OWASP AI Runtime Security Coverage

Log in to SCM.

Select

Manage

→ Configuration

→ NGFW and Prisma Access

.

From the top menu, select

Security Services

→ AI Security

.

Select

Add Profile

.

Enter a

Name

and a

Description

.

Select

Add Model Group

and configure the following protections:

AI applications security to protect against malicious URLs.
AI model protections to protect against Prompt Injections.
AI data protection to prevent data leakage to and from AI models. Import one of the predefined or custom Enterprise DLP profiles.

The URL security feature inspects both AI model input and output for URLs, categorizing each detected URL. You can set a default action for URLs and define exceptions. For example, set the default action to "Allow" and block specific categories like "Malware" and "Grayware."

See Create Model Groups for Customized Protections for detailed steps.

Select

Manage

→ Configuration

→ NGFW and Prisma Access

→ Security Services

→ Profile Groups

→ Add Profile Group

and add the AI security profile to this group. See

Security Profile Groups

.

Create a Security Policy Rule

to detect the OWASP top 10 LLM Applications threats such as Prompt Injection and Data Leaks.

In
Profile Group
tab, select and add the
AI Security profile group
that you configured earlier.

Select

Incidents & Alerts

→ Log Viewer

.

Select
Firewall/AI Security
.
Review the logs to see the traffic blocked according to your AI Security profile name.
Analyze log entries for `ai-model-protection`, `ai-data-protection`, and `ai-application-protection`.