provides centralized network security
posture management to discover and protect your AI and non-AI network traffic and secure
your next-generation AI models, AI applications, and AI datasets from network attack
threats such as prompt injections, sensitive data leakage, insecure output (for example,
malware and URLs), and model DoS attacks.
To defend your architecture, deploy an
AI Runtime Security
instance in
your network architecture.
An
AI Runtime Security
instance is a specific deployment of AI
Runtime Security within your cloud environment. It uses AI-powered real-time Inline
Cloud Analysis services to continuously monitor the network traffic between your AI
applications, AI models, and AI datasets to detect, mitigate, or remediate malicious
threats.
AI Runtime Security provides AI application protection, AI model protection,
and AI data protection.
AI Runtime End-to-End Security Workflow
The
AI Runtime Security
instance monitors both AI and non-AI traffic
within the protected workloads of your cloud environment. Its security posture
offers a comprehensive workflow covering ingress, egress, and east-west traffic.
Deployment Profile Activation on Hub
To begin with, activate your AI Runtime licenses, and create an AI runtime
deployment profile in the Palo Alto Customer Support Portal (CSP), associate it with
a TSG, and activate the cloud tenant.
Activation and Onboarding of Cloud Account in SCM
This involves configuring the cloud account in the Strata Cloud Manager
(SCM) with the service account and deploying the generated Terraform in your cloud
environment. The Terraform script creates
AI Runtime Security
resources and grants necessary permissions to enable asset discovery from SCM.
Discovery of Application Workloads
Following the successful activation of your account, the SCM
Insights
→
AI Runtime
Security
dashboard provides a consolidated overview of the
identified cloud assets and the network traffic pathways—between applications and AI
models, user applications to the internet, and external applications to user
applications. This interactive view assists in analyzing risks associated with
unprotected applications and evaluating potential threats.
AI Runtime Security instance Deployment in the Cloud
Deploy the
AI Runtime Security
instance in your cloud
environment to protect vulnerable assets and monitor network traffic flow based on
the risk analysis from the SCM dashboard.
Defend with Granular Security Policies
To defend and prevent potential AI attacks create specific security
policies and push the onboarding rules and policy configuration snippets from SCM to
the AI Runtime Security instance.
Define AI security profiles for application protection, AI model
protection, and data protection with capabilities for alert actions, blocking
actions, and log forwarding.
You can define security policy rules for a zone or a
Dynamic Address Group.
As AI traffic flows from VM-based applications to models, the
deployed AI Runtime Security instance connects to the cloud service to fetch
the AI traffic and threat logs.
It monitors and applies the security
rules to identify threats. Detailed logs are available for analysis in SCM under
Incidents and Alerts
→
Log Viewer
→
Firewall/AI Security
.
Comprehensive
AI Runtime Security
Solution in SCM
The
AI Runtime Security
instance provides visibility and
security insights into your cloud network architecture. The SCM Command Center
dashboard provides a holistic graphical view of all the cloud assets discovered and
prioritizes the threats based on severity. The SCM dashboard helps to assess and
provides actionable insights on the risky network traffic flow between user
applications, AI models, and the internet.
To secure your cloud network architecture, create an AI Runtime Security
deployment profile in CSP and onboard your cloud account in SCM.
In SCM, go to
Insights
→ AI Runtime
Security
and click on
Get Started
.
Landscape Discovery
Discover all the cloud assets and correlate the AI network traffic
interactions between the discovered resources such as AI applications, AI models,
and AI data. The Cloud Application Command Center in SCM provides holistic runtime
posture management. It summarizes the threats breakdown based on the severity of
risks and the category of the risk identified such as vulnerability detection, URL
security, and Prompt Injection.
You can further drill down into each asset discovery to assess the threat
and place an AI Runtime Security instance to protect the network traffic flow
between AI applications, AI models, and the Internet.
Deploy Protections
Deploy an
AI Runtime Security
instance to secure the network traffic
path between discovered assets. The protection configuration generates a Terraform
script for your cloud network architecture. Download, customize, and deploy it in
your cloud network to create the necessary resources. This allows SCM to access,
discover, and monitor your protected cloud assets in real time. See Deploy AI Runtime Security Instance in Public Clouds.
Threat Detections
The AI Network flow logs help you to detect and flag runtime malicious threats and
correlate them with cloud assets discovered in the SCM Command Center dashboard.
Traffic Protection
Defend all network transactions and prevent AI and non-AI-related network
threats by creating security policy rules. To prevent security threats, create an AI
security profile configured with AI application protection, AI model protection, and
AI data protection.
Create an AI security profile, attach this profile to a security profile
group, create a security policy, and attach this security profile group to this
policy. Push policy configurations to the AI Runtime Security instance in your AI
network architecture. The
AI Runtime Security
instance enforces policy rules on
traffic and generates logs with the verdict. View threat logs filtered by AI
security threats in SCM under