What's New in 2025
Focus
Focus
Prisma AIRS

What's New in 2025

Table of Contents

What's New in 2025

Learn what's new on Prisma AIRS AI Runtime in 2025.

What's New in 2025 (Network Intercept)

Learn what's new on Prisma AIRS AI Runtime: Network intercept in 2025.

Feature
Description
Overlay Routing Support for EKS Traffic
Released in August
The overlay routing feature eliminates traffic hairpinning by enabling direct egress from Prisma AIRS AI Runtime: Network intercept to next-hop destinations, like the Internet Gateway (IGW) and NAT Gateways. This prevents double inspection of traffic, reducing latency, bandwidth utilization, and resource consumption. Prisma AIRS can now function as a NAT gateway, consolidating security inspection and network address translation into a single component while maintaining comprehensive security for containerized workloads.
Granular Kubernetes Security with Traffic Steering Inspection
Released in August
Protect your containerized applications with precision through namespace-level traffic steering, a capability that refines security controls beyond all-or-nothing traffic inspection. You can now selectively choose which traffic flows to inspect or bypass based on CIDR ranges within individual Kubernetes namespaces. This addresses previous limitations, enabling a more optimized security posture where critical traffic is thoroughly examined, while known benign traffic can bypass inspection, improving performance and resource utilization without compromising security for your Kubernetes workloads.
For implementation details, refer to the deployment workflow specific to your cloud environment.
Serverless Function Discovery for Azure and AWS
Released in August
Discover and protect your serverless workloads by defining application boundaries specifically for them during cloud account onboarding in Azure and AWS environments. You can now view these discovered serverless resources on your application dashboard alongside your existing virtual machine and container workloads, enabling unified visibility across all your cloud compute types. You can then deploy firewall protection to these serverless functions through the same streamlined, Terraform-based workflow you use for other cloud assets. This enhancement ensures comprehensive security coverage for your evolving cloud-native architectures, providing consistent management and deployment for all your diverse cloud applications.
Refine Cloud Application Discovery for Enhanced Security
Released in August
Gain granular control over cloud asset discovery and application organization beyond traditional VPC boundaries using tags, subnets, and namespaces.
This feature provides enhanced application definition options during the cloud account onboarding process. It allows you to define precise application boundaries, moving beyond the limitations of Virtual Private Cloud (VPC)-based definitions. By leveraging cloud-native constructs such as tags, subnets, and namespaces, you can now accurately organize and map your applications across various compute resources, including container workloads, virtual machines, and serverless functions. This approach aligns with modern, dynamic cloud application architectures.
Deploy a VM-Series Firewall from Strata Cloud Manager for Centralized Firewall Management
Released in August
Streamline the deployment and monitoring of your security infrastructure with unified capabilities for VM-Series firewalls directly within Strata Cloud Manager. The security dashboard now consolidates threats detected by both VM-Series firewalls and the Prisma AIRS AI Runtime: Network intercept, providing a single, unified security operations experience.
You can deploy a VM-Series firewall from Strata Cloud Manager using the same workflow as the Prisma AIRS AI Runtime Network intercept to simplify and accelerate your deployment process. Enhanced application details provide clear insights into network traffic flow paths and indicate which firewall platform protects each application, displaying both the firewall serial number and firewall type (VM-Series or Prisma AIRS AI Runtime: Network intercept).
Secure Custom AI Models on Private Endpoints
Released in August
You can now extend AI security inspection to Large Language Models (LLMs) hosted on privately managed endpoints. This feature allows you to secure traffic to custom models, even when their endpoints or input/output schemas are not publicly known. By enabling this support within your AI security profile, all traffic that matches a security policy rule will be forwarded to the AI cloud service for threat inspection, regardless of whether the model is a well-known public service or a custom-built private one. This ensures comprehensive security for your entire AI ecosystem, including models deployed on private endpoints within your infrastructure.
Unified AI Security Monitoring in Panorama
Released in July
Panorama threat logs (Monitor > Threat) now include an additional AI security report tab to display comprehensive AI security threat logs forwarded by Prisma AIRS AI Runtime: Network intercept managed by Panorama. This gives you enhanced visibility into AI model protection, AI application protection, and AI data protection threats detected based on your AI security profile configurations. You can also filter logs by the `ai-security` threat type when configuring log forwarding profiles or building custom reports, enabling targeted analysis and streamlined security operations for AI-specific threats.
Multi-region support for Prisma AIRS AI Runtime: Network Intercept
Released in July
Prisma AIRS AI Runtime: Network intercept now supports deployment across multiple regions, including US, UK, India, Canada, and Singapore. This expansion allows you to deploy the AI firewalls on tenant service groups (TSG) in your preferred regions.
Streamline AWS Security: Non-Inline Traffic Visibility and Protection with AWS SLR
Released in June
Introducing Security Lifecycle Review (SLR) for AWS, providing comprehensive visibility, control, and protection without requiring the deployment of an inline firewall. The Prisma AIRS AI Runtime: Network intercept, deployed in the SLR mode, protects your inbound, outbound, and east-west traffic using mirrored traffic between the application Elastic Network Interfaces (ENIs).
To get started:
  • Onboard a cloud account in Strata Cloud Manager.
  • Generate a deployment Terraform for SLR in Strata Cloud Manager.
  • Apply Terraform in AWS to deploy Prisma AIRS: Network intercept in SLR mode.
  • Download and assess the SLR report.
  • View the SLR-generated threat logs in the Strata Cloud Manager log viewer.
Upgrade Prisma AIRS AI Runtime: Network Intercept
Released in April
Prisma AIRS: Network intercept now supports multiple upgrade paths to maintain protection against AI threats. You can update firewall images (*.aingfw) through the PAN-OS interface, CLI commands, or Panorama. The dedicated *.aingfw format ensures compatibility with Prisma AIRS environments, protecting AI workloads while simplifying security operations.
Broaden Prisma AIRS AI Runtime: Network intercept Security for Private Clouds
Released in April
Introducing Prisma AIRS AI Runtime security for private clouds. Secure your AI workloads on private clouds such as ESXi and KVM-based servers, interacting with public cloud LLM models.
You can manually deploy and bootstrap the Prisma AIRS AI Runtime: Network intercept in private cloud environments. The firewall can be managed by Strata Cloud Manageror Panorama.
Prisma AIRS AI Runtime: Network Intercept Managed by Panorama
Released in February
You can now manage and monitor your AI firewalls with Panorama.
AI security policy and logs can also be defined and observed on Panorama. This integration allows you to leverage Panorama as the central management platform for your Prisma AIRS AI Runtime: Network intercept. All AI security threat logs are forwarded to Panorama under Monitor > Threat, providing a consolidated view of your AI security posture.

What's New in 2025 (API Intercept)

Learn what's new on Prisma AIRS AI Runtime: API intercept in 2025.

Feature
Description
Unified AI Security Logging in Strata Cloud Manager
Released in August
API scan events, including blocked threats, now integrate with the Strata Logging Service, providing a unified log viewer interface for both API-based and network-based AI security events. The Log Viewer now includes a new log type, Prisma AIRS AI Runtime Security API, which displays the scan API logs. This integration allows Security Operations Center (SOC) teams to be alerted to critical threats.
The integration also enables a powerful query builder to search and analyze scan data and supports out-of-the-box queries for analyzing threats. Log forwarding is now supported for Prisma AIRS AI Runtime: API intercept. This ensures comprehensive visibility and streamlines security operations across multiple supported regions.
For more details on the new log types and schemas, refer to the Monitor: Threat Logs and AI Security Logs section.
Enhance AI Security with India Region Support
Released in August
You can now deploy API detection services in the India region, ensuring compliance with local data residency regulations and improving performance.
When you create an deployment profile for the API intercept and associate it with a TSG, you can select your preferred region: United States, Europe (Germany), or India. This choice determines the underlying region that is used for processing and storing your data, ensuring it remains within the selected region. A separate, region-specific API endpoint is provided for India. This deployment includes all Prisma AIRS AI Runtime: API intercept services and routes detection requests to the nearest APAC-based region for each respective service, reducing latency and data transfer costs.
Secure AI Applications: Malicious Code Extraction from Plain Text
Released in July
This new capability enables the detection of malicious code embedded directly in plain-text fields of API prompts or responses, operating across both synchronous and asynchronous scan services. This means that even if malicious code isn't in a traditional file format, the platform can still identify and analyze it. To detect malicious code, you can send the malicious code in plain text in the API “prompt” or “response” fields.
As AI applications become more integrated, the risk of malicious code injection through user input or model responses increases. This feature helps safeguard your AI models and applications by providing a layer of defense against such threats, even when the code is embedded in formats other than traditional files.
For more details on securing AI applications, refer to the Prisma AIRS API documentation.
Strengthen Threat Analysis with User IP Data
Released in July
You can now include the end user's IP address in both synchronous and asynchronous scan requests to enhance threat correlation and incident response capabilities. A new user_ip field has been added to the scan request metadata schema, allowing you to incorporate the originating IP address of the end user in both synchronous and asynchronous scan requests. The user_ip field provides crucial context for security analysis. Understanding the source IP address of an end user involved in a scan significantly enhances your ability to correlate threats and streamline incident response.
Accelerate Python Application Security with Prisma AIRS SDK
Released in May
Introducing the Prisma AIRS API Python SDK, a powerful tool that seamlessly integrates advanced AI security scanning into Python applications. It supports Python versions 3.9 through 3.13, it offers synchronous and asynchronous scanning, robust error handling, and configurable retry strategies.
This SDK empowers developers to “shift left” security, embedding real-time AI-powered threat detection and prevention directly into their Python applications. By providing a streamlined interface for scanning prompts and responses for malicious content, data leaks, and other threats, it helps secure your AI models, data, and applications from the ground up.
Global AI Security: European Region Support
Released in May
You can now use Strata Cloud Manager to manage the API detection services hosted in the EU (Germany) region.
Create a deployment profile for AI Runtime Security: Network intercept with a US or EU (Germany) region, onboard a cloud account, and deploy the firewall in your cloud environment.
The following are the API endpoints you can use to send scan requests to Prisma AIRS APIs, based on the region you selected while creating the AI Runtime Security: API Intercept deployment profile:
Enhanced Data Privacy: Automatic Sensitive Data Masking in API Payloads
Released in May
Automatic detection and masking of sensitive data patterns are now available in the scan API output, which scans the prompts and responses in LLMs. This feature replaces sensitive information such as Social Security Numbers and bank account details with "X" characters while maintaining the original text length. API scan logs indicate sensitive content with the new “Content Masked” column.
As LLMs become more prevalent, the risk of inadvertently exposing sensitive data increases. This automatic masking capability enhances data privacy and maintains compliance with data protection regulations.
Protect AI Agents on Low-Code/No-Code Platforms
Released in May
You can now protect and monitor AI agents against unauthorized actions and system manipulation. This feature extends security to AI agents developed on low-code/no-code platforms, like Microsoft Copilot Studio, AWS Bedrock, GCP Vertex AI, and VoiceFlow, as well as custom workflows. As AI agents become more prevalent, they introduce new attack surfaces. This protection is crucial for ensuring the integrity and secure operation of your AI agents, regardless of how the agents were developed.
To secure your AI agents:
  • Onboard an API intercept profile by defining applications and configuring an AI agent framework.
  • Create or update an API security profile by enabling AI Agent Protection.
  • Configure the Agent Framework in the Manage Applications settings.
  • Trigger scan APIs against your API security profile to detect AI agent threats in scan results.
  • API scan logs in Strata Cloud Manager summarize the threat logs.
Validate LLMs Outputs: Ensure Contextual Grounding
Released in May
You can now enable Contextual Grounding detection in your LLM response, which detects responses that contain information not present in or contradicting the provided context. This feature works by comparing the LLM's generated output against a defined input context. If the response includes information that wasn't supplied in the context or directly contradicts it, the detection flags these inconsistencies, helping to identify potential hallucinations or factual inaccuracies.
Ensuring that LLM responses are grounded in the provided context is critical for applications where factual accuracy and reliability are paramount. By enabling contextual grounding, you can improve trustworthiness, reduce errors and risks, and enhance control over the LLM's behavior.
Define AI Content Boundaries with Custom Topic Guardrails
Released in May
You can enable the Custom Topic Guardrails detection service to identify a topic violation in the given prompt or response. This feature allows you to define specific topics that must be allowed or blocked within the prompts and responses processed by your LLM models. The system then monitors content for violations of these defined boundaries, ensuring that interactions with your LLMs stay within acceptable or designated subject matter.
Custom Topic Guardrails provide granular control over the content your AI models handle, offering crucial protection against various risks. For example, you can prevent misuse, maintain brand integrity, ensure compliance, and enhance the focus of the LLM's outputs.
Configure topic guardrails:
  • Create custom topics.
  • Configure API Security Profile to enable Custom Topic Guardrails, and add the topics that must be allowed or blocked in the prompt/response.
    Add custom topic guardrails to detect and block content that violates your configured topic policies.
  • Trigger scan APIs with a custom topic guardrails API security profile to detect and block content that violates your configured topic policies.
  • View API scan logs for benign and threat detections for your API security profile.
Strengthen AI Applications: Malicious Code Detection in LLM Outputs
Released in March
AI Security Profile Customization
  • AI Application Protection now includes Malicious Code Detection, which analyzes code snippets generated by Large Language Models (LLMs) to identify potential security threats. The feature supports scanning for malicious code in Javascript, Python, VBScript, Powershell, Batch, Shell, and Perl. You can enable this protection by updating the API Security Profile.
    This feature is vital for preventing supply chain attacks, enhancing application security, maintaining code integrity, and mitigating AI risks in the deployment and utilization of generative AI.
Secure LLMs Against Inappropriate Content: Toxic Content Detection
Released in March
AI Security Profile Customization
  • AI Model Protection:
    Added Toxic Content Detection in LLM model requests and responses to protect the models from generating or responding to inappropriate content. Toxic content includes references to hateful, sexual, violent, or profane themes. Malicious threat actors can easily bypass the LLM guardrails against toxic content through direct or indirect prompt injection.
    Enable this detection by updating the API security profile. For details on using the scan APIs refer to the API reference documentation.
Fine-Tune API Security with Flexible Profile Customizations
Released in January
  1. You can now manage Applications, API Keys, and Security Profiles from within your Strata Cloud Manager API dashboard. This allows you to create and manage multiple API keys, define and manage applications, and create and manage AI API security profiles and their revisions.
  2. API Security Profile Customizations include:
    • AI Application Protection: Enhanced the application security with advanced options for URL filtering with custom allow and block lists for the predefined URL security categories.
    • AI Data Protection: Expanded data loss prevention (DLP) profile selection - You can now define your custom DLP profiles for AI security.
    • Database Security Detection: Enable database security detection to regulate database security threats in the prompt or response. This feature allows you to allow or block malicious SQL queries, preventing unauthorized actions on your database. (For detailed instructions on implementing this feature and using the scan APIs, refer the Prisma AIRS API overview section).