OWASP AI Runtime Security Coverage
Focus
Focus
AI Runtime Security

OWASP AI Runtime Security Coverage

Table of Contents

OWASP AI Runtime Security Coverage

Detect and secure AI network security threats.
Use AI Runtime Security instance to detect malicious threats and secure your environment against OWASP top 10 LLM Applications threats.
On this page, you'll create an AI security profile, attach it to a security profile group, and then add this profile group to a security policy rule to enforce a custom policy for all the security profiles in the group.
Licensing Capacity Limit: Limited to processing up to 10K AI transactions per day per vCPU of AI Runtime Security instance.
Where Can I Use This?What Do I Need?
  • AI Runtime Security
  1. Log in to SCM.
  2. Select Manage → Configuration → NGFW and Prisma Access.
  3. From the top menu, select Security Services → AI Security.
  4. Select Add Profile.
    Enter a Name and a Description.
  5. Select Add Model Group and configure the following protections:
    • AI applications security to protect against malicious URLs.
    • AI model protections to protect against Prompt Injections.
    • AI data protection to prevent data leakage to and from AI models. Import one of the predefined or custom Enterprise DLP profiles.
    The URL security feature inspects both AI model input and output for URLs, categorizing each detected URL. You can set a default action for URLs and define exceptions. For example, set the default action to "Allow" and block specific categories like "Malware" and "Grayware."
    See Create Model Groups for Customized Protections for detailed steps.
  6. Select Manage → Configuration → NGFW and Prisma Access → Security Services → Profile Groups → Add Profile Group and add the AI security profile to this group. See Security Profile Groups.
  7. Create a Security Policy Rule to detect the OWASP top 10 LLM Applications threats such as Prompt Injection and Data Leaks.
    1. In Profile Group tab, select and add the AI Security profile group that you configured earlier.
  8. Select Incidents & Alerts → Log Viewer.
    • Select Firewall/AI Security.
    • Review the logs to see the traffic blocked according to your AI Security profile name.
    • Analyze log entries for `ai-model-protection`, `ai-data-protection`, and `ai-application-protection`.