The Prisma AIRS Model Context Protocol (MCP) server is a standalone remote server that addresses significant integration challenges in securing agentic AI applications with easy deployment. You can use this service to protect your AI applications without the complex infrastructure dependencies or extensive code changes that traditional security solutions require.

The Prisma AIRS MCP server in the Palo Alto Networks cloud environment serves as a centralized security gateway for AI agent interactions. The server validates all tool invocations through the MCP and provides real-time Threat Detection on tool inputs, outputs, and tool descriptions or schemas. The Prisma AIRS MCP server empowers you within the MCP ecosystem by delivering security-focused building blocks for AI and copilot workflows. Its universal, easy-to-integrate interface works with any MCP client, enabling AI agents to translate plain-language user requests into secure, powerful workflows.

When you implement the MCP server as a tool, you only need to specify the protocol type, URL, and API key in your configuration file to automatically scan all external MCP server calls for vulnerabilities. This minimal setup enables you to detect various threats including prompt injection, MCP context poisoning, and exposed credentials without disrupting your development workflow. The service is valuable for low-code or no-code platforms where inserting security between the AI agent and its tool calls would otherwise be challenging. You can protect your AI applications with features such as AI Application Protection, AI Model Protection, and AI Data Protection, each designed to safeguard specific aspects of your AI workflows.

The Prisma AIRS MCP server integrates with your existing API infrastructure, enabling you to view comprehensive scan logs through familiar interfaces. This integration ensures you maintain visibility into security events while simplifying your security operations.

Prisma AIRS API allows you to associate multiple applications with a single deployment profile, removing the need to create separate deployment profiles for each application.

With this feature, you can associate up to 20 applications with a single deployment profile, significantly simplifying management while maintaining consistent security policies. When creating a new application, you can either select an existing activated deployment profile or activate a new one before establishing the association. This flexibility helps you organize your applications based on shared security requirements or business functions.

You can easily modify which deployment profile an application uses through the application edit view, allowing you to adapt as your security needs evolve. The application detail and list views clearly display which deployment profile each application is linked to, providing transparency and helping you maintain proper governance. This capability is fully supported through both Strata Cloud Manager and API endpoints, enabling you to programmatically manage multiple applications per deployment profile for automation and integration scenarios.

API scan events, including blocked threats, now integrate with the Strata Logging Service, providing a unified log viewer interface for both API-based and network-based AI security events. The Log Viewer now includes a new log type, Prisma AIRS AI Runtime Security API, which displays the scan API logs. This integration allows Security Operations Center (SOC) teams to be alerted to critical threats.The integration also enables a powerful query builder to search and analyze scan data and supports out-of-the-box queries for analyzing threats. Log forwarding is now supported for Prisma AIRS AI Runtime: API intercept. This ensures comprehensive visibility and streamlines security operations across multiple supported regions.

You can now deploy API detection services in the India region, ensuring compliance and improving performance. When creating a deployment profile, you can select India as your preferred region. This choice determines the underlying region for data processing and storage.

Malicious code embedded directly in plain-text fields of API prompts or responses is detected across both synchronous and asynchronous scan services. Even if the code isn’t in a traditional file format, it is identified and analyzed. For testing purposes, send malicious code in plain text within the API “prompt” or “response” fields to confirm detection.

As AI applications become more integrated, the risk of malicious code injection through user input or model responses increases. This feature helps safeguard your AI models and applications by providing a layer of defense against such threats, even when the code is embedded in formats other than traditional files.

You can include the end user's IP address in both synchronous and asynchronous scan requests to enhance threat correlation and incident response capabilities. A new `user_ip` field has been added to the scan request metadata schema, allowing you to incorporate the originating IP address of the end user in both synchronous and asynchronous scan requests. The `user_ip` field provides crucial context for security analysis. Understanding the source IP address of an end user involved in a scan significantly enhances your ability to correlate threats and streamline incident response.

Prisma AIRS API Python SDK, integrates advanced AI security scanning into Python applications. It supports Python versions 3.9 through 3.13, offering synchronous and asynchronous scanning, robust error handling, and configurable retry strategies.

This SDK allows developers to "shift left" security, embedding real-time AI-powered threat detection and prevention directly into their Python applications. By providing a streamlined interface for scanning prompts and responses for malicious content, data leaks, and other threats, it helps secure your AI models, data, and applications from the ground up.

You can now use Strata Cloud Manager to manage API detection services hosted in the EU (Germany) region. When creating a deployment profile, you select your preferred region, and all subsequent scan requests are routed to the corresponding regional API endpoint. This allows for localized hosting and processing of your AI security operations.

By enabling regional deployment of AI security services, you can: comply with data residency requirements, reduce latency by processing security scans closer to your European users and infrastructure.

Automatic detection and masking of sensitive data patterns are now available in the scan API output, which scans the prompts and responses in Large Language Models (LLM). This feature replaces sensitive information such as Social Security Numbers and bank account details with "X" characters while maintaining the original text length. API scan logs indicate sensitive content with the new "Content Masked" column.

As LLMs become more prevalent, the risk of inadvertently exposing sensitive data increases. This automatic masking capability enhances data privacy and maintains compliance with data protection regulations. Proactively obscuring sensitive information reduces the risk of data leakage, strengthens the security posture of AI applications, and builds greater trust in the use of AI models by ensuring sensitive details are never fully exposed in logs or intermediary steps.

You can protect and monitor AI agents against unauthorized actions and system manipulation. This feature extends security to AI agents developed on low-code/no-code platforms, like Microsoft Copilot Studio, AWS Bedrock, GCP Vertex AI, and VoiceFlow, as well as custom workflows.

As AI agents become more prevalent, they introduce new attack surfaces. This protection is crucial for ensuring the integrity and secure operation of your AI agents, regardless of how the agents were developed.

You can now enable Contextual Grounding detection in your LLM response, which detects responses that contain information not present in or contradicting the provided context. This feature works by comparing the LLM's generated output against a defined input context. If the response includes information that wasn't supplied in the context or directly contradicts it, the detection flags these inconsistencies, helping to identify potential hallucinations or factual inaccuracies.

Ensuring that LLM responses are grounded in the provided context is critical for applications where factual accuracy and reliability are paramount.

You can enable the Custom Topic Guardrails detection service to identify a topic violation in the given prompt or response. This feature allows you to define specific topics that must be allowed or blocked within the prompts and responses processed by your LLM models. The system then monitors content for violations of these defined boundaries, ensuring that interactions with your LLMs stay within acceptable or designated subject matter.

Custom Topic Guardrails provide granular control over the content your AI models handle, offering crucial protection against various risks. For example, you can prevent misuse, maintain brand integrity, ensure compliance, and enhance the focus of the LLM's outputs.

Code snippets generated by Large Language Models (LLMs) can be protected with Malicious Code Detection feature for potential security threats. This feature is crucial for preventing supply chain attacks, enhancing application security, maintaining code integrity, and mitigating AI risks.

The system supports scanning for malicious code in multiple languages, including JavaScript, Python, VBScript, PowerShell, Batch, Shell, and Perl.

To activate this protection, you need to enable it within the API Security Profile. When configured, this feature can block the execution of potentially malicious code or be set to allow, depending on your security needs. This capability is vital for organizations that are increasingly leveraging generative AI for development, as it helps to secure against the risks of LLM poisoning, where adversaries intentionally introduce malicious data into training datasets to manipulate model outputs.

​​To protect AI applications from generating or responding to inappropriate content, a new capability adds toxic content detection to LLM requests and responses. This advanced detection is designed to counteract sophisticated prompt injection techniques used by malicious actors to bypass standard LLM guardrails. The feature identifies and mitigates content that contains hateful, sexual, violent, or profane themes.

This capability is vital for maintaining the ethical integrity and safety of AI applications. It helps protect brand reputation, ensures user safety, mitigates misuse, and promotes a responsible AI. By analyzing both user inputs and model outputs, the system acts as a filter to intercept requests and responses that violate predefined safety policies.

The system can either block the request entirely or rewrite the output to remove the toxic language. In addition to detecting toxic content, it also helps prevent bias and misinformation, which are common risks associated with LLMs. By implementing this security layer, you can ensure that your AI agents and applications operate securely and responsibly, safeguarding against both intentional and unintentional generation of harmful content.

You can now manage and monitor your AI firewalls with Panorama. This integration allows you to leverage a central platform for defining and observing AI security policies and logs.

This capability extends to securing VM workloads and Kubernetes clusters, allowing for a unified approach to security across your diverse environments. Centralized management provides a number of key benefits, including unified visibility, streamlined operations, consistent policy enforcement, and accelerated incident response.

You can manage Applications, API Keys, and Security Profiles from a centralized dashboard within Strata Cloud Manager. This allows you to create and manage multiple API keys, define and manage applications, and create and manage AI API security profiles and their revisions. This centralized approach enables you to tailor security policy rules precisely to the unique needs of different applications and API integrations.

Prisma AIRS API intercept is a threat detection service that enables you to discover and secure applications by programmatically scanning prompts and models for threats. You can implement a Security-as-Code approach using our REST APIs to protect your AI models, applications, and AI data.

These REST APIs seamlessly integrate AI security scanning into your application development and deployment workflows. This methodology enables automated and continuous protection for your AI models, applications, and the data they process, making security an intrinsic part of your development lifecycle.

You can now discover your Azure and AWS cloud assets by onboarding your accounts in Strata Cloud Manager for central management. You can deploy and secure these environments with Prisma AIRS AI Runtime: Network intercept.

This expanded support enables unified multi-cloud protection, enhanced visibility, streamlined deployment, and reduced risk.

You can now discover your GCP cloud assets by onboarding your GCP account in Strata Cloud Manager. You can deploy and secure your GCP environment with network intercept. This feature enables onboarding your GCP cloud account to a centralized management platform, enabling the discovery of your cloud assets and providing visibility into your AI workload deployments.

This expanded support for GCP provides dedicated protection, enhanced visibility, streamlined deployment, and reduced risk.