>
    Strata Copilot
    Install AI Model Security
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma AIRS
    3. Secure Your AI Models with AI Model Security
    4. Get Started with AI Model Security
    5. Install AI Model Security
    Download PDF
    Prisma AIRS

    Install AI Model Security

    Table of Contents

    Install AI Model Security

    Install AI Model Security Python package that provides both a command-line interface and a Python SDK.
    Where Can I Use This?What Do I Need?
    • Prisma AIRS (AI Model Security)
    • Prisma AIRS AI Model Security License
    • SCM IAM Service Account with appropriate permissions
    To scan both internal and external models, you require either AI Model Security CLI or SDK. AI Model Security is available as a Python package that offers both a command-line interface and a Python SDK. Install the package using your preferred Python package manager.
    1. Generate the pip index link.
      Copy the script below and save it to your local environment (alternatively, you can create your own script using this as a reference).
      
#!/bin/bash
#
# Model Security Private PyPI Authentication Script
# Authenticates with SCM and retrieves PyPI repository URL
#

set -euo pipefail

# Check required environment variables
: "${MODEL_SECURITY_CLIENT_ID:?Error: MODEL_SECURITY_CLIENT_ID not set}"
: "${MODEL_SECURITY_CLIENT_SECRET:?Error: MODEL_SECURITY_CLIENT_SECRET not set}"
: "${TSG_ID:?Error: TSG_ID not set}"

# Set default endpoints
API_ENDPOINT="${MODEL_SECURITY_API_ENDPOINT:-https://api.sase.paloaltonetworks.com/aims}"
TOKEN_ENDPOINT="${MODEL_SECURITY_TOKEN_ENDPOINT:-https://auth.apps.paloaltonetworks.com/oauth2/access_token}"

# Get SCM access token
TOKEN_RESPONSE=$(curl -sf -X POST "$TOKEN_ENDPOINT" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -u "$MODEL_SECURITY_CLIENT_ID:$MODEL_SECURITY_CLIENT_SECRET" \
    -d "grant_type=client_credentials&scope=tsg_id:$TSG_ID") || {
    echo "Error: Failed to obtain SCM access token" >&2
    exit 1
}

SCM_TOKEN=$(echo "$TOKEN_RESPONSE" | jq -r '.access_token')
if [[ -z "$SCM_TOKEN" || "$SCM_TOKEN" == "null" ]]; then
    echo "Error: Failed to extract access token from response" >&2
    exit 1
fi

# Get PyPI URL
PYPI_RESPONSE=$(curl -sf -X GET "$API_ENDPOINT/mgmt/v1/pypi/authenticate" \
    -H "Authorization: Bearer $SCM_TOKEN") || {
    echo "Error: Failed to retrieve PyPI URL" >&2
    exit 1
}

PYPI_URL=$(echo "$PYPI_RESPONSE" | jq -r '.url')
if [[ -z "$PYPI_URL" || "$PYPI_URL" == "null" ]]; then
    echo "Error: Failed to extract PyPI URL from response" >&2
    exit 1
fi

echo "$PYPI_URL"
    2. Set up authentication using environment variables.
      After placing the script in an executable location, you'll need to set several environment variables before running it. Both the AI Model Security CLI and SDK require authentication credentials set as environment variables. The client automatically manages OAuth2 authentication with the provided credentials.
      
export MODEL_SECURITY_CLIENT_ID=<your-client-id>
export MODEL_SECURITY_CLIENT_SECRET=<your-client-secret>
export TSG_ID=<your-tsg-id>
export MODEL_SECURITY_API_ENDPOINT="https://api.sase.paloaltonetworks.com/aims"
      Mandatory Environment Variables
      Environmental VariableDescription
      MODEL_SECURITY_CLIENT_IDClient ID of the SCM service account.
      MODEL_SECURITY_CLIENT_SECRETClient secret of the SCM service account.
      TSG_IDTSG ID of your tenant service group.
      MODEL_SECURITY_API_ENDPOINTURL of the AI Model Security API service.
      Optional Environment Variables
      Environmental VariableDescription
      Set Commands
      --base-urlBase URL of the Model Security API that overrides the MODEL_SECURITY_API_ENDPOINT environment variable.
      --log-levelLog level settings:
      • critical
      • error
      • (default) info
      • debug
        Setting debug log level is helpful when you want to troubleshoot any issue.
      --silent(CLI only) Disables all output and logging to standard output.
      Show commands
      --version or -v(CLI only) Displays the CLI version information.
      --help(CLI only) Displays the help information.
    3. Install AI Model Security package (both SDK and CLI) with uv or pip.
      1. Install AI Model Security package (both SDK and CLI) using uv, or.
        
uv add model-security-client --index $(/path/to/script.sh)
      2. Install AI Model Security package (both SDK and CLI) using pip.
        
pip install model-security-client \
  --extra-index-url <URL from Script>
    4. Initialize the AI Model Security Python SDK.
      To use the Python SDK in your code, import and initialize the AI Model Security client.
      
from uuid import UUID
from model_security_client.api import ModelSecurityAPIClient

# Initialize the client
client = ModelSecurityAPIClient(
    base_url="https://api.sase.paloaltonetworks.com/aims"
)
      The AI Model Security client uses the same environment variables for authentication as the CLI.

    © 2025 Palo Alto Networks, Inc. All rights reserved.