You can apply granular security controls to containerized applications by managing traffic inspection at the individual Kubernetes namespace level, moving beyond an all-or-nothing approach. You can selectively inspect or bypass traffic flows based on CIDR ranges within specific namespaces. This provides an optimized security posture where critical traffic is thoroughly examined, while known benign traffic can bypass inspection. This selective approach helps improve performance and resource utilization without compromising security for your Kubernetes workloads. This enhancement strengthens security for your containerized applications, enabling more efficient and effective management of your security posture across diverse Kubernetes workloads.

Protect your serverless resources in Azure or AWS environments by defining security boundaries for them during cloud account onboarding. Once defined, these newly discovered serverless functions become visible on your application dashboard, integrating with your existing virtual machine and container workloads for a unified view of your entire cloud environment. This consolidation of visibility allows you to monitor and manage security for all your compute types from a single location.

The platform uses the same streamlined workflow you already use for other cloud assets. By extending this workflow to serverless functions, you can consistently deploy firewall protection, ensuring comprehensive security coverage as your cloud-native architectures evolve. This approach provides a repeatable, automated way to secure your dynamic cloud applications, helping to maintain a strong security posture without the need for manual, per-resource configurations. The integration of serverless resources into the centralized dashboard simplifies management and helps you quickly identify and protect newly deployed functions.

Gain granular control over cloud asset discovery and application organization using tags, subnets, and namespaces. This feature allows you to define precise application boundaries during cloud account onboarding, aligning with modern, dynamic cloud architectures. This feature provides enhanced application definition options during the cloud account onboarding process.

You can now deploy and manage VM-Series firewalls directly from Strata Cloud Manager, which streamlines the deployment and monitoring of your entire security infrastructure from a single, unified interface. This centralized dashboard within Strata Cloud Manager consolidates threats detected by both VM-Series firewalls and Prisma AIRS AI Runtime: Network Intercept, giving you a unified view of your security operations.

You can also use the same streamlined workflow to deploy a VM-Series firewall as you would for other cloud assets. This capability helps you to accelerate your deployment processes and ensures consistent protection. Enhanced application details provide clear insights into network traffic flow paths, showing which firewall platform protects each application and displaying the firewall serial number and type (VM-Series or Prisma AIRS AI Runtime: Network Intercept).

You can extend AI security inspection to LLMs hosted on privately managed endpoints or input/output schemas that are not publicly known. By enabling this support within your AI security profile, all traffic that matches a security policy rule is forwarded to the AI cloud service for threat inspection, regardless of whether the model is a well-known public service or a custom-built private one. This ensures comprehensive security for your entire AI ecosystem.

The new AI security profile inspects and secures the AI traffic between AI applications and LLM models passing through Prisma AIRS: Network intercept that are managed by Strata Cloud Manager or Panorama. This profile protects against threats such as prompt injections and sensitive data leakage.

Gain enhanced visibility into AI-specific threats through an additional AI security report that displays comprehensive AI security threat logs forwarded by Prisma AIRS Network intercept. This gives you enhanced visibility into AI model protection, AI application protection, and AI data protection threats detected based on your AI security profile configurations. You can also filter logs by the `ai-security` threat type when configuring log forwarding profiles or building custom reports, enabling targeted analysis and streamlined security operations for AI-specific threats.

Prisma AIRS AI Runtime: Network intercept now supports deployment across multiple regions, including US, UK, India, Canada, and Singapore. This expansion enables you to deploy the Prisma AIRS AI Runtime: Network intercepts on tenant service groups (TSG) in your preferred regions.

Gain comprehensive visibility, control, and protection for your AWS environment without deployment of an inline firewall. The Security Lifecycle Review (SLR) for AWS, within AI Runtime Security: Network intercept when deployed in the SLR mode, protects your inbound, outbound, and east-west traffic using mirrored traffic between the application Elastic Network Interfaces (ENIs). This non-inline deployment method allows security monitoring and enforcement without altering the existing data path. The platform can generate detailed reports and threat logs based on this analyzed traffic, providing insights into potential security incidents.

By leveraging mirrored traffic, you gain crucial threat detection and prevention capabilities for all directions of traffic flow, without the need to re-architect your network or introduce latency associated with inline deployments. This simplifies security operations while enhancing your ability to identify and respond to threats effectively, all while maintaining the agility of your cloud environment.

You can now upgrade your Prisma® AIRS™ AI Runtime: Network Intercept to maintain protection against AI-specific threats. The platform now supports multiple upgrade paths, providing flexibility and ensuring continuous security.

The firewall image format, with a *.aingfw extension, ensures compatibility specifically with the Prisma AIRS environment. This dedicated *.aingfw format ensures compatibility with Prisma AIRS environments protecting AI workloads while simplifying security operations.

You can secure and monitor AI workloads that are deployed in private clouds, such as those built on ESXi and KVM servers. This capability extends protection to your AI applications and models even when they interact with public cloud Large Language Model (LLM) providers. By protecting the traffic between your private cloud workloads and external LLMs, you can safeguard against data exfiltration, prompt injection, and other threats specific to AI interactions. This functionality is essential for organizations with hybrid cloud strategies. It ensures that security is not a barrier to leveraging AI, allowing you to maintain control and visibility over your AI ecosystem regardless of where your data and applications are located.

To enable this, the Prisma AIRS™ AI Runtime: Network intercept can be manually deployed and bootstrapped in your private cloud environment. This deployment provides a crucial security layer for AI workloads that reside outside of public cloud infrastructure. Once deployed, the firewall can be centrally managed by either Strata™ Cloud Manager or Panorama, allowing for consistent policy enforcement and monitoring across your entire network.