The overlay routing feature eliminates traffic hairpinning by enabling direct egress from Prisma AIRS AI Runtime: Network intercept to next-hop destinations, like the Internet Gateway (IGW) and NAT Gateways. This prevents double inspection of traffic, reducing latency, bandwidth utilization, and resource consumption. Prisma AIRS can now function as a NAT gateway, consolidating security inspection and network address translation into a single component while maintaining comprehensive security for containerized workloads.

For details refer to the Deploy Prisma AIRS AI Runtime: Network Intercept in AWS section.

Protect your containerized applications with precision through namespace-level traffic steering, a capability that refines security controls beyond all-or-nothing traffic inspection. You can now selectively choose which traffic flows to inspect or bypass based on CIDR ranges within individual Kubernetes namespaces. This addresses previous limitations, enabling a more optimized security posture where critical traffic is thoroughly examined, while known benign traffic can bypass inspection, improving performance and resource utilization without compromising security for your Kubernetes workloads.

Gain granular control over cloud asset discovery and application organization beyond traditional VPC boundaries using tags, subnets, and namespaces.

This feature provides enhanced application definition options during the cloud account onboarding process. It allows you to define precise application boundaries, moving beyond the limitations of Virtual Private Cloud (VPC)-based definitions. By leveraging cloud-native constructs such as tags, subnets, and namespaces, you can now accurately organize and map your applications across various compute resources, including container workloads, virtual machines, and serverless functions. This approach aligns with modern, dynamic cloud application architectures.

Streamline the deployment and monitoring of your security infrastructure with unified capabilities for VM-Series firewalls directly within Strata Cloud Manager. The security dashboard now consolidates threats detected by both VM-Series firewalls and the Prisma AIRS AI Runtime: Network intercept, providing a single, unified security operations experience.

You can deploy a VM-Series firewall from Strata Cloud Manager using the same workflow as the Prisma AIRS AI Runtime Network intercept to simplify and accelerate your deployment process. Enhanced application details provide clear insights into network traffic flow paths and indicate which firewall platform protects each application, displaying both the firewall serial number and firewall type (VM-Series or Prisma AIRS AI Runtime: Network intercept).

You can now extend AI security inspection to Large Language Models (LLMs) hosted on privately managed endpoints. This feature allows you to secure traffic to custom models, even when their endpoints or input/output schemas are not publicly known. By enabling this support within your AI security profile, all traffic that matches a security policy rule will be forwarded to the AI cloud service for threat inspection, regardless of whether the model is a well-known public service or a custom-built private one. This ensures comprehensive security for your entire AI ecosystem, including models deployed on private endpoints within your infrastructure.

Panorama threat logs (Monitor > Threat) now include an additional AI security report tab to display comprehensive AI security threat logs forwarded by Prisma AIRS AI Runtime: Network intercept managed by Panorama. This gives you enhanced visibility into AI model protection, AI application protection, and AI data protection threats detected based on your AI security profile configurations. You can also filter logs by the `ai-security` threat type when configuring log forwarding profiles or building custom reports, enabling targeted analysis and streamlined security operations for AI-specific threats.

Prisma AIRS AI Runtime: Network intercept now supports deployment across multiple regions, including US, UK, India, Canada, and Singapore. This expansion allows you to deploy the AI firewalls on tenant service groups (TSG) in your preferred regions.

Introducing Security Lifecycle Review (SLR) for AWS, providing comprehensive visibility, control, and protection without requiring the deployment of an inline firewall. The Prisma AIRS AI Runtime: Network intercept, deployed in the SLR mode, protects your inbound, outbound, and east-west traffic using mirrored traffic between the application Elastic Network Interfaces (ENIs).

To get started:

• Onboard a cloud account in Strata Cloud Manager.
• Generate a deployment Terraform for SLR in Strata Cloud Manager.
• Apply Terraform in AWS to deploy Prisma AIRS: Network intercept in SLR mode.
• Download and assess the SLR report.
• View the SLR-generated threat logs in the Strata Cloud Manager log viewer.

Prisma AIRS: Network intercept now supports multiple upgrade paths to maintain protection against AI threats. You can update firewall images (*.aingfw) through the PAN-OS interface, CLI commands, or Panorama. The dedicated *.aingfw format ensures compatibility with Prisma AIRS environments, protecting AI workloads while simplifying security operations.

Introducing Prisma AIRS AI Runtime security for private clouds. Secure your AI workloads on private clouds such as ESXi and KVM-based servers, interacting with public cloud LLM models.

You can manually deploy and bootstrap the Prisma AIRS AI Runtime: Network intercept in private cloud environments. The firewall can be managed by Strata Cloud Manageror Panorama.

You can now manage and monitor your AI firewalls with Panorama.

AI security policy and logs can also be defined and observed on Panorama. This integration allows you to leverage Panorama as the central management platform for your Prisma AIRS AI Runtime: Network intercept. All AI security threat logs are forwarded to Panorama under Monitor > Threat, providing a consolidated view of your AI security posture.

API scan events, including blocked threats, now integrate with the Strata Logging Service, providing a unified log viewer interface for both API-based and network-based AI security events. The Log Viewer now includes a new log type, Prisma AIRS AI Runtime Security API, which displays the scan API logs. This integration allows Security Operations Center (SOC) teams to be alerted to critical threats.

The integration also enables a powerful query builder to search and analyze scan data and supports out-of-the-box queries for analyzing threats. Log forwarding is now supported for Prisma AIRS AI Runtime: API intercept. This ensures comprehensive visibility and streamlines security operations across multiple supported regions.

You can now deploy API detection services in the India region, ensuring compliance with local data residency regulations and improving performance.

This new capability enables the detection of malicious code embedded directly in plain-text fields of API prompts or responses, operating across both synchronous and asynchronous scan services. This means that even if malicious code isn't in a traditional file format, the platform can still identify and analyze it. To detect malicious code, you can send the malicious code in plain text in the API “prompt” or “response” fields.

As AI applications become more integrated, the risk of malicious code injection through user input or model responses increases. This feature helps safeguard your AI models and applications by providing a layer of defense against such threats, even when the code is embedded in formats other than traditional files.

For more details on securing AI applications, refer to the Prisma AIRS API documentation.

You can now include the end user's IP address in both synchronous and asynchronous scan requests to enhance threat correlation and incident response capabilities. A new user_ip field has been added to the scan request metadata schema, allowing you to incorporate the originating IP address of the end user in both synchronous and asynchronous scan requests. The user_ip field provides crucial context for security analysis. Understanding the source IP address of an end user involved in a scan significantly enhances your ability to correlate threats and streamline incident response.

Introducing the Prisma AIRS API Python SDK, a powerful tool that seamlessly integrates advanced AI security scanning into Python applications. It supports Python versions 3.9 through 3.13, it offers synchronous and asynchronous scanning, robust error handling, and configurable retry strategies.

This SDK empowers developers to “shift left” security, embedding real-time AI-powered threat detection and prevention directly into their Python applications. By providing a streamlined interface for scanning prompts and responses for malicious content, data leaks, and other threats, it helps secure your AI models, data, and applications from the ground up.

You can now use Strata Cloud Manager to manage the API detection services hosted in the EU (Germany) region.

Create a deployment profile for AI Runtime Security: Network intercept with a US or EU (Germany) region, onboard a cloud account, and deploy the firewall in your cloud environment.

The following are the API endpoints you can use to send scan requests to Prisma AIRS APIs, based on the region you selected while creating the AI Runtime Security: API Intercept deployment profile:

• US: https://service.api.aisecurity.paloaltonetworks.com
• EU (Germany): https://service-de.api.aisecurity.paloaltonetworks.com

Automatic detection and masking of sensitive data patterns are now available in the scan API output, which scans the prompts and responses in LLMs. This feature replaces sensitive information such as Social Security Numbers and bank account details with "X" characters while maintaining the original text length. API scan logs indicate sensitive content with the new “Content Masked” column.

As LLMs become more prevalent, the risk of inadvertently exposing sensitive data increases. This automatic masking capability enhances data privacy and maintains compliance with data protection regulations.

To secure your AI agents:

• Onboard an API intercept profile by defining applications and configuring an AI agent framework.
• Create or update an API security profile by enabling AI Agent Protection.
• Configure the Agent Framework in the Manage Applications settings.
• Trigger scan APIs against your API security profile to detect AI agent threats in scan results.
• API scan logs in Strata Cloud Manager summarize the threat logs.

You can now enable Contextual Grounding detection in your LLM response, which detects responses that contain information not present in or contradicting the provided context. This feature works by comparing the LLM's generated output against a defined input context. If the response includes information that wasn't supplied in the context or directly contradicts it, the detection flags these inconsistencies, helping to identify potential hallucinations or factual inaccuracies.

Ensuring that LLM responses are grounded in the provided context is critical for applications where factual accuracy and reliability are paramount. By enabling contextual grounding, you can improve trustworthiness, reduce errors and risks, and enhance control over the LLM's behavior.

You can enable the Custom Topic Guardrails detection service to identify a topic violation in the given prompt or response. This feature allows you to define specific topics that must be allowed or blocked within the prompts and responses processed by your LLM models. The system then monitors content for violations of these defined boundaries, ensuring that interactions with your LLMs stay within acceptable or designated subject matter.

Custom Topic Guardrails provide granular control over the content your AI models handle, offering crucial protection against various risks. For example, you can prevent misuse, maintain brand integrity, ensure compliance, and enhance the focus of the LLM's outputs.

Configure topic guardrails:

• Create custom topics.
• Configure API Security Profile to enable Custom Topic Guardrails, and add the topics that must be allowed or blocked in the prompt/response.
  Add custom topic guardrails to detect and block content that violates your configured topic policies.
• Trigger scan APIs with a custom topic guardrails API security profile to detect and block content that violates your configured topic policies.
• View API scan logs for benign and threat detections for your API security profile.