The overlay routing feature eliminates traffic hairpinning by enabling direct egress from Prisma AIRS AI Runtime: Network intercept to next-hop destinations, like the Internet Gateway (IGW) and NAT Gateways. This prevents double inspection of traffic, reducing latency, bandwidth utilization, and resource consumption. Prisma AIRS can now function as a NAT gateway, consolidating security inspection and network address translation into a single component while maintaining comprehensive security for containerized workloads.

For details refer to the Deploy Prisma AIRS AI Runtime: Network Intercept in AWS section.

Protect your containerized applications with precision through namespace-level traffic steering, a capability that refines security controls beyond all-or-nothing traffic inspection. You can now selectively choose which traffic flows to inspect or bypass based on CIDR ranges within individual Kubernetes namespaces. This addresses previous limitations, enabling a more optimized security posture where critical traffic is thoroughly examined, while known benign traffic can bypass inspection, improving performance and resource utilization without compromising security for your Kubernetes workloads.

Gain granular control over cloud asset discovery and application organization beyond traditional VPC boundaries using tags, subnets, and namespaces.

This feature provides enhanced application definition options during the cloud account onboarding process. It allows you to define precise application boundaries, moving beyond the limitations of Virtual Private Cloud (VPC)-based definitions. By leveraging cloud-native constructs such as tags, subnets, and namespaces, you can now accurately organize and map your applications across various compute resources, including container workloads, virtual machines, and serverless functions. This approach aligns with modern, dynamic cloud application architectures.

Streamline the deployment and monitoring of your security infrastructure with unified capabilities for VM-Series firewalls directly within Strata Cloud Manager. The security dashboard now consolidates threats detected by both VM-Series firewalls and the Prisma AIRS AI Runtime: Network intercept, providing a single, unified security operations experience.

You can deploy a VM-Series firewall from Strata Cloud Manager using the same workflow as the Prisma AIRS AI Runtime Network intercept to simplify and accelerate your deployment process. Enhanced application details provide clear insights into network traffic flow paths and indicate which firewall platform protects each application, displaying both the firewall serial number and firewall type (VM-Series or Prisma AIRS AI Runtime: Network intercept).

You can now extend AI security inspection to Large Language Models (LLMs) hosted on privately managed endpoints. This feature allows you to secure traffic to custom models, even when their endpoints or input/output schemas are not publicly known. By enabling this support within your AI security profile, all traffic that matches a security policy rule will be forwarded to the AI cloud service for threat inspection, regardless of whether the model is a well-known public service or a custom-built private one. This ensures comprehensive security for your entire AI ecosystem, including models deployed on private endpoints within your infrastructure.

Panorama threat logs (Monitor > Threat) now include an additional AI security report tab to display comprehensive AI security threat logs forwarded by Prisma AIRS AI Runtime: Network intercept managed by Panorama. This gives you enhanced visibility into AI model protection, AI application protection, and AI data protection threats detected based on your AI security profile configurations. You can also filter logs by the `ai-security` threat type when configuring log forwarding profiles or building custom reports, enabling targeted analysis and streamlined security operations for AI-specific threats.

Prisma AIRS AI Runtime: Network intercept now supports deployment across multiple regions, including US, UK, India, Canada, and Singapore. This expansion allows you to deploy the AI firewalls on tenant service groups (TSG) in your preferred regions.

Introducing Security Lifecycle Review (SLR) for AWS, providing comprehensive visibility, control, and protection without requiring the deployment of an inline firewall. The Prisma AIRS AI Runtime: Network intercept, deployed in the SLR mode, protects your inbound, outbound, and east-west traffic using mirrored traffic between the application Elastic Network Interfaces (ENIs).

To get started:

• Onboard a cloud account in Strata Cloud Manager.
• Generate a deployment Terraform for SLR in Strata Cloud Manager.
• Apply Terraform in AWS to deploy Prisma AIRS: Network intercept in SLR mode.
• Download and assess the SLR report.
• View the SLR-generated threat logs in the Strata Cloud Manager log viewer.

Prisma AIRS: Network intercept now supports multiple upgrade paths to maintain protection against AI threats. You can update firewall images (*.aingfw) through the PAN-OS interface, CLI commands, or Panorama. The dedicated *.aingfw format ensures compatibility with Prisma AIRS environments, protecting AI workloads while simplifying security operations.

Introducing Prisma AIRS AI Runtime security for private clouds. Secure your AI workloads on private clouds such as ESXi and KVM-based servers, interacting with public cloud LLM models.

You can manually deploy and bootstrap the Prisma AIRS AI Runtime: Network intercept in private cloud environments. The firewall can be managed by Strata Cloud Manageror Panorama.

You can now manage and monitor your AI firewalls with Panorama.

AI security policy and logs can also be defined and observed on Panorama. This integration allows you to leverage Panorama as the central management platform for your Prisma AIRS AI Runtime: Network intercept. All AI security threat logs are forwarded to Panorama under Monitor > Threat, providing a consolidated view of your AI security posture.

The Prisma AIRS® MCP server is a standalone remote server that addresses significant integration challenges in securing agentic AI applications with easy deployment. You can use this service to protect your AI applications without the complex infrastructure dependencies or extensive code changes that traditional security solutions require.

The Prisma AIRS MCP server in the Palo Alto Networks cloud environment serves as a centralized security gateway for AI agent interactions. The server validates all tool invocations through the MCP and provides real-time Threat Detection on tool inputs, outputs, and tool descriptions or schemas. The Prisma AIRS MCP server empowers you within the MCP ecosystem by delivering security-focused building blocks for AI and copilot workflows. Its universal, easy-to-integrate interface works with any MCP client, enabling AI agents to translate plain-language user requests into secure, powerful workflows.

When you implement the MCP server as a tool, you only need to specify the protocol type, URL, and API key in your configuration file to automatically scan all external MCP server calls for vulnerabilities. This minimal setup enables you to detect various threats including prompt injection, MCP context poisoning, and exposed credentials without disrupting your development workflow. The service is valuable for low-code or no-code platforms where inserting security between the AI agent and its tool calls would otherwise be challenging. You can protect your AI applications with features such as AI Application Protection, AI Model Protection, and AI Data Protection, each designed to safeguard specific aspects of your AI workflows.

The Prisma AIRS MCP server integrates with your existing API infrastructure, enabling you to view comprehensive scan logs through familiar interfaces. This integration ensures you maintain visibility into security events while simplifying your security operations.

Prisma AIRS API allows you to associate multiple applications with a single deployment profile, removing the need to create separate deployment profiles for each application.

With this feature, you can associate up to 20 applications with a single deployment profile, significantly simplifying management while maintaining consistent security policies. When creating a new application, you can either select an existing activated deployment profile or activate a new one before establishing the association. This flexibility helps you organize your applications based on shared security requirements or business functions.

You can easily modify which deployment profile an application uses through the application edit view, allowing you to adapt as your security needs evolve. The application detail and list views clearly display which deployment profile each application is linked to, providing transparency and helping you maintain proper governance. This capability is fully supported through both Strata Cloud Manager and API endpoints, enabling you to programmatically manage multiple applications per deployment profile for automation and integration scenarios.

API scan events, including blocked threats, now integrate with the Strata Logging Service, providing a unified log viewer interface for both API-based and network-based AI security events. The Log Viewer now includes a new log type, Prisma AIRS AI Runtime Security API, which displays the scan API logs. This integration allows Security Operations Center (SOC) teams to be alerted to critical threats.

The integration also enables a powerful query builder to search and analyze scan data and supports out-of-the-box queries for analyzing threats. Log forwarding is now supported for Prisma AIRS AI Runtime: API intercept. This ensures comprehensive visibility and streamlines security operations across multiple supported regions.

You can now deploy API detection services in the India region, ensuring compliance with local data residency regulations and improving performance.

This new capability enables the detection of malicious code embedded directly in plain-text fields of API prompts or responses, operating across both synchronous and asynchronous scan services. This means that even if malicious code isn't in a traditional file format, the platform can still identify and analyze it. To detect malicious code, you can send the malicious code in plain text in the API “prompt” or “response” fields.

As AI applications become more integrated, the risk of malicious code injection through user input or model responses increases. This feature helps safeguard your AI models and applications by providing a layer of defense against such threats, even when the code is embedded in formats other than traditional files.

For more details on securing AI applications, refer to the Prisma AIRS API documentation.

You can now include the end user's IP address in both synchronous and asynchronous scan requests to enhance threat correlation and incident response capabilities. A new user_ip field has been added to the scan request metadata schema, allowing you to incorporate the originating IP address of the end user in both synchronous and asynchronous scan requests. The user_ip field provides crucial context for security analysis. Understanding the source IP address of an end user involved in a scan significantly enhances your ability to correlate threats and streamline incident response.

Introducing the Prisma AIRS API Python SDK, a powerful tool that seamlessly integrates advanced AI security scanning into Python applications. It supports Python versions 3.9 through 3.13, it offers synchronous and asynchronous scanning, robust error handling, and configurable retry strategies.

This SDK empowers developers to “shift left” security, embedding real-time AI-powered threat detection and prevention directly into their Python applications. By providing a streamlined interface for scanning prompts and responses for malicious content, data leaks, and other threats, it helps secure your AI models, data, and applications from the ground up.

You can now use Strata Cloud Manager to manage the API detection services hosted in the EU (Germany) region.

Create a deployment profile for AI Runtime Security: Network intercept with a US or EU (Germany) region, onboard a cloud account, and deploy the firewall in your cloud environment.

The following are the API endpoints you can use to send scan requests to Prisma AIRS APIs, based on the region you selected while creating the AI Runtime Security: API Intercept deployment profile:

• US: https://service.api.aisecurity.paloaltonetworks.com
• EU (Germany): https://service-de.api.aisecurity.paloaltonetworks.com

Automatic detection and masking of sensitive data patterns are now available in the scan API output, which scans the prompts and responses in LLMs. This feature replaces sensitive information such as Social Security Numbers and bank account details with "X" characters while maintaining the original text length. API scan logs indicate sensitive content with the new “Content Masked” column.

As LLMs become more prevalent, the risk of inadvertently exposing sensitive data increases. This automatic masking capability enhances data privacy and maintains compliance with data protection regulations.

To secure your AI agents:

• Onboard an API intercept profile by defining applications and configuring an AI agent framework.
• Create or update an API security profile by enabling AI Agent Protection.
• Configure the Agent Framework in the Manage Applications settings.
• Trigger scan APIs against your API security profile to detect AI agent threats in scan results.
• API scan logs in Strata Cloud Manager summarize the threat logs.

You can now enable Contextual Grounding detection in your LLM response, which detects responses that contain information not present in or contradicting the provided context. This feature works by comparing the LLM's generated output against a defined input context. If the response includes information that wasn't supplied in the context or directly contradicts it, the detection flags these inconsistencies, helping to identify potential hallucinations or factual inaccuracies.

Ensuring that LLM responses are grounded in the provided context is critical for applications where factual accuracy and reliability are paramount. By enabling contextual grounding, you can improve trustworthiness, reduce errors and risks, and enhance control over the LLM's behavior.

You can enable the Custom Topic Guardrails detection service to identify a topic violation in the given prompt or response. This feature allows you to define specific topics that must be allowed or blocked within the prompts and responses processed by your LLM models. The system then monitors content for violations of these defined boundaries, ensuring that interactions with your LLMs stay within acceptable or designated subject matter.

Custom Topic Guardrails provide granular control over the content your AI models handle, offering crucial protection against various risks. For example, you can prevent misuse, maintain brand integrity, ensure compliance, and enhance the focus of the LLM's outputs.

Configure topic guardrails:

• Create custom topics.
• Configure API Security Profile to enable Custom Topic Guardrails, and add the topics that must be allowed or blocked in the prompt/response.
  Add custom topic guardrails to detect and block content that violates your configured topic policies.
• Trigger scan APIs with a custom topic guardrails API security profile to detect and block content that violates your configured topic policies.
• View API scan logs for benign and threat detections for your API security profile.