Prisma AIRS
Scanning Models
Table of Contents
Scanning Models
Scan a Hugging Face model, local model, or object storage model using
CLI/SDK.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Once your Security Group is configured, you can scan models through
either the CLI or Python SDK. The process varies slightly depending on whether you're
scanning Hugging Face AI models or local models.
While scanning a model using Python SDK:
- you will need to use ModelSecurityAPIClient which is the base object to perform API calls.
- you can configure the base_url using environment variables or in your code.
When you scan using SDK, it's your responsibility to enforce allow or block decisions
according to the scan evaluation outcomes.
When you scan using CLI, the CLI will exit with a non-zero exit code if the model is
unsafe.
- AI Model Security can handle up to 1,000 files per scan.
- You cannot delete a scan.
Scan a Hugging Face Model
To scan a model hosted on Hugging Face, provide the model URI and your security group
UUID. For Hugging Face AI models, only model_uri is required.
Before you start the model scanning
process:
- Ensure that the security group source type must match the source of the model that you are scanning. For example, you cannot use a S3 security group on a Hugging Face.
- Verify and ensure that HuggingFace.co domain (https://huggingface.co/) is allowed.
- Ensure that the ignore_patterns and allow_patters do not overlap with each other.
We don’t support private Hugging Face repositories. You can only scan public Hugging
Face repositories. If you want to scan private Hugging Face repository, then you can
download the model and scan it using local model scan.
Scan using CLI
model-security scan \ --security-group-uuid "12345678-1234-1234-1234-123456789012" \ --model-uri "https://huggingface.co/microsoft/DialoGPT-medium"
Scan using Python SDK
from model_security_client.api import ModelSecurityAPIClient # Initialize the client client = ModelSecurityAPIClient( base_url="https://api.sase.paloaltonetworks.com/aims" ) result = client.scan( security_group_uuid="12345678-1234-1234-1234-123456789012", model_uri="https://huggingface.co/microsoft/DialoGPT-medium" ) print(f"Scan completed: {result.eval_outcome}")
The AI Model Security automatically fetches the latest version from Hugging Face. To
scan a specific version, include the version parameter.
Scan using CLI
model-security scan \ --security-group-uuid "12345678-1234-1234-1234-123456789012" \ --model-uri "https://huggingface.co/microsoft/DialoGPT-medium" \ --model-version "7b40bb0f92c45fefa957d088000d8648e5c7fa33"
Scan using Python SDK
from model_security_client.api import ModelSecurityAPIClient # Initialize the client client = ModelSecurityAPIClient( base_url="https://api.sase.paloaltonetworks.com/aims" ) result = client.scan( security_group_uuid="12345678-1234-1234-1234-123456789012", model_uri="https://huggingface.co/microsoft/DialoGPT-medium", model_version="7b40bb0f92c45fefa957d088000d8648e5c7fa33" )
Filter Files in Hugging Face Scans
Large Hugging Face repositories may contain files you don't need to scan. Use global
patterns to include or exclude specific files.
Scan using CLI
model-security scan \ --security-group-uuid "12345678-1234-1234-1234-123456789012" \ --model-uri "https://huggingface.co/microsoft/DialoGPT-medium" \ --allow-patterns "*.bin" "*.json" \ --ignore-patterns "*.md" "*.txt"
Scan using Python SDK
from model_security_client.api import ModelSecurityAPIClient # Initialize the client client = ModelSecurityAPIClient( base_url="https://api.sase.paloaltonetworks.com/aims" ) result = client.scan( security_group_uuid="12345678-1234-1234-1234-123456789012", model_uri="https://huggingface.co/microsoft/DialoGPT-medium", allow_patterns=["*.bin", "*.json"], ignore_patterns=["*.md", "*.txt"] )
Scan a Local Model
For models stored locally, specify the path to the model directory. To scan a model
from the local disk, only model_path is required.
Before you start the model scanning
process:
- Ensure that the security group source type must match the source of the model that you are scanning. For example, you cannot use a Hugging Face security group on a local model. If you don’t provide any model URI, then by default local disk source type is used.
- Validate that the model path points to the correct storage location.
- The ignore_patterns and allow_patters is not applicable for local model scans.
- Running a model scan can consume up to 4GB memory depending on the size and type of the model. Therefore, ensure that the environment used for the scanning has sufficient resources. Verify if you've enough space to download and sàve the model being scanned.
Scan using CLI
model-security scan \ --security-group-uuid "12345678-1234-1234-1234-123456789012" \ --model-path "path/to/local/model"
Scan using Python SDK
from model_security_client.api import ModelSecurityAPIClient # Initialize the client client = ModelSecurityAPIClient( base_url="https://api.sase.paloaltonetworks.com/aims" ) result = client.scan( security_group_uuid="12345678-1234-1234-1234-123456789012", model_path="path/to/local/model" )
Scan a Model from Object Storage
We support object storages Amazon S3, Google Cloud Storage, and Azure Blob Storage.
To scan an AI model from Amazon S3, Google Cloud Storage, or Azure Blob Storage,
download the model to your local disk and provide the saved local path of the model
for model_path and original URI for model_uri.
Note that both model_path and model_uri are
required to scan a model from these object storages.
Scan using CLI
model-security scan \ --security-group-uuid "12345678-1234-1234-1234-123456789012" \ --model-path "path/to/local/model" \ --model-uri "s3://your-bucket/model-directory" \ --model-name "production-classifier" \ --model-author "ml-team" \ --model-version "v2.1"
Scan using Python SDK
from model_security_client.api import ModelSecurityAPIClient # Initialize the client client = ModelSecurityAPIClient( base_url="https://api.sase.paloaltonetworks.com/aims" ) result = client.scan( security_group_uuid="12345678-1234-1234-1234-123456789012", model_path="path/to/local/model", model_uri="s3://your-bucket/model-directory", model_name="production-classifier", model_author="ml-team", model_version="v2.1" )
The CLI shows scan results in real-time as they finish. Each scan tests the model
against all active rules in your Security Group. The output shows whether the model
passes or fails based on your rule configuration.
A model fails if any blocking rule detects a violation. Non-blocking rules record
findings without preventing the model from being approved.
Customize Model Scans
You can configure scan execution and adjust result timeout settings.
Customize Scan using CLI
model-security scan \ --security-group-uuid "12345678-1234-1234-1234-123456789012" \ --model-uri "https://huggingface.co/microsoft/DialoGPT-medium" \ --poll-interval-secs 10 \ --poll-timeout-secs 900 \ --block-on-errors
Customize Scan using Python SDK
from model_security_client.api import ModelSecurityAPIClient # Initialize the client client = ModelSecurityAPIClient( base_url="https://api.sase.paloaltonetworks.com/aims" ) result = client.scan( security_group_uuid="12345678-1234-1234-1234-123456789012", model_uri="https://huggingface.co/microsoft/DialoGPT-medium", poll_interval_secs=10, poll_timeout_secs=900, scan_timeout_secs=900 )
Following are the configuration options to customize the scan for AI models.
| Configuration Option | Description | Default Value |
|---|---|---|
| poll_interval_secs | Specify the frequency of scan status checks. | 5 seconds |
| poll_timeout_secs | Specify the maximum wait time for scan completion. | 600 seconds |
| scan_timeout_secs | (SDK only) Specify the timeout for local model scanning. | 600 seconds |
| block_on_errors | (CLI only) CLI exits with an error code when scan errors occurs. | NA |