The AI Runtime Security provides centralized network security
posture management to discover and protect your AI and non-AI network traffic and secure
your next-generation AI models, AI applications, and AI datasets from network attack
threats such as prompt injections, sensitive data leakage, insecure output (for example,
malware and URLs), and model DoS attacks.
To defend your architecture, deploy an AI Runtime Security instance in
your network architecture.
An AI Runtime Security instance is a specific deployment of AI
Runtime Security within your cloud environment. It uses AI-powered real-time Inline
Cloud Analysis services to continuously monitor the network traffic between your AI
applications, AI models, and AI datasets to detect, mitigate, or remediate malicious
threats.
AI Runtime Security provides AI application protection, AI model protection,
and AI data protection.
AI Runtime End-to-End Security Workflow
The AI Runtime Security instance monitors both AI and non-AI traffic
within the protected workloads of your cloud environment. Its security posture
offers a comprehensive workflow covering ingress, egress, and east-west traffic.
Deployment Profile Activation on Hub
To begin with, activate your AI Runtime licenses, and create an AI runtime
deployment profile in the Palo Alto Customer Support Portal (CSP), associate it with
a TSG, and activate the cloud tenant.
Activation and Onboarding of Cloud Account in Strata Cloud
Manager
This involves configuring the cloud account in the Strata Cloud Manager
with the service account and deploying the generated Terraform in your cloud
environment. The Terraform script creates AI Runtime Security
resources and grants necessary permissions to enable asset discovery from Strata
Cloud Manager.
Discovery of Application Workloads
Following the successful activation of your account, the Strata Cloud
Manager Insights → AI
Runtime Security dashboard provides a consolidated overview of the
identified cloud assets and the network traffic pathways—between applications and AI
models, user applications to the internet, and external applications to user
applications. This interactive view assists in analyzing risks associated with
unprotected applications and evaluating potential threats.
AI Runtime Security instance Deployment in the Cloud
Deploy the AI Runtime Security instance in your cloud
environment to protect vulnerable assets and monitor network traffic flow based on
the risk analysis from the Strata Cloud Manager dashboard.
Defend with Granular Security Policies
To defend and prevent potential AI attacks create specific security
policies and push the onboarding rules and policy configuration snippets from Strata
Cloud Manager to the AI Runtime Security instance.
Define AI security profiles for application protection, AI model
protection, and data protection with capabilities for alert actions, blocking
actions, and log forwarding.
You can define security policy rules for a zone or a
Dynamic Address Group.
As AI traffic flows from VM-based applications to models, the
deployed AI Runtime Security instance connects to the cloud service to fetch
the AI traffic and threat logs.
It monitors and applies the security
rules to identify threats. Detailed logs are available for analysis in Strata
Cloud Manager under Incidents and Alerts →
Log Viewer →
Firewall/AI Security
.
Comprehensive AI Runtime Security Solution in Strata Cloud Manager
The AI Runtime Security instance provides visibility and
security insights into your cloud network architecture. The Strata Cloud Manager
Command Center dashboard provides a holistic graphical view of all the cloud assets
discovered and prioritizes the threats based on severity. The Strata Cloud Manager
dashboard helps to assess and provides actionable insights on the risky network
traffic flow between user applications, AI models, and the internet.
To secure your cloud network architecture, create an AI Runtime Security
deployment profile in CSP and onboard your cloud account in Strata Cloud Manager.
In Strata Cloud Manager, go to Insights →
AI Runtime Security and click on Get
Started.
Landscape Discovery
Discover all the cloud assets and correlate the AI network traffic
interactions between the discovered resources such as AI applications, AI models,
and AI data. The Cloud Application Command Center in Strata Cloud Manager provides
holistic runtime posture management. It summarizes the threats breakdown based on
the severity of risks and the category of the risk identified such as vulnerability
detection, URL security, and Prompt Injection.
You can further drill down into each asset discovery to assess the threat
and place an AI Runtime Security instance to protect the network traffic flow
between AI applications, AI models, and the Internet.
Deploy Protections
Deploy an AI Runtime Security instance to secure the network traffic
path between discovered assets. The protection configuration generates a Terraform
script for your cloud network architecture. Download, customize, and deploy it in
your cloud network to create the necessary resources. This allows Strata Cloud
Manager to access, discover, and monitor your protected cloud assets in real time.
See Deploy AI Runtime Security: Network Intercept in Public Clouds.
Threat Detections
The AI Network flow logs help you to detect and flag runtime malicious threats and
correlate them with cloud assets discovered in the Strata Cloud Manager Command
Center dashboard.
Traffic Protection
Defend all network transactions and prevent AI and non-AI-related network
threats by creating security policy rules. To prevent security threats, create an AI
security profile configured with AI application protection, AI model protection, and
AI data protection.
Create an AI security profile, attach this profile to a security profile
group, create a security policy, and attach this security profile group to this
policy. Push policy configurations to the AI Runtime Security instance in your AI
network architecture.
The AI Runtime Security instance enforces policy rules on
traffic and generates logs with the verdict. View threat logs filtered by AI
security threats in Strata Cloud Manager under Incidents and Alerts > Log
Viewer.
