AI Runtime Security Licenses

The AI Runtime Security license is a package of licenses that enables AI Runtime Security and as well as other Palo Alto Networks cloud-delivered security services that support it. AI Runtime Security uses a bring your own license (BYOL) model. This means you must retrieve an auth code from the Palo Alto Networks Customer Support Portal and then apply that auth code when deploying your AI Runtime Security: Network intercept.

The AI Runtime Security license is funded using Software NGFW Credits. To use Software NGFW credits, you must fund a credit pool. You then create a deployment profile to configure one or more AI Runtime Security intercepts based on the number of vCPUs per instance and the total number of instances supported by the deployment profile. All the AI network and API intercepts created with a deployment profile share the same auth code.

The AI Runtime Security license includes the following AI Security Services.

• AI App Protection
• AI Model Protection
• AI Data Protection

Additionally, the AI Runtime Security includes the following cloud-delivered security services.

AI Runtime Security: Network intercept requires, Cloud Identity Engine (CIE), Data Loss Prevention (DLP), and Strata Logging Service tenants. Before you can complete the license activation process, you must set up an instance of Strata Logging Service; Strata Cloud Manager Pro, CIE, and DLP tenants are deployed automatically upon completion of the activation process.

The AI Runtime Security: API intercept license includes the following AI Security Services:

Activating the AI Runtime Security: API intercept deployment in Customer Support Portal enables the above services on the Hub. The Hub creates instances for the Strata Cloud Manager instance including the AI Runtime Security: API intercept feature.

For details, refer to creating a deployment profile for AI Runtime Security: API Intercept.