Administration
  • Administration
  • AI Runtime Security Documentation
  • All Documentation
>
With Strata Logging Service (SLS) - AI Security Logs
Focus
Download PDF
Focus
  1. Home
  2. AI Runtime Security
  3. Administration
  4. Monitor: Threat Logs and AI Security Logs
  5. With Strata Logging Service (SLS) - AI Security Logs
Download PDF
AI Runtime Security

With Strata Logging Service (SLS) - AI Security Logs

Table of Contents

With Strata Logging Service (SLS) - AI Security Logs

View AI security logs with Strata Logging Service (SLS).
Use Firewall/AI Security logs for detailed AI-specific threat information for enhanced AI security monitoring and analysis when using SLS for log forwarding.
The AI security logs provide more information as compared to the threat logs.
Where Can I Use This?What Do I Need?
  • AI Runtime Security Log Inspection
  • Log in to Strata Cloud Manager.
  • Select Incidents and Alerts → Log Viewer.
  • Select Firewall/AI Security.
The AI security logs:
  • SLS generates the AI security logs when AI security threats are detected between AI applications and AI models.
  • Includes detailed threat snippet identification and reporting.
  • Provide in-depth threat information and reports for different protection types such as AI model protection, AI application protection, and AI data protection.
    Create an AI security profile and attach a model group with specific protections to monitor traffic between your AI models, AI applications, and AI data and detect threats.
  • Recommended for platforms with SLS for log forwarding and if you want detailed AI-specific threat information.
A log is generated for each AI security threat detected between an AI application and model. The logs are generated for prompt injections, sensitive data leakage, malicious URLs detected, and AI-generated database queries.

Traffic Details

Click on a log to view the detailed traffic logs showing general information about the AI Runtime Security. The traffic details logs include:
  • The AI model name, AI model CSP region name, AI incident type, AI incident subtype, AI security profile name, and an incident report ID for troubleshooting.
  • The logs also include the session ID, source, and destination details.
The AI security threats are categorized into AI Incident types and subtypes:
Incident TypeIncident SubtypeIncident Subtype Details
ai-model-protectionprompt-injectionNA
ai-app-protectionurl-securityURL categories detected
ai-data-protection
data-rule
database-security
Data Rule: Name of DLP profile triggered
Database Security: type of database query detected (Create, Read, Update, or Delete)
model-deniedN/A
latency-blockN/A

AI Security Report

The AI Security Report tab provides detailed information on the AI traffic and specific AI threat logs. It includes threat snippet identification and reporting. The AI Runtime Security system supports asynchronous identification of particular content snippets that trigger security detectors.
Each report includes a unique report ID to help debug logs.
  1. Model Protection:
    The model protection report displays logs for any detected prompt injection threats. The prompt injection snippet (at most 1000 characters) helps identify the trigger and can include multiple snippets for complex payloads.
  2. Application Protection:
    The application protection report shows URL categories and the specific URLs in the payload that triggered these categories
  3. Data Protection
    The data protection report lists DLP data patterns that were triggered and the masked content that caused each pattern to trigger. These logs are categorized based on low, medium, and high-severity alerts. The data protection report includes two main components:
    • Matched Data Patterns (DLP):
      • Shows matched Data Loss Prevention (DLP) data patterns that were triggered.
      • Display specific snippets of content matching DLP data patterns. Content is stored and masked based on Manage → Data Loss Prevention → Settings → Sensitive Data configuration.
      • Data pattern matches are categorized based on low, medium, and high Confidence Level.
    • Database Security:
      • Shows content containing flagged AI-generated SQL database queries.
      • If multiple SQL queries are detected in the model response, the report shows up to 10 SQL queries (each up to 1,000 characters), prioritized in the following order: Delete, Update, Create, and Read action.

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.