Prisma AIRS
What's New in 2025
Table of Contents
What's New in 2025
Learn what's new on Prisma AIRS AI Runtime in
2025.
What's New in 2025 (Network Intercept)
Learn what's new on Prisma AIRS AI Runtime: Network intercept
in 2025.
Feature |
Description
|
Overlay Routing Support for EKS Traffic
Released in August
|
The overlay routing feature eliminates traffic hairpinning by
enabling direct egress from Prisma AIRS
AI Runtime: Network intercept to next-hop destinations, like the
Internet Gateway (IGW) and NAT Gateways. This prevents double
inspection of traffic, reducing latency, bandwidth utilization,
and resource consumption. Prisma AIRS can
now function as a NAT gateway, consolidating security inspection
and network address translation into a single component while
maintaining comprehensive security for containerized
workloads.
For details refer to the Deploy Prisma AIRS AI
Runtime: Network Intercept in AWS section.
|
Granular Kubernetes Security with Traffic Steering
Inspection
Released in August
| Protect your containerized applications with
precision through namespace-level traffic steering, a capability
that refines security controls beyond all-or-nothing traffic
inspection. You can now selectively choose which traffic flows
to inspect or bypass based on CIDR ranges within individual
Kubernetes namespaces. This addresses previous limitations,
enabling a more optimized security posture where critical
traffic is thoroughly examined, while known benign traffic can
bypass inspection, improving performance and resource
utilization without compromising security for your Kubernetes
workloads. For implementation details, refer to the deployment workflow
specific to your cloud environment. |
Serverless Function Discovery for Azure and AWS
Released in August
| Discover and protect your serverless workloads by defining application boundaries specifically for them during cloud account onboarding in Azure and AWS environments. You can now view these discovered serverless resources on your application dashboard alongside your existing virtual machine and container workloads, enabling unified visibility across all your cloud compute types. You can then deploy firewall protection to these serverless functions through the same streamlined, Terraform-based workflow you use for other cloud assets. This enhancement ensures comprehensive security coverage for your evolving cloud-native architectures, providing consistent management and deployment for all your diverse cloud applications. |
Refine Cloud Application Discovery for Enhanced
Security
Released in August
|
Gain granular control over cloud asset discovery and
application organization beyond traditional VPC boundaries using
tags, subnets, and namespaces.
This feature provides enhanced application definition options
during the cloud account
onboarding process. It allows you to define precise
application boundaries, moving beyond the limitations of Virtual
Private Cloud (VPC)-based definitions. By leveraging
cloud-native constructs such as tags, subnets, and namespaces,
you can now accurately organize and map your applications across
various compute resources, including container workloads,
virtual machines, and serverless functions. This approach aligns
with modern, dynamic cloud application architectures.
|
Deploy a VM-Series Firewall from Strata Cloud
Manager for Centralized Firewall Management
Released in August
|
Streamline the deployment and monitoring of your
security infrastructure with unified capabilities for VM-Series firewalls directly within Strata Cloud Manager. The security dashboard now consolidates
threats detected by both VM-Series firewalls and
the Prisma AIRS AI Runtime: Network intercept, providing a
single, unified security operations experience.
You can deploy a VM-Series firewall
from Strata Cloud Manager using the same workflow as
the Prisma AIRS AI Runtime Network
intercept to simplify and accelerate your deployment process.
Enhanced application details provide clear insights into network
traffic flow paths and indicate which firewall platform protects
each application, displaying both the firewall serial number and
firewall type (VM-Series or Prisma AIRS AI Runtime: Network
intercept).
|
Secure Custom AI Models on Private Endpoints
Released in August
|
You can now extend AI security inspection to Large
Language Models (LLMs) hosted on privately managed endpoints.
This feature allows you to secure traffic to custom models, even
when their endpoints or input/output schemas are not publicly
known. By enabling this support within
your AI security profile, all traffic that matches a
security policy rule will be forwarded to the AI cloud service
for threat inspection, regardless of whether the model is a
well-known public service or a custom-built private one. This
ensures comprehensive security for your entire AI ecosystem,
including models deployed on private endpoints within your
infrastructure.
|
Unified AI Security Monitoring in Panorama
Released in July
|
Panorama
threat logs
(Monitor > Threat) now include an additional AI
security report tab to display comprehensive AI security threat
logs forwarded by Prisma AIRS AI Runtime:
Network intercept managed by Panorama. This gives you
enhanced visibility into AI model protection, AI application
protection, and AI data protection threats detected based on
your AI security profile configurations. You can also filter
logs by the `ai-security` threat type when configuring log
forwarding profiles or building custom reports, enabling
targeted analysis and streamlined security operations for
AI-specific threats.
|
Multi-region support for Prisma AIRS AI
Runtime: Network Intercept
Released in July
|
Prisma AIRS AI Runtime: Network intercept
now supports deployment across multiple regions, including US,
UK, India, Canada, and Singapore. This expansion allows you to
deploy the AI firewalls on tenant service groups (TSG) in your
preferred regions.
|
Streamline AWS Security: Non-Inline Traffic Visibility and
Protection with AWS SLR Released in
June |
Introducing Security Lifecycle Review
(SLR) for AWS, providing comprehensive visibility,
control, and protection without requiring the deployment of an
inline firewall. The Prisma AIRS AI
Runtime: Network intercept, deployed in the SLR mode, protects
your inbound, outbound, and east-west traffic using mirrored
traffic between the application Elastic Network Interfaces
(ENIs).
To get started:
|
Upgrade Prisma AIRS AI Runtime:
Network Intercept Released in April |
Prisma AIRS: Network intercept
now supports multiple upgrade paths to
maintain protection against AI threats. You can update firewall
images (*.aingfw) through the PAN-OS interface, CLI commands, or
Panorama. The dedicated *.aingfw format ensures
compatibility with Prisma AIRS
environments, protecting AI workloads while simplifying security
operations.
|
Broaden Prisma AIRS AI Runtime:
Network intercept Security for Private
Clouds Released in April |
Introducing Prisma AIRS AI
Runtime security for private clouds. Secure
your AI workloads on private clouds such as ESXi and KVM-based
servers, interacting with public cloud LLM models.
You can manually deploy and bootstrap the Prisma AIRS AI Runtime: Network intercept
in private cloud environments. The firewall can be managed by
Strata Cloud Manageror Panorama.
|
Prisma AIRS AI Runtime: Network
Intercept Managed by Panorama Released in
February |
You can now manage and monitor your AI firewalls with Panorama.
AI security policy and logs can also be defined and
observed on Panorama. This integration allows you to
leverage Panorama as the central management platform
for your Prisma AIRS AI Runtime: Network
intercept. All AI security threat logs are forwarded to Panorama under Monitor > Threat, providing a
consolidated view of your AI security posture.
|
What's New in 2025 (API Intercept)
Learn what's new on Prisma AIRS AI Runtime: API intercept in
2025.
Feature |
Description
|
Unified AI Security Logging in Strata Cloud Manager
Released in August
| API scan events, including blocked threats, now integrate with
the Strata Logging Service, providing a unified log
viewer interface for both API-based and network-based AI
security events. The Log Viewer now includes a new log
type, Prisma AIRS AI Runtime Security API, which displays
the scan API logs. This integration allows Security Operations
Center (SOC) teams to be alerted to critical threats. The
integration also enables a powerful query builder to search and
analyze scan data and supports out-of-the-box queries for
analyzing threats. Log forwarding is now supported for Prisma AIRS AI Runtime: API intercept.
This ensures comprehensive visibility and streamlines security
operations across multiple supported regions. For more
details on the new log types and schemas, refer to the Monitor: Threat Logs and AI
Security Logs section. |
Enhance AI Security with India Region Support
Released in August
| You can now deploy API detection services in the
India region, ensuring compliance with local data residency
regulations and improving performance. When you create an deployment
profile for the API intercept and associate it with a
TSG, you can select your preferred region: United States, Europe
(Germany), or India. This choice determines the underlying region
that is used for processing and storing your data, ensuring it
remains within the selected region. A separate, region-specific API
endpoint is provided for India. This deployment includes all Prisma AIRS AI Runtime: API intercept
services and routes detection requests to the nearest APAC-based
region for each respective service, reducing latency and data
transfer costs. |
Secure AI Applications: Malicious Code Extraction from Plain
Text
Released in July
|
This new capability enables the detection of malicious
code embedded directly in plain-text fields of API prompts or
responses, operating across both synchronous and asynchronous
scan services. This means that even if malicious code isn't in a
traditional file format, the platform can still identify and
analyze it. To detect malicious code, you can send the malicious
code in plain text in the API “prompt” or “response” fields.
As AI applications become more integrated, the risk of
malicious code injection through user input or model responses
increases. This feature helps safeguard your AI models and
applications by providing a layer of defense against such
threats, even when the code is embedded in formats other than
traditional files.
For more details on securing AI applications, refer to
the Prisma AIRS API
documentation.
|
Strengthen Threat Analysis with User IP Data
Released in July
|
You can now include the end user's IP address in both synchronous
and asynchronous scan requests to
enhance threat correlation and incident response capabilities. A
new user_ip field has been added to the scan
request metadata schema, allowing you to incorporate the
originating IP address of the end user in both synchronous and
asynchronous scan requests. The user_ip field
provides crucial context for security analysis. Understanding
the source IP address of an end user involved in a scan
significantly enhances your ability to correlate threats and
streamline incident response.
|
Accelerate Python Application Security with Prisma AIRS
SDK
Released in May
|
Introducing the Prisma AIRS API Python
SDK, a powerful tool that seamlessly integrates
advanced AI security scanning into Python applications. It
supports Python versions 3.9 through 3.13, it offers synchronous
and asynchronous scanning, robust error handling, and
configurable retry strategies.
This SDK empowers developers to “shift left” security,
embedding real-time AI-powered threat detection and prevention
directly into their Python applications. By providing a
streamlined interface for scanning prompts and responses for
malicious content, data leaks, and other threats, it helps
secure your AI models, data, and applications from the ground
up.
|
Global AI Security: European Region Support
Released in May
|
You can now use Strata Cloud Manager to manage the API detection
services hosted in the EU (Germany) region.
Create a deployment profile for AI
Runtime Security: Network intercept with a US or EU
(Germany) region, onboard a cloud account, and deploy the
firewall in your cloud environment.
The following are the API endpoints you can use to send scan
requests to Prisma AIRS APIs, based on the region you selected
while creating the AI Runtime Security: API
Intercept deployment profile:
|
Enhanced Data Privacy: Automatic Sensitive Data Masking in API
Payloads
Released in May
|
Automatic detection and masking of
sensitive data patterns are now available in the scan
API output, which scans the prompts and responses in LLMs. This
feature replaces sensitive information such as Social Security
Numbers and bank account details with "X" characters while
maintaining the original text length. API scan logs indicate
sensitive content with the new “Content Masked” column.
As LLMs become more prevalent, the risk of inadvertently exposing
sensitive data increases. This automatic masking capability
enhances data privacy and maintains compliance with data
protection regulations.
|
Protect AI Agents on Low-Code/No-Code Platforms
Released in May
| You can now protect and monitor AI
agents against unauthorized actions and system
manipulation. This feature extends security to AI agents developed
on low-code/no-code platforms, like Microsoft Copilot Studio, AWS
Bedrock, GCP Vertex AI, and VoiceFlow, as well as custom workflows.
As AI agents become more prevalent, they introduce new attack
surfaces. This protection is crucial for ensuring the integrity and
secure operation of your AI agents, regardless of how the agents
were developed. To secure your AI agents:
![]() |
Validate LLMs Outputs: Ensure Contextual Grounding
Released in May
|
You can now enable Contextual Grounding
detection in your LLM response, which detects responses that
contain information not present in or contradicting the provided
context. This feature works by comparing the LLM's generated
output against a defined input context. If the response includes
information that wasn't supplied in the context or directly
contradicts it, the detection flags these inconsistencies,
helping to identify potential hallucinations or factual
inaccuracies.
Ensuring that LLM responses are grounded in the
provided context is critical for applications where factual
accuracy and reliability are paramount. By enabling contextual
grounding, you can improve trustworthiness, reduce errors and
risks, and enhance control over the LLM's behavior.
|
Define AI Content Boundaries with Custom Topic
Guardrails
Released in May
|
You can enable the Custom Topic
Guardrails detection service to identify a topic
violation in the given prompt or response. This feature allows
you to define specific topics that must be allowed or blocked
within the prompts and responses processed by your LLM models.
The system then monitors content for violations of these defined
boundaries, ensuring that interactions with your LLMs stay
within acceptable or designated subject matter.
Custom Topic Guardrails provide granular control over
the content your AI models handle, offering crucial protection
against various risks. For example, you can prevent misuse,
maintain brand integrity, ensure compliance, and enhance the
focus of the LLM's outputs.
Configure topic guardrails:
![]() |
Strengthen AI Applications: Malicious Code Detection in LLM
Outputs
Released in March
|
AI Security Profile Customization
|
Secure LLMs Against Inappropriate Content: Toxic Content
Detection
Released in March
|
AI Security Profile Customization
![]() |
Fine-Tune API Security with Flexible Profile
Customizations Released in January |
|