credential context, command or API payload, and expected side effect. Reject or edit when any part is ambiguous.Command classification
Every terminal command Copilot wants to run is classified before it runs. The class determines whether it goes through or pauses for approval.| Class | Examples | Behavior |
|---|---|---|
| Read-only | show, display, get, ping, traceroute. | Allowed. |
| Moderate | Config mode, interface changes, ACL edits. | Requires approval. |
| Dangerous | Reload, erase, format, clear BGP. | Requires explicit approval or is blocked. |
| Unknown | Commands Studio can’t classify confidently. | Treated as review-required. |
Secret redaction
Studio can strip secrets from prompts before they reach the AI provider, so a credential you referenced in a procedure doesn’t wind up inside the model context. To get the most out of redaction, use Keychain references inside procedures and avoid pasting secrets into chat — the redactor works best when secrets pass through a reference rather than as raw text.Safer operating habits
- Start production investigations in Ask or Planning until the target and scope are clear.
- Keep Autopilot / YOLO mode off for production unless the task is bounded and reversible.
- Use Keychain references instead of typing passwords, tokens, or private keys into chat.
- Prefer read-only procedures for recurring diagnostics; isolate write actions behind explicit approval steps.
- Share terminal sessions with the minimum role needed: viewer before co-worker, co-worker before owner.
- Sign out before handing a machine to someone else.
Sign out
Signing out purges local credentials, unloads organization keys from memory, and clears the decrypted cache on your machine. Your organization-synced data stays in the cloud untouched. When you sign back in, Studio re-downloads it and rebuilds the cache — your workspace comes back the way you left it. If you’re handing a laptop to someone else, or leaving a machine you don’t trust, signing out is the fastest way to remove your access cleanly.Reporting a security issue
If you spot a security issue, report it from the Altostrat dashboard. The dashboard is where account, billing, and security contacts live for every organization.Related
Teams and organizations
Learn how visibility, roles, and the organization switcher shape what each teammate can see.
Settings
Pick appearance, choose a default AI tier, and control what sign-out clears.