Defend: Create and Configure API Security Profile

1. When onboarding for the first time, ensure you Onboard Prisma AIRS API in Strata Cloud Manager.
2. To update an existing API security profile, navigate to AI Security API Applications or AI Sessions.

   1. In the top right corner, click Manage and select Security Profiles.
3. To create a new security profile or update an existing one, select Create Security profile and follow the below configurations:

   1. Enter a Security Profile Name.
   2. Select the following protections with Allow or Block actions:

      Protection Type	Configurations
      AI Model Protection	Enable Prompt Injection Detection and set it to Allow or Block. Contextual Grounding: Enable this detection and set the action to Allow or Block. This detection protects enterprise AI models that use AI to summarize context from various data sources, as the detections helps prevent hallucinations. It addresses the risk in AI model responses containing information not present in or contradicting the provided context. Contextual grounding detection service evaluates model responses based on the following criteria: The output contains factual information that was not present in the provided context. The output includes factual information that contradicts information in the context. Each piece of content evaluated receives a "grounded" or "ungrounded" verdict. Content is "grounded" when it aligns with information provided in the context, and "ungrounded" when it contains factual information not present in or contradicting the given context. This detection is only available for the response received from the LLM models, not the request. The scan API needs an input prompt, response, and "context" parameter, containing the reference information provided to the LLM model against which grounding is evaluated. Enable Custom Topic Guardrails with Allow or Block actions. Add Allowed Topic: Add topics that should be allowed in prompts and responses. Add Blocked Topic: Add topics to be blocked in prompts and responses. The custom topic guardrails detection service identifies a topic violation in the given prompt or response. A topic violation indicates if the prompt/response contains content that violates the topic guardrails you configured while creating the custom topics. Enable Toxic Content Detection in LLM model requests or responses. This feature helps protect the LLM models from generating or responding to inappropriate content. The actions include Allow or Block, with the following severity levels: Moderate: Content that may be considered toxic, but may have some ambiguity. The default value is Allow. High: Content that is toxic with little to no ambiguity. The default value is Allow. Toxic content includes references to hate speech, sexual content, violence, criminal actions, regulated substances, self-harm, and profanity. Malicious threat actors can easily bypass the LLM guardrails against toxic content through direct or indirect prompt injection. Refer to the API reference docs to trigger the scan APIs against this API security profile. The reference docs include details on the request and response report with sample use cases.
      AI Application Protection	Enable Malicious Code Detection This feature analyzes code snippets generated by Large Language Models (LLMs) and identifies potential security threats. Malicious Code Detection scans for and identifies command injection scripts within prompts, response, and MCP content. You should enable this protection if you are using agent tools, MCP servers, or code generation applications where input could contain embedded commands. Prisma AIRS extracts snippets of code from content and analyzes those snippets to identify command injections patterns. Set the action to Block to prevent the execution of potentially malicious code or set it to Allow to ignore the “malicious” verdict if needed. To test your LLMs, trigger a scan API with a response containing malicious code for supported languages (JavaScript, Python, VBScript, Powershell, Batch, Shell, and Perl). The system provides a verdict on the code snippet and generates a detailed report with SHA-256, file type, known verdict, code action, and malware analysis. Enable Malicious URL Detection Basic: Enable the Malicious URL Detection in a prompt or AI model response and set the action to Allow or Block. This is to detect the predefined malicious categories. Advanced: Provide URL security exceptions: The default action (Allow or Block) is applied to all the predefined URL security categories. In the URL Security Exceptions table, you can override the default behavior by specifying actions for individual URL categories. Select the plus (+) icon to add the predefined URL categories and set an action for each. Refer to the API reference docs to trigger the scan APIs with the intended detections. Also, generate the reports with the report ID and scan ID displayed in the output snippet.
      AI Data Protection	Enable Sensitive Data Detection to scan the prompt and/or response for sensitive data such as bank account numbers, credit card numbers, API keys, and other sensitive data, to detect potential data exposure threats. Enable sensitive data protection with Basic or Advanced options. Basic: Enable sensitive DLP protection for predefined data patterns with Allow or Block action. Masking Sensitive Data: Enable this detection to mask sensitive data patterns in the API output response, which scans the LLM prompt and responses. To mask sensitive data, enable Sensitive Data Detection with the Block action in your API security profile. Masking sensitive data replaces sensitive information, such as Social Security Numbers and bank account details, with "X" characters equivalent to the original text length. Masking the sensitive data feature is only available for a basic DLP profile and only when you select the Block action for sensitive data detection in the API security profile. Advanced: Select the predefined or custom DLP profile. The drop-down list shows your custom DLP profiles and all the DLP profiles linked to the tenant service group (TSG) associated with your Prisma AIRS API deployment profile. Navigate to Manage > Configuration > Data Loss Preventions > Data Profiles to create a new DLP profile (Add a data profile). The prompts and responses will be run against this DLP profile attached to the AI security profile, and action (allow or block) will be taken based on the output of the DLP profile. Enable Database Security Detection: This detection is for AI applications using genAI to generate database queries and regulate the types of queries generated. Set an Allow or Block action on the database queries (Create, Read, Update, and Delete) to prevent unauthorized actions. Refer to the API reference docs to trigger the scan APIs against this API security profile. The reference docs include details on the request and response report with sample use cases.
      AI Agent Protection	Enable AI Agent Protection with an Allow or Block action. This detection secures low-code/no-code AI agents by detecting threats, such as attempts to leak function schema, invoke tools directly, or manipulate memory. When a threat is detected, the system takes the action you've configured, allowing or blocking the request. If you enable AI Agent Protection without configuring an AI Agent framework in your application definition, then the AI Agent detection service only enables model-based protections and not the patterns. Refer to the API reference docs to trigger the scan APIs against this API Security profile with the intended detections.

      You can use a single API key to manage multiple AI security profiles for testing.
   3. Latency Configuration: Define acceptable API response times by setting a latency threshold in seconds. This threshold will determine when API responses exceed the permissible limit, impacting how quickly threats are detected and actions are executed. You can set the action to Allow or Block when the latency threshold exceeds.
   4. Create Profile.