Skip to main content
Luumen runs as a desktop app on your workstation that connects directly to your servers over SSH or WinRM, paired with a small cloud account that holds your hosts, credentials, and session metadata so you can pick up where you left off from any device. This page describes what runs where.

Components

Luumen desktop app

The app you install on macOS, Windows, or Linux. Opens SSH and WinRM sessions, hosts the LuumenAI panel, and runs vulnerability scans locally over your existing connections.

Your servers

The Linux and Windows hosts you connect to. Luumen reaches them the same way OpenSSH or PuTTY would — using your credentials over the protocols you’ve already enabled.

Luumen cloud

A hosted account that stores your host list, credentials (encrypted at rest), Skills, snippets, and session metadata. Sign in from any device to access the same workspace.

LuumenAI

The AI copilot embedded in every session. Reads context from your live SSH or WinRM connection and proposes commands you approve before they run.

How a session works

1

You open a host

The desktop app initiates an SSH or WinRM connection to the host using the credentials you’ve stored. The connection is direct from your device to the host — Luumen doesn’t proxy session traffic.
2

LuumenAI loads context

Once connected, the AI panel loads with context for the host: OS, IP, last scan results, and recently observed state.
3

You work in the terminal or ask LuumenAI

Run commands as you would in any SSH client. When you ask LuumenAI a question, it can propose commands to investigate further. Every command needs your approval before it runs on the host.
4

Results sync to your cloud workspace

Host metadata, scan findings, and session logs sync to your cloud account so they’re available on every device you sign in on.

What stays on your device

  • Terminal session content (keystrokes and command output) is not stored by Luumen’s cloud beyond what’s needed for session logs in your workspace.
  • Your local OS keychain or filesystem can be used for SSH key storage if you prefer; Luumen also supports storing keys encrypted in your cloud account so they’re available across devices.

What goes to the cloud

  • Host list (names, hostnames, ports, connection type).
  • Credentials, encrypted at rest with AES-256.
  • Skills, snippets, and saved settings.
  • Vulnerability scan results.
  • Audit logs for credential access and admin actions.
For the full security posture — certifications, encryption, AI controls, and data handling — see luumen.ai/security.

No-agent architecture

Luumen uses the SSH or WinRM access you’ve already authorized on each host. It does not:
  • install an agent or daemon on the hosts you connect to
  • require any inbound network access to your hosts
  • need firewall rule changes beyond your existing remote-access policy
This holds for every feature in the standard product: terminal sessions, LuumenAI, vulnerability scans, and Skills all run through the same connection you’d use from a normal SSH client.
Running a Luumen-managed agent across a fleet for scheduled compliance scans, SAP monitoring, or integrations is part of Luumen Enterprise.

Next steps

Install Luumen

Download and install the desktop app.

First SSH connection

Connect to a host and try LuumenAI.