Administration
  • Administration
  • AI Access Security Documentation
  • All Documentation
>
View the Risk Scores Assigned to GenAI Apps
Focus
Download PDF
Focus
  1. Home
  2. AI Access Security
  3. Administration
  4. View the Risk Scores Assigned to GenAI Apps
Download PDF
AI Access Security

View the Risk Scores Assigned to GenAI Apps

Table of Contents

View the Risk Scores Assigned to GenAI Apps

Application risk scores help you quickly identify risky GenAI apps, so you can take action to protect your environment.
Where Can I Use This?What Do I Need?
  • NGFW (Managed by Panorama or Strata Cloud Manager)
  • Prisma Access (Managed by Panorama or Strata Cloud Manager)
One of the following:
  • AI Access Security license
  • CASB-PA license
  • CASB-X license
To help you quickly identify the GenAI applications that pose the greatest threats to your organization, AI Access Security assigns each GenAI application a risk score. These risk scores enable you to quickly identify risky AI apps, so you can take action to protect your environment. For example, to protect your environment, you could create a policy rule to block the application. You might also choose to tag the application as Unsanctioned.
An application's risk score is between 1 (low risk) and 5 (high risk) and is based on application attributes. Some attributes are common to all SaaS applications, while a subset of attributes are unique to GenAI applications.
GenAI attributes are attributes such as the data type for user input to the application, the data type of the output generated by the application, and whether user-submitted data is used by the application to train its GenAI models. Based on GenAI attribute values, the risk score calculation determines the GenAI risk.
In addition to the GenAI attributes, the risk score calculation uses the following types of attributes to determine the application's general SaaS risk.
  • Compliance attributes, which identify whether an application adheres to various regulatory requirements and standards.
  • Identity Access Management attributes, which identify an application's authentication and access control capabilities.
  • Security and Privacy attributes, which identify product features for protecting data. This category of attributes includes attributes such as whether the application encrypts data at rest and data in transit.
A GenAI application's final risk score is a combination of the general SaaS risk (calculated from SaaS attributes) and the GenAI risk (calculated from GenAI attributes). The risk score calculation gives extra weight to the GenAI risk when determining the final risk score.
  1. Log in to Strata Cloud Manager.
  2. To navigate to the Activity Insights dashboard, select InsightsActivity Insights .
  3. Navigate to the Applications view.
  4. Locate the GenAI applications in the table. If necessary, you can filter the table to show only the GenAI applications.
    1. Add Filter and add the GenAI Application filter.
    2. Set the GenAI Application filter to TRUE.
  5. To identify the GenAI applications that pose the greatest threats, examine the risk score values in the Risk column.
    Risk ScoreMeaning
    4-5High Risk — Very likely to be a risk.
    3Medium Risk — Represents a moderate risk.
    1-2Low Risk — Unlikely to be a risk.
  6. Take action on the riskiest apps.
    For example, you can create policy rules to block these applications or tag the applications as Unsanctioned.

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.