Focus

New Features - Prisma AIRS - July 2026


Custom Pre- and Post-Processors for AI Red Teaming Target Configuration

Release Date: July 2026 | Last Updated: July 2026

Prisma AIRS AI Red Teaming introduces Custom Pre- and Post-Processors, extending the platform's ability to scan any AI target an organization deploys, regardless of how that target handles authentication, session management, or response formatting. The goal is straightforward: any AI application that a human red teamer can interact with should be scannable by AI Red Teaming without requiring custom middleware.

Enterprise AI targets rarely expose a simple, stateless API. They require creating sessions before accepting messages, refreshing authentication tokens that expire mid-scan, threading conversation identifiers across multi-turn interactions, or returning AI responses in proprietary formats that standard extraction cannot parse. Until now, connecting these targets required building and maintaining a bespoke proxy server, a significant effort that could take weeks per target and introduced ongoing operational overhead. Custom Pre- and Post-Processors replace this with a standardized approach that is seamless and quick to configure.

Custom Pre- and Post-Processors use a simple Python SDK where customers implement plain functions that control how requests are prepared and how responses are processed. The SDK supports automatic token refresh with configurable expiry, session creation and state management across multi-turn conversations, flexible response extraction from any format, and explicit error signaling for rate limits, authentication failures, and content filtering. For targets that use non-HTTP protocols such as WebSocket, a full request override is available.

To configure processors, using the custom adapter section in the AI Red Teaming web interface, create a Python script, define any required variables and secrets, and validate end-to-end before linking to a target. Validation runs the complete communication chain so configuration issues surface before a scan begins. A single processor configuration can be shared across multiple targets, with per-target overrides for environment-specific values.

If your organization scans AI applications that require authentication flows, session-based conversations, or return responses in custom formats, Custom Pre- and Post-Processors provide native connectivity without external middleware. This is particularly valuable for teams running long-duration dynamic scans against OAuth-protected targets, testing multi-turn attack scenarios against session-based chatbots, or scanning AI applications with proprietary API contracts that standard connectors cannot accommodate.