AI Access Security
AI Access Security Licenses
Table of Contents
Expand All
|
Collapse All
AI Access Security Docs
-
- Discover Risks Posed by GenAI Apps
- Tag GenAI Apps
- View the Risk Scores Assigned to GenAI Apps
- Use Application Filters for GenAI Apps
- Modify Default GenAI App Access Policy Rule to Control GenAI Access
- Create Custom Security Policy Rules to Control GenAI Access
- AI Access Security Recommendations
- Generate an AI Access Security Report
AI Access Security Licenses
Review the AI Access Security licenses to understand which license is
right for you.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
One of the following:
|
Review the available AI Access Security licenses to begin safely adopting and controlling access to
generative AI (GenAI) applications on your network.
- AI Access Security LicenseThe AI Access Security license is a standalone license. It includes the following three types of license:
- AI Access Security EVAL—Evaluation license for AI Access Security. If you have the EVAL license active, you must convert the evaluation license to a production license after the evaluation period has ended to continue safely controlling access to and safely adopting GenAI apps.
- AI Access Security LAB—AI Access Security license specific for your lab environments. This license isn't intended for a production environment.
- AI Access Security—Production license for AI Access Security.
- CASB-PA and CASB-XAI Access Security is included by default with both the CASB-PA and CASB-X licenses. No additional action is needed to activate AI Access Security. You can begin using AI Access Security to safely adopt GenAI apps after activating either of these licenses.
What's Included with an AI Access Security License?
What's included with AI Access Security depends on whether other licenses
are active on the tenant.
The included AI Access Security functionality is dependent on the PAN-OS or dataplane version currently running on the NGFW or Prisma Access tenant. Refer to the Setup Prerequisites for more information on what
functionality is included.
- AI Access Security onlyThis applies to NGFW or Prisma Access managed by Panorama or Strata Cloud Manager when only the AI Access Security license is active.PAN-OS or Dataplane VersionNGFW and Prisma Access (Managed by Panorama or Strata Cloud Manager )11.2.2-h1 and laterPrisma Access 5.1 Innovation
- Visibility into over 2,250 GenAI apps delivered through dynamic content updates and App-ID Cloud Engine (ACE).
- Define policy rules to control access to GenAI apps and non-GenAI apps.
- Enterprise DLP inspection and verdict rendering for supported GenAI apps only.Traffic matches containing sensitive data are not forwarded to Enterprise DLP for inspection and verdict rendering for non-GenAI apps.
- Access the Strata Cloud Manager Command Center for GenAI visibility.
- Access the AI Access Security Activity Insights dashboard to view detailed GenAI app usage data, users, and common GenAI use cases occurring on your network.
- Tag GenAI
apps on Strata Cloud Manager to reflect whether
the application is approved within your
organization and for tag-based policy
enforcement.(Panorama) This includes the predefined Sanctioned and Tolerated app tags.
- Generate reports for discovered GenAI apps only.
- View GenAI apps in the Application Dictionary to learn more about specific GenAI apps, vendors, compliance, and risk characteristics that underlie those SaaS apps.
- View GenAI apps installed as third-party connected apps/plugins in 7 SaaS marketplace apps.
- Visibility and control of data-at-rest residing in ChatGPT Enterprise app.
- AI Access Security and Enterprise DLP LicensesThis applies to NGFW or Prisma Access managed by Panorama or Strata Cloud Manager when both the AI Access Security and Enterprise DLP licenses are active.PAN-OS or Dataplane VersionNGFW and Prisma Access (Managed by Panorama or Strata Cloud Manager )11.2.2-h1 and laterPrisma Access 5.1 Innovation
- Visibility into over 2,250 GenAI apps delivered through dynamic content updates and App-ID Cloud Engine (ACE).
- Define policy rules to control access to GenAI apps and non-GenAI apps.
- Enterprise DLP inspection and verdict rendering for supported GenAI and non-GenAI apps.
- Access the Strata Cloud Manager Command Center for GenAI visibility.
- Access the AI Access Security Activity Insights dashboard to view detailed GenAI app usage data, users, and common GenAI use cases occurring on your network.
- Tag GenAI
apps on Strata Cloud Manager to reflect whether
the application is approved within your
organization and for tag-based policy
enforcement.(Panorama) This includes the predefined Sanctioned and Tolerated app tags.
- Generate reports for discovered GenAI apps only.
- View GenAI apps in the Application Dictionary to learn more about specific GenAI apps, vendors, compliance, and risk characteristics that underlie those SaaS apps.
- View GenAI apps installed as third-party connected apps/plugins in 7 SaaS marketplace apps.
- Visibility and control of data-at-rest residing in ChatGPT Enterprise app.
- CASB-PA and CASB-X LicensesThis applies to NGFW or Prisma Access managed by Strata Cloud Manager when the CASB-PA or CASB-X licenses are active.PAN-OS or Dataplane VersionCASB-PA and CASB-X10.211.1Prisma Access 5.0 Preferred and InnovationPrisma Access 5.1 Preferred
- Visibility into over 2,250 GenAI apps delivered through dynamic content updates and App-ID Cloud Engine (ACE).
- Define policy rules to control access to GenAI apps and non-GenAI apps.
- Enterprise DLP inspection and verdict rendering for supported GenAI and non-GenAI apps.
- Access the Strata Cloud Manager Command Center for GenAI visibility.
- Access the AI Access Security Activity Insights dashboard to view detailed GenAI app usage data, users, and common GenAI use cases occurring on your network.
- View the following for all SaaS Inline apps including GenAI apps:
- View all third-party plugins (SSPM) including GenAI plugins.
- View asset details of all Sanctioned SaaS apps (data-at-rest) including GenAI apps.
11.2.2-h1 and laterPrisma Access 5.1 Innovation- Visibility into over 2,250 GenAI apps delivered through dynamic content updates and App-ID Cloud Engine (ACE).
- Define policy rules to control access to GenAI apps and non-GenAI apps.
- Enterprise DLP inspection and verdict rendering for supported GenAI and non-GenAI apps.
- Access the Strata Cloud Manager Command Center for GenAI visibility.
- Access the AI Access Security Activity Insights dashboard to view detailed GenAI app usage data, users, and common GenAI use cases occurring on your network.
- Tag GenAI
apps on Strata Cloud Manager to reflect whether
the application is approved within your
organization and for tag-based policy
enforcement.(Panorama) This includes the predefined Sanctioned and Tolerated app tags.
- View the following for all SaaS Inline apps including GenAI apps:
- View all third-party plugins (SSPM) including GenAI plugins.
- View asset details of all Sanctioned SaaS apps (data-at-rest) including GenAI apps.
Expand all
Collapse all