What read-only means
The product does not kill processes, delete files, disable accounts, restart services, block IPs, or change firewall or registry state. It gathers evidence and produces case artifacts.
Open Investigator · Read-only AI investigation
Give AI an investigation toolbox, not production-changing authority.
Open Investigator is designed for teams that want AI-assisted server triage without letting an AI agent mutate a host during first-pass investigation.
Apache-2.0Read-only toolsAI evidence reasoning
Search intent
For searches like read-only AI server investigation, safe AI incident response, and AI tools without shell access.
How it worksSafe mode uses named investigation tools rather than arbitrary shell. Investigator mode can allow a policy-filtered read-only command fallback, but destructive commands and state-changing actions are blocked and audited. The result is a safer boundary for production-adjacent triage.
Investigation boundaryOpen Investigator collects and correlates evidence. It does not isolate hosts, block IPs, kill processes, delete files, disable accounts, restart services, or change firewall or registry state.
Practical workflow
Use it as a first-pass host investigation loop.
Why sealed tools matter
A sealed tool catalog makes the model choose from auditable evidence paths such as auth, network, process, persistence, web, Java, and recent-file checks.
Where humans stay in control
The report marks evidence, risk, confidence, and gaps so responders decide escalation, containment, remediation, and customer communication.
Common searches
Queries this page answers.
read-only AI server investigationOpen Investigator maps this search intent to local, read-only host evidence and a reviewable incident report.
safe AI incident responseOpen Investigator maps this search intent to local, read-only host evidence and a reviewable incident report.
AI investigation tools without shellOpen Investigator maps this search intent to local, read-only host evidence and a reviewable incident report.
bounded AI security agentOpen Investigator maps this search intent to local, read-only host evidence and a reviewable incident report.
Review the source, policy checks, and generated case artifacts in the Open Investigator repository.
The source, usage examples, contribution notes, and issue tracker live in the public Open Investigator repository.