New Features - Prisma AIRS - February 2026

Target Profiling enhances your AI security assessments by gathering comprehensive contextual information about your AI endpoints, enabling more accurate and relevant vulnerability discoveries. With Target Profiling, you can leverage both user-provided information and dynamic Agentic Profiling to get detailed profiles of your AI models, applications, and agents.

Target Profiling collects critical information about your AI systems, including industry context, use cases, competitive landscape, and technical foundations such as base models, architecture patterns, and accessibility requirements. AI Red Teaming's Agentic Profiling capability connects with and interrogates your target endpoint to discover all the business and technical context of the target. This automated approach saves you time while ensuring comprehensive coverage of contextual factors that influence security risks.

The feature provides you with a centralized view where you can visualize all gathered context. You can distinguish between user-provided information and agent-discovered data, giving you full transparency into how your target profiles are constructed.

API Violations View provides unparalleled visibility into API security threats targeting your AI applications, models, and agents. This feature delivers clear, visual insights, enabling efficient investigation and management of blocked API calls to enhance your AI infrastructure's security posture.

You can now leverage Prisma AIRS AI Red Teaming's enhanced capabilities to comprehensively assess the security posture of your autonomous AI agents and multi-agent systems. As your organization deploys agentic systems that extend beyond traditional AI applications to include tool calling, instruction execution, and system interactions, you face an expanded and more complex attack surface that requires specialized security assessment approaches. This advanced AI Red Teaming solution addresses the unique vulnerabilities Inherent in generative AI agents by employing agent-led testing methodologies that craft targeted goals and attacks specifically designed to exploit agentic system weaknesses.

When you configure your AI Red Teaming assessments, the system automatically tailors its approach based on your target endpoint type, enabling you to uncover critical vulnerabilities such as tool misuse where malicious actors manipulate your AI agents to abuse their integrated tools through deceptive prompts while operating within authorized permissions. The solution also identifies intent breaking and goal manipulation vulnerabilities where attackers redirect your agent's objectives and reasoning to perform unintended tasks.

This targeted approach ensures you can confidently deploy AI agents in production environments while maintaining robust security controls against the evolving threat landscape targeting autonomous AI systems.

Prisma AIRS addresses a visibility gap for security analysts using SIEM (Security Information and Event Management) tools to monitor Prisma AIRS. Currently, API logs forwarded to SIEM tools contain metadata and a verdict (for example, blocked ) but do not include the actual payload (the raw prompt or response). This makes it very difficult for an analyst to determine if an alert is a false positive because they cannot see the content that triggered the block without leaving their SIEM environment. By including the session URL in API logs Prisma AIRS resolves this problem.

Instead of sending raw payloads to the SIEM—which would increase storage costs and potentially expose sensitive PII (Personally Identifiable Information)—this feature appends a direct hyperlink to the API scan logs. This feature includes:

• A session URL: A new mandatory field named session_URL is added to the Prisma AIRS API Log Schema.
• One-click investigation: When an analyst clicks this URL in their SIEM, they are taken directly to the Session View in Strata Cloud Manager (SCM).
• Contextual data: Using Strata Cloud Manager (SCM), you can view both the atomic payload (the specific prompt) and the full session context to make an informed decision.

Prisma AIRS AI Runtime adds support for securing models in Microsoft Foundry. Microsoft Foundry represents a unified Azure platform-as-a-service offering for enterprise AI operations, model builders and application development. It unifies agents, models and tools under a single management grouping while supporting built-in enterprise readiness capabilities.

Prisma AIRS AI Runtime adds support for Multi Category Toxicity Detection, enhancing the AI Runtime API to identify specific types of harmful content by moving beyond a single general toxicity classification. It allows you to distinguish between 8 sub-categories of toxicity based on your specific AI application use cases and compliance requirements, which are viewable in the AI Runtime scan API response.

Multi-turn attack support enables you to conduct sophisticated AI Red Teaming scenarios by maintaining conversation context across multiple interactions with your target language models, extending beyond basic single-turn testing to simulate realistic attack patterns where adversaries gradually manipulate model behavior through sequential prompts that mimic how actual users interact with AI systems in production environments.

When you configure multi-turn attacks, AI Red Teaming automatically manages conversation state, supporting both stateless APIs that use past conversations and stateful backends that maintain session context internally.

• For stateless configurations, you specify the assistant role name used by your target API, and the system automatically builds and transmits the complete conversation history with each subsequent request.
• For stateful configurations, you define how session identifiers are extracted from responses and injected into follow-up requests, allowing the system to maintain context without resending entire conversation histories.

AI Red Teaming supports all major LLM providers including OpenAI, Gemini, Bedrock, and Hugging Face while also accommodating custom endpoints through flexible configuration options that auto-detect common message formats.

You can leverage multi-turn attacks to test sophisticated vulnerabilities that only emerge through extended conversations with AI agents, particularly when evaluating chatbots and virtual assistants that maintain memory across interactions to verify whether context from earlier turns can be exploited to bypass safety controls in later exchanges. If you are assessing custom API endpoints or self-hosted LLM backends, multi-turn testing reveals how these systems handle conversation state management and whether attackers could poison agent memory or create context confusion, while organizations migrating from one LLM provider to another can use multi-turn campaigns to ensure their new infrastructure maintains the same security posture across extended interactions.

Prisma AIRS adds an enhancement to AI Runtime threat reporting. With this enhancement, snippets of threats detected in the AI Runtime are reported in API and Violations view. This enhancement provides the following:

• When AI Runtime detects a risk in a large payload (many thousands of characters), this enables you to see the specific portion of the payload (up to 1K characters) that are identified as a threat. This is supported for the features listed below:

  • Prompt injection detection
  • Toxic content detection
  • Database security (AI-generated SQL CRUD guardrail)

• When AI Runtime detects a DLP risk, customers can see the specific substrings in the payload that matched the DLP pattern.

  Note: DLP integration requires you to enable snippet storage in the DLP configuration. This functionality is not yet supported in the current release.

Prisma AIRS API now supports token-based licensing, shifting from an API call-based consumption model to a more flexible and scalable monthly token consumption model. This aligns your environment with current AI industry standards, providing granular, content-driven usage measurement priced per billion monthly tokens where a token is four characters. You can manage allocations in the Customer Support Portal (CSP) and monitor consumption in Strata Cloud Manager (SCM). For more information, see Create a Deployment Profile for Prisma AIRS AI Runtime API.