Prisma AIRS
Install AI Model Security
Table of Contents
Install AI Model Security
Install AI Model Security Python package that provides both a command-line interface
and a Python SDK.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
To scan both internal and external models, you require either AI Model Security CLI
or SDK. AI Model Security is available as a Python package that offers both a
command-line interface and a Python SDK. Install the package using your preferred
Python package manager.
- Generate the pip index link.Copy the script below and save it to your local environment (alternatively, you can create your own script using this as a reference).#!/bin/bash # # Model Security Private PyPI Authentication Script # Authenticates with SCM and retrieves PyPI repository URL # set -euo pipefail # Check required environment variables : "${MODEL_SECURITY_CLIENT_ID:?Error: MODEL_SECURITY_CLIENT_ID not set}" : "${MODEL_SECURITY_CLIENT_SECRET:?Error: MODEL_SECURITY_CLIENT_SECRET not set}" : "${TSG_ID:?Error: TSG_ID not set}" # Set default endpoints API_ENDPOINT="${MODEL_SECURITY_API_ENDPOINT:-https://api.sase.paloaltonetworks.com/aims}" TOKEN_ENDPOINT="${MODEL_SECURITY_TOKEN_ENDPOINT:-https://auth.apps.paloaltonetworks.com/oauth2/access_token}" # Get SCM access token TOKEN_RESPONSE=$(curl -sf -X POST "$TOKEN_ENDPOINT" \ -H "Content-Type: application/x-www-form-urlencoded" \ -u "$MODEL_SECURITY_CLIENT_ID:$MODEL_SECURITY_CLIENT_SECRET" \ -d "grant_type=client_credentials&scope=tsg_id:$TSG_ID") || { echo "Error: Failed to obtain SCM access token" >&2 exit 1 } SCM_TOKEN=$(echo "$TOKEN_RESPONSE" | jq -r '.access_token') if [[ -z "$SCM_TOKEN" || "$SCM_TOKEN" == "null" ]]; then echo "Error: Failed to extract access token from response" >&2 exit 1 fi # Get PyPI URL PYPI_RESPONSE=$(curl -sf -X GET "$API_ENDPOINT/mgmt/v1/pypi/authenticate" \ -H "Authorization: Bearer $SCM_TOKEN") || { echo "Error: Failed to retrieve PyPI URL" >&2 exit 1 } PYPI_URL=$(echo "$PYPI_RESPONSE" | jq -r '.url') if [[ -z "$PYPI_URL" || "$PYPI_URL" == "null" ]]; then echo "Error: Failed to extract PyPI URL from response" >&2 exit 1 fi echo "$PYPI_URL"Set up authentication using environment variables.After placing the script in an executable location, you'll need to set several environment variables before running it. Both the AI Model Security CLI and SDK require authentication credentials set as environment variables. The client automatically manages OAuth2 authentication with the provided credentials.export MODEL_SECURITY_CLIENT_ID=<your-client-id> export MODEL_SECURITY_CLIENT_SECRET=<your-client-secret> export TSG_ID=<your-tsg-id> export MODEL_SECURITY_API_ENDPOINT="https://api.sase.paloaltonetworks.com/aims"Install AI Model Security package (both SDK and CLI) with uv or pip.
- Install AI Model Security package (both SDK and CLI) using uv, or.uv add model-security-client --index $(/path/to/script.sh)Install AI Model Security package (both SDK and CLI) using pip.pip install model-security-client \ --extra-index-url <URL from Script>Initialize the AI Model Security Python SDK.To use the Python SDK in your code, import and initialize the AI Model Security client.from uuid import UUID from model_security_client.api import ModelSecurityAPIClient # Initialize the client client = ModelSecurityAPIClient( base_url="https://api.sase.paloaltonetworks.com/aims" )The AI Model Security client uses the same environment variables for authentication as the CLI.
