New Features - Prisma AIRS - May 2026

You can now deploy API detection services in the India region, ensuring compliance and improving performance. When creating a deployment profile, you can select India as your preferred region. This choice determines the underlying region for data processing and storage.

The Model Security identity enhancement establishes a centralized model registry for the AI models you scan, moving away from fragile, location-based tracking that relies on URI file paths. Instead, you can now utilize artifact fingerprinting to establish a definitive, content-based identity for every model. By providing a structured data model with robust artifact management and customizable display names, this feature allows you to register models securely and maintain a persistent identity that reflects your business needs rather than your storage topology.

You can apply this framework to seamlessly track the evolution of your AI models as they change over time. Through automated version tracking, every new scan or update of an existing model automatically increments its version number, ensuring you retain a complete historical record of model changes and their associated artifacts. Whether you are an MLOps engineer migrating models across environments or a security professional auditing scan results, you can trace the exact model version and its specific component artifacts. Because the system uses content-based fingerprinting rather than temporary storage locations, your model's identity remains completely intact even if you move artifacts from an S3 bucket to a local deployment path.

Adopting this robust identity approach ensures you maintain continuous visibility and strict audit trails for your scanned AI assets. You gain the ability to assign business-relevant display names to your models, replacing obscure file paths with recognizable identities throughout your UI and API responses. Ultimately, this enhanced registration and versioning capability eliminates the loss of audit trails when models move between environments, providing you with automated lifecycle visibility and a highly reliable security posture for your AI deployments.

Prisma AIRS AI Runtime API enhances the API intercept model by introducing a new transaction_id field to the Scan Service API, enabling customers to track individual API transactions independently from session-level grouping. This field coexists with legacy session_id and tr_id fields, providing the flexibility to provide all three IDs simultaneously without conflict. This enhancement provides the following benefits:

• Independent Tracking: Allows for granular tracking of single requests while maintaining broader session-level correlation.

• Backwards Compatibility: The new field is entirely independent of existing legacy fields, ensuring no disruption to current session tracking behaviors.

• End-to-End Visibility: The transaction_id is echoed back in sync scan responses and included in both Scan Results and Scan Reports APIs.

With these enhancements, the API interface model provides:

• Flexible Input: You can provide your own ID (up to 100 characters) or let the system auto-generate one with a pan_prefix.

• Database Mapping: To avoid conflict with legacy naming, the new transaction_id is stored in a new session_transaction_id database column.
• Downstream Integration: Transaction IDs are stored in Strata Logging Service and can therefore be forwarded to SIEM/SOAR.

Note: Prior to this enhancement, any API key could call scan and report APIs to scans and reports from any API key. With this update the API key must be associated to the app that is associated to the scan and report.

You can now deploy API detection services in the Japan and Netherlands regions, ensuring compliance and improved performance. When creating a deployment profile, you can select either Japan or Netherlands as your preferred region. This choice determines the underlying region for data processing and storage.

AI Red Teaming extends its WebSocket (WS/WSS) connection method support to AI targets deployed in private networks through the network channel. You can now configure WebSocket and WSS endpoints for private applications by routing traffic through a network channel. This offers a streamlined connection method to use as an alternative to IP allowlisting for endpoints secured within a private network.

By adding network channel support for real-time, streaming, or low-latency WebSocket targets—AI Red Teaming addresses the accessibility gap and ensures that your private, real-time AI workloads receive the same depth of adversarial testing as your publicly accessible endpoints.

When you add a WebSocket target over a network channel, all existing authentication methods—including header-based, payload-based, and OAuth—remain available. OpenAI-compliant streaming formats are supported. Moreover, this capability builds on the existing WebSocket support, meaning your existing target management workflows and web interface experience carry forward without disruption.