> ## Documentation Index
> Fetch the complete documentation index at: https://docs.portkey.ai/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Palo Alto Networks Prisma AIRS

> Comprehensive AI security platform providing runtime protection against prompt injections, data leakage, and AI-specific threats

[Palo Alto Networks Prisma AIRS™](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security) is a purpose-built, centralized security platform that protects your entire AI ecosystem. It provides comprehensive protection for AI applications, models, data, and agents through real-time threat detection and inline security enforcement across all OSI layers (1-7).

Prisma AIRS offers two protection modes:

* **Network Intercept**: Real-time, inline protection for cloud network architectures
* **API Intercept**: Security-as-Code embedded directly into your applications

To get started with Prisma AIRS, visit their documentation:

<Card title="Get Started with Palo Alto Networks Prisma AIRS" href="https://pan.dev/airs/" />

## Using Prisma AIRS with Portkey

### 1. Set Up Prisma AIRS

Before integrating with Portkey:

* Onboard and activate Prisma AIRS in Strata Cloud Manager
* Create security profiles with your desired threat detection rules
* Note your Profile Name - you'll need this for Portkey configuration

### 2. Add Prisma AIRS Credentials to Portkey

* Navigate to the `Integrations` page under `Settings`
* Click on the edit button for the Palo Alto Networks Prisma AIRS integration
* Add your Prisma AIRS credentials (API keys from Strata Cloud Manager)

### 3. Add Prisma AIRS Guardrail Check

* Navigate to the `Guardrails` page and click the `Create` button
* Search for "PANW Prisma AIRS Guardrail" and click `Add`
* Configure the guardrail parameters:
  * **Profile Name** (required): Enter the security profile name from your Prisma AIRS configuration
  * **AI Model**: Specify the AI model identifier (optional)
  * **App User**: Specify the application user context (optional)
* Set any `actions` you want on your check, and create the Guardrail!

<Note>
  Guardrail Actions allow you to orchestrate your guardrails logic. You can learn more about them [here](/product/guardrails#there-are-6-types-of-guardrail-actions)
</Note>

| Check Name                 | Description                                                                                    | Parameters                                                                  | Supported Hooks                         |
| -------------------------- | ---------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------- | --------------------------------------- |
| PANW Prisma AIRS Guardrail | Blocks prompt/response when Palo Alto Networks Prisma AI Runtime Security returns action=block | `Profile Name` (string, required), `AI Model` (string), `App User` (string) | `beforeRequestHook`, `afterRequestHook` |

### 4. Add Guardrail ID to a Config and Make Your Request

* When you save a Guardrail, you'll get an associated Guardrail ID - add this ID to the `input_guardrails` or `output_guardrails` params in your Portkey Config
* Create these Configs in Portkey UI, save them, and get an associated Config ID to attach to your requests. [More here](/product/ai-gateway/configs).

Here's an example config:

```json theme={"system"}
{
  "input_guardrails": ["guardrails-id-xxx", "guardrails-id-yyy"],
  "output_guardrails": ["guardrails-id-xxx", "guardrails-id-yyy"]
}
```

<Tabs>
  <Tab title="NodeJS">
    ```js theme={"system"}
    const portkey = new Portkey({
        apiKey: "PORTKEY_API_KEY",
        config: "pc-***" // Supports a string config id or a config object
    });
    ```
  </Tab>

  <Tab title="Python">
    ```py theme={"system"}
    portkey = Portkey(
        api_key="PORTKEY_API_KEY",
        config="pc-***" # Supports a string config id or a config object
    )
    ```
  </Tab>

  <Tab title="OpenAI NodeJS">
    ```js theme={"system"}
    const openai = new OpenAI({
      apiKey: 'OPENAI_API_KEY',
      baseURL: PORTKEY_GATEWAY_URL,
      defaultHeaders: createHeaders({
        apiKey: "PORTKEY_API_KEY",
        config: "CONFIG_ID"
      })
    });
    ```
  </Tab>

  <Tab title="OpenAI Python">
    ```py theme={"system"}
    client = OpenAI(
        api_key="OPENAI_API_KEY", # defaults to os.environ.get("OPENAI_API_KEY")
        base_url=PORTKEY_GATEWAY_URL,
        default_headers=createHeaders(
            provider="openai",
            api_key="PORTKEY_API_KEY", # defaults to os.environ.get("PORTKEY_API_KEY")
            config="CONFIG_ID"
        )
    )
    ```
  </Tab>

  <Tab title="cURL">
    ```sh theme={"system"}
    curl https://api.portkey.ai/v1/chat/completions \
      -H "Content-Type: application/json" \
      -H "Authorization: Bearer $OPENAI_API_KEY" \
      -H "x-portkey-api-key: $PORTKEY_API_KEY" \
      -H "x-portkey-config: $CONFIG_ID" \
      -d '{
        "model": "gpt-3.5-turbo",
        "messages": [{
            "role": "user",
            "content": "Hello!"
          }]
      }'
    ```
  </Tab>
</Tabs>

For more, refer to the [Config documentation](/product/ai-gateway/configs).

Your requests are now protected by Prisma AIRS's comprehensive AI security capabilities, and you can see the verdict and any actions taken directly in your Portkey logs!

## What Prisma AIRS Protects Against

Prisma AIRS provides multi-layered protection against various AI-specific threats:

### Security Threats Detected

1. **Malicious URL Detection**: Detects and block Malicious URLs in your LLM requests/response
2. **Prompt Injections**: Detects and blocks attempts to manipulate AI behavior through malicious prompts
3. **Sensitive Data Leakage**: Prevents PII, secrets, and confidential information from being exposed
4. **Insecure Outputs**: Blocks responses containing malware, malicious URLs, or harmful content
5. **Model DoS Attacks**: Protects against attempts to overwhelm or disable AI models
6. **Jailbreak Attempts**: Identifies and prevents attempts to bypass AI safety mechanisms
7. **Toxic Content**: Filters harmful, offensive, or inappropriate content

***

## Best Practices

1. **Profile Configuration**: Create different security profiles in Prisma AIRS for different use cases (development, staging, production)
2. **Context Awareness**: Use the `aiModel` and `appUser` parameters to provide context for better threat detection
3. **Monitoring**: Regularly review both Portkey logs and Prisma AIRS dashboard for security insights
4. **Policy Updates**: Keep your Prisma AIRS security policies updated based on emerging threats

## Get Support

If you face any issues with the Prisma AIRS integration, reach out to:

* Portkey team on the [community forum](https://discord.gg/portkey-llms-in-prod-1143393887742861333)
* Palo Alto Networks support through your enterprise account

## Learn More

* [Palo Alto Networks Prisma AIRS Documentation](https://pan.dev/airs/)
