The AI Runtime Security license is a package of licenses that enables AI Runtime Security and as well as other Palo Alto Networks cloud-delivered security services that support it. AI Runtime Security uses a bring your own license (BYOL) model. This means you must retrieve an auth code from the Palo Alto Networks Customer Support Portal (CSP) and then apply that auth code when deploying your AI Runtime Security instances.

The AI Runtime Security license is funded using Software NGFW Credits. To use Software NGFW Credits, you must fund a credit pool. You then create a deployment profile to configure one or more AI Runtime Security instances based on the number of vCPUs per instance and the total number of instances supported by the deployment profile. All the AI Runtime Security instances created with a deployment profile share the same auth code.

The AI Runtime Security license includes the following AI Security Services.

• AI App Protection
• AI Model Protection
• AI Data Protection

Additionally, the AI Runtime Security includes the following cloud-delivered security services.

AI Runtime Security: Network intercept requires Strata Cloud Manager, Cloud Identity Engine (CIE), Data Loss Prevention (DLP), and Strata Logging Service (SLS) tenants. Before you can complete the license activation process, you must set up an instance of SLS; the Strata Cloud Manager, CIE, and DLP tenants are deployed automatically upon completion of the activation process.

The AI Runtime Security: API intercept license includes the following AI Security Services:

Activating the AI Runtime Security: API intercept deployment in CSP enables the above services on the Hub. The Hub creates instances for the Strata Cloud Manager instance including the AI Runtime Security: API intercept feature.

For details, refer to creating a deployment profile in CSP for AI Runtime Security: API Intercept.