Palo Alto Networks Prisma AIRS™ is a purpose-built, centralized security platform that protects your entire AI ecosystem. It provides comprehensive protection for AI applications, models, data, and agents through real-time threat detection and inline security enforcement across all OSI layers (1-7). Prisma AIRS offers two protection modes:
  • Network Intercept: Real-time, inline protection for cloud network architectures
  • API Intercept: Security-as-Code embedded directly into your applications
To get started with Prisma AIRS, visit their documentation:

Get Started with Palo Alto Networks Prisma AIRS

Using Prisma AIRS with Portkey

1. Set Up Prisma AIRS

Before integrating with Portkey:
  • Onboard and activate Prisma AIRS in Strata Cloud Manager
  • Create security profiles with your desired threat detection rules
  • Note your Profile Name - you’ll need this for Portkey configuration

2. Add Prisma AIRS Credentials to Portkey

  • Navigate to the Integrations page under Settings
  • Click on the edit button for the Palo Alto Networks Prisma AIRS integration
  • Add your Prisma AIRS credentials (API keys from Strata Cloud Manager)

3. Add Prisma AIRS Guardrail Check

  • Navigate to the Guardrails page and click the Create button
  • Search for “PANW Prisma AIRS Guardrail” and click Add
  • Configure the guardrail parameters:
    • Profile Name (required): Enter the security profile name from your Prisma AIRS configuration
    • AI Model: Specify the AI model identifier (optional)
    • App User: Specify the application user context (optional)
  • Set any actions you want on your check, and create the Guardrail!
Guardrail Actions allow you to orchestrate your guardrails logic. You can learn more about them here
Check NameDescriptionParametersSupported Hooks
PANW Prisma AIRS GuardrailBlocks prompt/response when Palo Alto Networks Prisma AI Runtime Security returns action=blockProfile Name (string, required), AI Model (string), App User (string)beforeRequestHook, afterRequestHook

4. Add Guardrail ID to a Config and Make Your Request

  • When you save a Guardrail, you’ll get an associated Guardrail ID - add this ID to the input_guardrails or output_guardrails params in your Portkey Config
  • Create these Configs in Portkey UI, save them, and get an associated Config ID to attach to your requests. More here.
Here’s an example config: 
{
  "input_guardrails": ["guardrails-id-xxx", "guardrails-id-yyy"],
  "output_guardrails": ["guardrails-id-xxx", "guardrails-id-yyy"]
}

const portkey = new Portkey({
    apiKey: "PORTKEY_API_KEY",
    config: "pc-***" // Supports a string config id or a config object
});
For more, refer to the Config documentation. Your requests are now protected by Prisma AIRS’s comprehensive AI security capabilities, and you can see the verdict and any actions taken directly in your Portkey logs!

What Prisma AIRS Protects Against

Prisma AIRS provides multi-layered protection against various AI-specific threats:

Security Threats Detected

  1. Malicious URL Detection: Detects and block Malicious URLs in your LLM requests/response
  2. Prompt Injections: Detects and blocks attempts to manipulate AI behavior through malicious prompts
  3. Sensitive Data Leakage: Prevents PII, secrets, and confidential information from being exposed
  4. Insecure Outputs: Blocks responses containing malware, malicious URLs, or harmful content
  5. Model DoS Attacks: Protects against attempts to overwhelm or disable AI models
  6. Jailbreak Attempts: Identifies and prevents attempts to bypass AI safety mechanisms
  7. Toxic Content: Filters harmful, offensive, or inappropriate content

Best Practices

  1. Profile Configuration: Create different security profiles in Prisma AIRS for different use cases (development, staging, production)
  2. Context Awareness: Use the aiModel and appUser parameters to provide context for better threat detection
  3. Monitoring: Regularly review both Portkey logs and Prisma AIRS dashboard for security insights
  4. Policy Updates: Keep your Prisma AIRS security policies updated based on emerging threats

Get Support

If you face any issues with the Prisma AIRS integration, reach out to:
  • Portkey team on the community forum
  • Palo Alto Networks support through your enterprise account

Learn More