AI Transparency Policy

April 15, 2026

Lens Desktop ("Lens"), developed by Mirantis, Inc. ("Mirantis," "we," "us," or "our"), integrates artificial intelligence capabilities to help developers and platform engineers manage, troubleshoot, and optimize Kubernetes clusters. We are committed to transparency about how AI is used in our products. This policy explains which AI services Lens integrates with, the purposes of those integrations, what data is involved, and how users maintain control.

1. AI Services Used

Lens Desktop integrates with the following third-party AI services:

• Anthropic (Claude) — Large language models provided by Anthropic, PBC. Used through the Anthropic API.
• OpenAI — Large language models provided by OpenAI, L.L.C. Used through the OpenAI API.

Lens connects to these services through a Bring Your Own Key (BYOK) model, meaning users provide their own API keys and credentials for the AI provider of their choice. Mirantis does not supply, manage, or intermediate API keys on behalf of users.

2. AI-Powered Features and Purposes

2.1 Lens Prism — AI-Powered Kubernetes Copilot

Lens Prism is a context-aware AI assistant built into Lens Desktop. It uses the AI services listed above for the following purposes:

• Kubernetes Troubleshooting — Analyzing cluster state, pod failures, resource issues, and events to help users diagnose and resolve problems using natural language queries.
• Operational Insights — Providing context-rich explanations of cluster health, resource utilization, and workload status based on live Kubernetes data.
• Guided Remediation — Suggesting corrective actions, kubectl commands, and configuration changes to address identified issues.
• Terminal Skill (Agent Mode) — When explicitly enabled by the user, Lens Prism can execute shell commands on the user's local machine using the same user account that runs Lens Desktop, enabling direct remediation workflows such as creating branches and pushing changes to version control.
• Report Generation — Scanning workload health or resource usage and generating files based on findings, when requested by the user.

2.2 MCP Server — AI Assistant Connectivity

Lens Desktop includes a built-in Model Context Protocol (MCP) server that allows external AI-powered coding assistants (such as Claude Code, ChatGPT, Cursor and other MCP-compatible tools) to discover and connect to Kubernetes clusters managed in Lens. The MCP server:

• Exposes cluster connectivity and operational context to external AI tools through a standard protocol.
• Uses existing Lens-managed user authentication and access credentials.
• Keeps all credentials and cluster access on the user's desktop.

3. User Control and Optionality

Lens is designed to give users full control over AI features:

• Opt-In by Default — All AI-powered features in Lens Desktop are disabled by default. Users must explicitly enable AI functionality and configure their preferred AI provider before any AI processing occurs.
• Provider Choice — Users choose which AI service to connect to (Anthropic, OpenAI, or Azure OpenAI) and supply their own API credentials. Users may switch providers or revoke access at any time.
• Feature-Level Control — AI capabilities such as the Prism terminal skill (Agent Mode) require separate, explicit activation by the user.
• MCP Server Control — The built-in MCP server can be enabled or disabled independently. Users decide which external AI tools, if any, are granted access to their cluster context.
• Full Functionality Without AI — Lens Desktop is fully functional for Kubernetes cluster management, monitoring, and operations without any AI features enabled. AI is a supplementary capability, not a requirement.

4. Data Handling and Privacy

4.1 What Data Is Sent to AI Providers

When a user enables and interacts with AI features, the following types of data may be sent to the selected AI provider for processing:

• Kubernetes resource metadata (pod names, namespaces, labels, status, events, logs).
• Cluster context information relevant to the user's query.
• The user's natural language queries and prompts.
• Terminal output and command results, when the terminal skill is active.

4.2 What Data Is NOT Sent

• No Kubeconfig or Credentials — Lens does not transmit kubeconfig files, secrets, API tokens, certificates, or authentication credentials to any AI provider.
• No Application Data — Lens does not send customer application data, business logic, or proprietary source code to AI providers.
• No Lens Account Data — Your Lens ID, subscription information, and billing details are never shared with AI providers.

4.3 Data Residency and Processing

Because Lens uses a BYOK model, data processing is governed by the user's direct relationship with their chosen AI provider. Mirantis does not act as an intermediary, processor, or sub-processor in this data flow. Users should review the applicable data processing terms of their chosen provider:

• Anthropic: anthropic.com/policies/privacy
• OpenAI: openai.com/policies/privacy-policy
• Azure OpenAI: microsoft.com/licensing/terms and Azure-specific data processing terms

For users operating under data residency requirements, Azure OpenAI allows selection of specific geographic regions for data processing.

4.4 Local-First Architecture

Lens Desktop operates on a local-first architecture. Cluster connections, credentials, and operational data remain on the user's machine. AI queries are initiated only by explicit user action and are sent directly from the user's device to the configured AI provider endpoint.

5. Security Considerations

• RBAC Compliance — AI features operate within the same Kubernetes Role-Based Access Control (RBAC) permissions as the authenticated user. AI features cannot access resources beyond what the user's credentials permit.
• No Privileged Access — Lens does not install privileged agents, service accounts, or sidecar containers in user clusters to support AI functionality.
• Credential Isolation — AI provider API keys are stored locally on the user's device and are never transmitted to Mirantis infrastructure.
• Audit and Compliance — Lens Desktop holds SOC 2 and ISO 27001 certifications. AI features are designed to maintain compliance with enterprise security standards.

6. AI Output Disclaimer

AI-generated responses, recommendations, and commands provided through Lens Prism or connected AI assistants are intended as guidance and should be reviewed by the user before acting on them. AI outputs may contain inaccuracies. Mirantis does not guarantee the correctness, completeness, or suitability of AI-generated content. Users are responsible for validating AI suggestions before applying changes to production environments.

7. Changes to This Policy

We may update this AI Transparency Policy to reflect changes in our AI integrations, features, or applicable regulations. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, provide notice through Lens Desktop or our website.

8. Contact

If you have questions about how AI is used in Lens Desktop, please contact us:

• Email: privacy@mirantis.com
• Website: lenshq.io/contact
• Documentation: docs.k8slens.dev/security-and-compliance