diff --git a/docusaurus.config.ts b/docusaurus.config.ts index 502f1f9b8..5ede13bfc 100644 --- a/docusaurus.config.ts +++ b/docusaurus.config.ts @@ -192,7 +192,7 @@ const config = { "Learn how to make the most of the PAN-OS APIs, SDKs, Expedition, Terraform, Ansible, and more.", products: [ { - label: "AI Runtime Security", + label: "Prisma AIRS", to: "#", logoClass: "panos", docs: [ @@ -204,10 +204,20 @@ const config = { ], apiDocs: [ { - to: "ai-runtime-security/scan/api/", + to: "prisma-airs/scan/api/", label: "AI Runtime Security API", icon: "api-doc", }, + { + to: "prisma-airs/airedteaming/api/", + label: "AI Red Teaming API", + icon: "api-doc", + }, + { + to: "prisma-airs/aimodelscanning/api/", + label: "AI Model Scanning", + icon: "api-doc", + }, ], }, { @@ -997,8 +1007,20 @@ const config = { sidebarOptions: { groupPathsBy: "tag", categoryLinkSource: "info" }, }, airuntimesecurity: { - specPath: "openapi-specs/ai-runtime-security/scan", - outputDir: "products/ai-runtime-security/api", + specPath: "openapi-specs/prisma-airs/scan", + outputDir: "products/prisma-airs/api/airuntimesecurity", + proxy: "https://cors.pan.dev", + sidebarOptions: { groupPathsBy: "tag", categoryLinkSource: "tag" }, + }, + airedteaming: { + specPath: "openapi-specs/prisma-airs/airedteaming", + outputDir: "products/prisma-airs/api/airedteaming", + proxy: "https://cors.pan.dev", + sidebarOptions: { groupPathsBy: "tag", categoryLinkSource: "tag" }, + }, + aimodelscanning: { + specPath: "openapi-specs/prisma-airs/aimodelscanning", + outputDir: "products/prisma-airs/api/aimodelscanning", proxy: "https://cors.pan.dev", sidebarOptions: { groupPathsBy: "tag", categoryLinkSource: "tag" }, }, diff --git a/openapi-specs/prisma-airs/aimodelscanning/aimodelscanning.yaml b/openapi-specs/prisma-airs/aimodelscanning/aimodelscanning.yaml new file mode 100644 index 000000000..97395e635 --- /dev/null +++ b/openapi-specs/prisma-airs/aimodelscanning/aimodelscanning.yaml @@ -0,0 +1,288 @@ +openapi: 3.0.3 +info: + contact: + email: https://www.paloaltonetworks.com/company/contact-support + title: AI Model Scan + description: + "This Open API spec file represents the APIs available for the AI Model Scan capabilities.\n + \nThese APIs use the bearer authentication.\n + \nTo use the APIs, you must first activate and associate a deployment profile in Customer Support Portal for AI Model Scan and then onboard in Strata Cloud Manager.\ + For licensing, onboarding, activation, and to obtain the API authentication key and profile name, refer to the AI Runtime Security documentation.\n\n + This Open API spec file was created on xxxx xx, 2025.\ + \n\n\xA9 2024 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark of Palo Alto Networks.\ + A list of our trademarks can be found at https://www.paloaltonetworks.com/company/trademarks.html. \ + All other marks mentioned herein may be trademarks of their respective companies.\n" + license: + name: Palo Alto Networks EULA + url: https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/legal/palo-alto-networks-end-user-license-agreement-eula.pdf + version: 0.0.0 + +servers: + - url: "https://api.strata.paloaltonetworks.com" + description: AI Model Scan + +tags: + - name: AI Model Scanning APIs + +paths: + /airt/model-scan/v1/url: + post: + summary: Scan Model URL + description: Scan Model URL + security: + - Bearer: [] + operationId: scan_model_url_airt_model_scan_v1_url_post + tags: + - AI Model Scanning APIs + parameters: + - name: URL + description: Hugging Face model URL to scan. You can provide a link to the HuggingFace model s card or a link to a specific commit hash. If you provide a link to the main card, the most recent version of the model will be scanned + in: query + required: true + schema: + type: string + format: string + description: Valid Hugging Face model URL to be scanned + requestBody: + content: + application/json: + schema: + $ref: "#/components/schemas/ModelUrlInput" + required: true + responses: + "200": + description: Successful Response + content: + application/json: + schema: + $ref: "#/components/schemas/ScanModelURLResponse" + "422": + description: Validation Error + content: + application/json: + schema: + $ref: "#/components/schemas/HTTPValidationError" + /airt/model-scan/v1/result: + get: + summary: Scan Model Result + security: + - Bearer: [] + operationId: scan_model_result_airt_model_scan_v1_result_get + tags: + - AI Model Scannning APIs + parameters: + - name: scan_id + in: query + required: true + schema: + type: string + title: Scan Id + responses: + "200": + description: Successful Response + content: + application/json: + schema: {} + "422": + description: Validation Error + content: + application/json: + schema: + $ref: "#/components/schemas/HTTPValidationError" + /airt/model-scan/v1/file: + post: + summary: Scan Model File + security: + - Bearer: [] + operationId: scan_model_file_airt_model_scan_v1_file_post + tags: + - AI Model Scanning APIs + requestBody: + content: + application/json: + schema: + $ref: "#/components/schemas/ModelFileInput" + required: true + responses: + "200": + description: Successful Response + content: + application/json: + schema: + $ref: "#/components/schemas/ScanModelFileResponse" + "422": + description: Validation Error + content: + application/json: + schema: + $ref: "#/components/schemas/HTTPValidationError" + /airt/simulation/v1/validate-schema: + post: + summary: Validate Schema + security: + - Bearer: [] + operationId: validate_schema_airt_simulation_v1_validate_schema_post + tags: + - AI Model Scanning APIs + requestBody: + content: + multipart/form-data: + schema: + $ref: "#/components/schemas/Body_validate_schema_airt_simulation_v1_validate_schema_post" + required: true + responses: + "200": + description: Successful Response + content: + application/json: + schema: + $ref: "#/components/schemas/SchemaValidationResponse" + "422": + description: Validation Error + content: + application/json: + schema: + $ref: "#/components/schemas/HTTPValidationError" + +components: + securitySchemes: + Bearer: + scheme: bearer + type: http + description: This is the API access token which you create with your client ID and client secret. For details, see https://pan.dev/sase/api/auth/post-auth-v-1-oauth-2-access-token/. + schemas: + Body_validate_schema_airt_simulation_v1_validate_schema_post: + properties: + endpoint_schema: + type: string + description: Endpoint Schema (YAML format) for a target endpoint + format: binary + title: Endpoint Schema + maxLength: 65536 + type: object + required: + - endpoint_schema + title: Body_validate_schema_airt_simulation_v1_validate_schema_post + HTTPValidationError: + properties: + detail: + items: + $ref: "#/components/schemas/ValidationError" + type: array + title: Detail + type: object + title: HTTPValidationError + ModelFileInput: + properties: + model_name: + type: string + description: AI model name to scan + maxLength: 128 + minLength: 1 + title: Model Name + model_version: + type: string + description: (Optional) Model version you want to scan + maxLength: 128 + minLength: 1 + title: Model Version + type: object + required: + - model_name + example: + model_name: "example-llm-model" + title: ModelFileInput + ModelUrlInput: + properties: + url: + type: string + description: Hugging Face AI model URL to scan. You can provide a link to the HuggingFace model s card or a link to a specific commit hash. If you provide a link to the main card, the most recent version of the model will be scanned + minLength: 1 + pattern: ^http + title: Url + model_name: + type: string + description: AI model name you want to scan + maxLength: 128 + minLength: 1 + title: Model Name + model_version: + type: string + description: (Optional) Model version you want to scan + maxLength: 128 + minLength: 1 + title: Model Version + type: object + required: + - url + - model_name + example: + url: "https://huggingface.co/example-model" + model_name: "example-llm-model" + title: ModelUrlInput + ScanModelFileResponse: + properties: + scan_id: + type: string + description: Scan Id obtained from create model URL response + title: Scan Id + upload_url: + type: string + title: Upload Url + status: + type: integer + title: Status + default: 1 + type: object + required: + - scan_id + - upload_url + title: ScanModelFileResponse + ScanModelURLResponse: + properties: + scan_id: + description: Scan Id obtained from create model URL response + type: string + title: Scan Id + status: + type: integer + title: Status + default: 2 + type: object + required: + - scan_id + title: ScanModelURLResponse + SchemaValidationResponse: + properties: + errors: + items: + type: string + type: array + title: Errors + default: [] + prompt: + anyOf: + - type: string + - type: "null" + title: Prompt + answer: + anyOf: + - type: string + - type: "null" + title: Answer + type: object + title: SchemaValidationResponse + ValidationError: + properties: + loc: + items: + anyOf: + - type: string + - type: integer + type: array + title: Location + msg: + type: string + title: Message + type: + type diff --git a/openapi-specs/prisma-airs/airedteaming/redteaming.yaml b/openapi-specs/prisma-airs/airedteaming/redteaming.yaml new file mode 100644 index 000000000..53d86e3dd --- /dev/null +++ b/openapi-specs/prisma-airs/airedteaming/redteaming.yaml @@ -0,0 +1,266 @@ +openapi: 3.0.3 +info: + contact: + email: https://www.paloaltonetworks.com/company/contact-support + title: AI Red Teaming + description: + "This Open API spec file represents the APIs available for the AI Red Teaming.\n + \nThese APIs use the bearer authentication.\n + \nTo use the APIs, you must first activate and associate a deployment profile in Customer Support Portal for AI Red Teaming and then onboard the API Red Teaming in Strata Cloud Manager.\ + For licensing, onboarding, activation, and to obtain the API authentication key and profile name, refer to the AI Red Teaming.\n\n + This Open API spec file was created on xxxx xx, 2025.\ + \n\n\xA9 2024 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark of Palo Alto Networks.\ + A list of our trademarks can be found at https://www.paloaltonetworks.com/company/trademarks.html. \ + All other marks mentioned herein may be trademarks of their respective companies.\n" + license: + name: Palo Alto Networks EULA + url: https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/legal/palo-alto-networks-end-user-license-agreement-eula.pdf + version: 0.0.0 + +servers: + - url: "https://api.strata.paloaltonetworks.com" + description: AI Red Teaming + +tags: + - name: AI Red Teaming APIs + +paths: + /airt/simulation/v1/create: + post: + summary: Create AI Red Teaming Simulation + description: Create AI Red Teaming simulations. To authenticate with this API, get the API access token which you create with your client ID and client secret. For details, see https://pan.dev/sase/api/auth/post-auth-v-1-oauth-2-access-token/. + security: + - Bearer: [] + operationId: create_simulation_airt_simulation_v1_create_post + tags: + - AI Red Teaming APIs + requestBody: + content: + multipart/form-data: + schema: + $ref: "#/components/schemas/Body_create_simulation_airt_simulation_v1_create_post" + required: true + responses: + "200": + description: Successful Response + content: + application/json: + schema: + $ref: "#/components/schemas/CreateSimulationResponse" + "422": + description: Validation Error + content: + application/json: + schema: + $ref: "#/components/schemas/HTTPValidationError" + /airt/simulation/v1/result: + get: + summary: Get Simulation Result + description: Create AI Red Teaming simulations. To authenticate with this API, get the API access token which you create with your client ID and client secret. For details, see https://pan.dev/sase/api/auth/post-auth-v-1-oauth-2-access-token/. + security: + - Bearer: [] + operationId: get_simulation_result_airt_simulation_v1_result_get + tags: + - AI Red Teaming APIs + parameters: + - name: simulation_id + in: query + required: true + schema: + type: string + description: Simulation Id from the create simulation request + title: Simulation Id + - name: return_all + in: query + required: false + schema: + type: boolean + default: false + title: Return All + responses: + "200": + description: Successful Response + content: + application/json: + schema: + $ref: "#/components/schemas/GetSimulationResultResponse" + "422": + description: Validation Error + content: + application/json: + schema: + $ref: "#/components/schemas/HTTPValidationError" + /airt/simulation/v1/get-all: + get: + summary: Get All Simulations + description: Get all AI Red Teaming simulation results. To authenticate with this API, get the API access token which you create with your client ID and client secret. For details, see https://pan.dev/sase/api/auth/post-auth-v-1-oauth-2-access-token/. + security: + - Bearer: [] + operationId: get_all_simulations_airt_simulation_v1_get_all_get + tags: + - AI Red Teaming APIs + responses: + "200": + description: Successful Response + content: + application/json: + schema: {} + +components: + securitySchemes: + Bearer: + scheme: bearer + type: http + description: This is the API access token which you create with your client ID and client secret. For details, see https://pan.dev/sase/api/auth/post-auth-v-1-oauth-2-access-token/. + schemas: + AttackResult: + properties: + attack_id: + type: string + format: uuid + title: Attack Id + attack_name: + type: string + title: Attack Name + app_prompt: + anyOf: + - type: string + - type: "null" + title: App Prompt + app_response: + anyOf: + - type: string + - type: "null" + title: App Response + evaluation_reason: + anyOf: + - type: string + - type: "null" + title: Evaluation Reason + successful: + type: string + enum: + - Attack Successful + - Attack Unsuccessful + - Requires Human Verification + - Attack Success Confirmed + - Attack Failure Confirmed + title: Successful + type: object + required: + - attack_id + - attack_name + - successful + title: AttackResult + Body_create_simulation_airt_simulation_v1_create_post: + properties: + simulation_data: + type: string + description: A Simulation data file schema to create an AI Red Teaming simulation. + format: binary + title: Simulation data + maxLength: 10485760 + endpoint_schema: + type: string + description: Upload Endpoint Schema in YAML format for a target endpoint. (See [here](https://docs.paloaltonetworks.com/ai-runtime-security) for details on how to configure this YAML schema.) + format: binary + title: Endpoint Schema + maxLength: 65536 + type: object + required: + - simulation_data + - endpoint_schema + title: Body_create_simulation_airt_simulation_v1_create_post + CreateSimulationResponse: + properties: + simulation_id: + anyOf: + - type: string + format: uuid + - type: "null" + title: Simulation Id + message: + type: string + title: Message + simulation_start_ts_utc: + anyOf: + - type: string + format: date-time + - type: "null" + title: Simulation Start Ts Utc + type: object + required: + - message + title: CreateSimulationResponse + GetSimulationResultResponse: + properties: + status_code: + type: integer + enum: + - 1 + - 2 + - 3 + - 4 + - 5 + title: Status Code + status: + type: string + enum: + - Waiting In Queue + - Threat Simulation In Progress + - Completed + - Error + - Unable To Access Endpoint + title: Status + results: + anyOf: + - items: + $ref: "#/components/schemas/AttackResult" + type: array + - type: "null" + title: Results + total_characters_prompt: + anyOf: + - type: integer + - type: "null" + title: Total Characters Prompt + total_characters_response: + anyOf: + - type: integer + - type: "null" + title: Total Characters Response + type: object + required: + - status_code + - status + title: GetSimulationResultResponse + HTTPValidationError: + properties: + detail: + items: + $ref: "#/components/schemas/ValidationError" + type: array + title: Detail + type: object + title: HTTPValidationError + ValidationError: + properties: + loc: + items: + anyOf: + - type: string + - type: integer + type: array + title: Location + msg: + type: string + title: Message + type: + type: string + title: Error Type + type: object + required: + - loc + - msg + - type + title: ValidationError diff --git a/openapi-specs/ai-runtime-security/scan/ScanService.yaml b/openapi-specs/prisma-airs/scan/ScanService.yaml similarity index 98% rename from openapi-specs/ai-runtime-security/scan/ScanService.yaml rename to openapi-specs/prisma-airs/scan/ScanService.yaml index a4f27cfef..bdc08bc29 100644 --- a/openapi-specs/ai-runtime-security/scan/ScanService.yaml +++ b/openapi-specs/prisma-airs/scan/ScanService.yaml @@ -6,8 +6,8 @@ info: description: "This Open API spec file represents the APIs available for the AI Runtime Security: API Intercept.\n \nThese APIs use the API key authentication and base URL.\n - \nTo use the APIs, you must first activate and associate a deployment profile in Customer Support Portal for AI Runtime Security: API intercept and then onboard the API intercept in Strata Cloud Manager.\ - For licensing, onboarding, activation, and to obtain the API authentication key and profile name, refer to the AI Runtime Security: API intercept [Administration guide](https://docs.paloaltonetworks.com/ai-runtime-security/activation-and-onboarding/ai-runtime-security-api-intercept-overview).\n\n + \nTo use the APIs, you must first activate and associate a deployment profile in Customer Support Portal for the API intercept and then onboard the API intercept in Strata Cloud Manager.\ + For licensing, onboarding, activation, and to obtain the API authentication key and profile name, refer to the Prisma AIRS AI Runtime Security: API intercept [Administration guide](https://docs.paloaltonetworks.com/ai-runtime-security/activation-and-onboarding/ai-runtime-security-api-intercept-overview).\n\n This Open API spec file was created on June 04, 2024.\ \n\n\xA9 2024 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark of Palo Alto Networks.\ A list of our trademarks can be found at https://www.paloaltonetworks.com/company/trademarks.html. \ @@ -19,9 +19,9 @@ info: servers: - url: "https://service.api.aisecurity.paloaltonetworks.com" - description: AI Runtime Security API Intercept service URL for US regions + description: Prisma AIRS AI Runtime Security API Intercept service URL for US regions - url: "https://service-de.api.aisecurity.paloaltonetworks.com" - description: AI Runtime Security API Intercept service URL for EU (Germany) regions + description: Prisma AIRS AI Runtime Security API Intercept service URL for EU (Germany) regions tags: - name: Scans diff --git a/products/ai-runtime-security/api/airuntimesecurityapi.md b/products/ai-runtime-security/api/airuntimesecurityapi.md deleted file mode 100644 index 2773e79fa..000000000 --- a/products/ai-runtime-security/api/airuntimesecurityapi.md +++ /dev/null @@ -1,60 +0,0 @@ ---- -id: airuntimesecurityapi -title: "AI Runtime Security: API Intercept" -sidebar_label: "AI Runtime Security: API Intercept" -slug: /ai-runtime-security/scan/api -keywords: - - AIRS - - Reference - - Cloud - - API ---- - -**AI Runtime Security: API Intercept** is a threat detection service designed to secure AI applications. It helps discover and protect applications using REST APIs by embedding Security-as-Code directly into source code. - -The scan API service scans prompt and responses in real-time to identify potential threats and provide threat assessments with actionable recommendations. -These APIs protect your AI models, AI applications, and AI datasets by programmatically scanning prompts and models for threats, enabling robust protection across public and private models with model-agnostic functionality. - -You can integrate the AI Runtime Security: API intercept detection directly into your applications, to efficiently scan for various threats, including prompt injections, insecure outputs, and sensitive data loss. -To use these APIs, send prompts or model responses from your application and receive a threat assessment with recommended actions based on your AI security profile. - -For licensing, onboarding, activation, and to obtain the API authentication key and profile name, refer to the [AI Runtime Security: API Intercept Overview](https://docs.paloaltonetworks.com/ai-runtime-security/activation-and-onboarding/ai-runtime-security-api-intercept-overview) administration documentation. - -The following are the API endpoints based on the regions you selected while creating AI Runtime Security: API Intercept deployment profile: - -- US: https://service.api.aisecurity.paloaltonetworks.com -- EU (Germany): https://service-de.api.aisecurity.paloaltonetworks.com - -## Prerequisites - -1. Create and associate a [deployment profile for AI Runtime Security: API Intercept](https://docs.paloaltonetworks.com/ai-runtime-security/activation-and-onboarding/ai-runtime-security-api-intercept-overview/ai-deployment-profile-airs-api-intercept) in your Customer Support Portal. -2. [Onboard AI Runtime Security: API Intercept](https://docs.paloaltonetworks.com/ai-runtime-security/activation-and-onboarding/ai-runtime-security-api-intercept-overview/onboard-api-runtime-security-api-intercept-in-scm) in Strata Cloud Manager. -3. [Manage applications, API keys, and security profiles](https://docs.paloaltonetworks.com/ai-runtime-security/administration/prevent-network-security-threats/airs-apirs-manage-api-keys-profile-apps) in Strata Cloud Manager. - -## Requirements for API Usage - -1. **API Key Token**: This token is generated during the onboarding process in Strata Cloud Manager (see prerequisite step 2). -Include the API key token in all API requests using the `x-pan-token` header. -2. **AI Security Profile Name**: This is the security profile created during the onboarding process in Strata Cloud Manager (see prerequisite step 2). -Specify this profile name or the profile ID in the API request payload in the `ai_profile` field. - -:::info -You can manage API keys and AI security profiles in Strata Cloud Manager. - -1. Log in to Strata Cloud Manager [SCM](http://stratacloudmanager.paloaltonetworks.com/). -2. Navigate to **Insights > AI Runtime Security**. -3. Select API from the AI Runtime Security drop-down list at the top. -4. At the top right corner, choose: - -- **Manage > API Keys** to copy, regenerate, or rotate the API key token. -- **Manage > Security Profiles** to fetch details or update AI security profiles. - -For complete details, refer to the Manage Applications, API Keys, and Security Profiles Administration guide. -::: - -## Limitations - -- One AI security profile per Tenant Service Group (TSG) - Limited to one security profile per group. -- One API key per deployment profile - Each deployment profile in the [Customer Support Portal](https://support.paloaltonetworks.com/Support/Index) allows a single API key. -- 2 MB maximum payload size per synchronous scan request - Limited to a maximum of 100 URLs per request. -- 5 MB maximum payload size per asynchronous scan request - Limited to a maximum of 100 URLs per request. diff --git a/products/ai-runtime-security/sidebars.ts b/products/ai-runtime-security/sidebars.ts deleted file mode 100644 index 2d7e65056..000000000 --- a/products/ai-runtime-security/sidebars.ts +++ /dev/null @@ -1,32 +0,0 @@ -module.exports = { - airuntimesecurity_api: [ - { - type: "doc", - id: "ai-runtime-security/api/airuntimesecurityapi", - }, - { - type: "doc", - id: "ai-runtime-security/api/usecases", - }, - { - label: "Python SDK", - type: "category", - collapsed: false, - items: [ - { - type: "doc", - id: "ai-runtime-security/api/pythonsdk", - }, - { - type: "doc", - id: "ai-runtime-security/api/pythonsdkusage", - }, - { - type: "doc", - id: "ai-runtime-security/api/pythonsdkasynciousage", - }, - ], - }, - require("./api/sidebar"), - ], -}; \ No newline at end of file diff --git a/products/prisma-airs/api/aimodelscanning/aimodelscanning.md b/products/prisma-airs/api/aimodelscanning/aimodelscanning.md new file mode 100644 index 000000000..fb3cb2eff --- /dev/null +++ b/products/prisma-airs/api/aimodelscanning/aimodelscanning.md @@ -0,0 +1,23 @@ +--- +id: aimodelscanning +title: "AI Model Scanning" +sidebar_label: "AI Model Scanning API" +slug: /prisma-airs/aimodelscanning/api +keywords: + - AIRS + - Reference + - Cloud + - API +--- + +The AI Model Scanning helps you detect threats inside your third-party AI models. +Use the AI Model Scanning APIs to scan your AI models for vulnerabilities. + +Secure your AI ecosystem against risks, like model tampering, malicious scripts, and deserialization attacks. + +## Prerequisites + +- **API access token** + +The AI Red Teaming APIs need an access token to authenticate all the endpoints requests. These APIs use a common authentication mechanism and base URL for API requests. +Follow the instructions on this [page](https://pan.dev/sase/api/auth/post-auth-v-1-oauth-2-access-token/) to generate an access token. diff --git a/products/prisma-airs/api/airedteaming/airedteamingoverview.md b/products/prisma-airs/api/airedteaming/airedteamingoverview.md new file mode 100644 index 000000000..8e90111a4 --- /dev/null +++ b/products/prisma-airs/api/airedteaming/airedteamingoverview.md @@ -0,0 +1,58 @@ +--- +id: airedteamingoverview +title: "AI Red Teaming" +sidebar_label: "AI Red Teaming API" +slug: /prisma-airs/airedteaming/api +keywords: + - AIRS + - Reference + - Cloud + - API +--- + +AI Red Teaming Proactively identify vulnerabilities through automated penetration testing using AI Red Teaming agents that learn and adapt like real attackers. +It is designed to help you identify security risks in your GenAI models, applications, and data. This capability simulates various real-world attack scenarios on your GenAI applications to uncover vulnerabilities before malicious actors can exploit them. + +The AI Red Teaming APIs allow you to test and secure your GenAI applications programmatically. These APIs seamlessly integrate with existing workflows and systems, streamlining AI security processes. + +The following are the AI Red Teaming API endpoints: + +- Create New Simulation (`/create`): Initiate a new AI Red Teaming simulation with customized parameters. + +- Get Simulation Result (`/result`): Retrieve detailed results and analysis from a completed simulation. + +- Get All Simulations (`/get-all`): Fetch metadata for all simulations associated with your account. + +The AI Red Teaming API Reference documentation details the API specifications and usage instructions for each endpoints. + +## Prerequisites + +1. **API access token** + +The AI Red Teaming APIs need an access token to authenticate all the endpoints requests. These APIs use a common authentication mechanism and base URL for API requests. +Follow the instructions on this [page](https://pan.dev/sase/api/auth/post-auth-v-1-oauth-2-access-token/) to generate an access token. + +2. **Simulation data** + +The API Red Teaming API use the `simulation_data` file schema to create an AI Red Teaming simulation. +This is a `JSON` file with a maximum character size of 10 MB. The AI Red Teaming serive uses this schema to identify the model and the simulation attack types to run the threat simulations. +Here is a sample `simulation_data` schema: + +```JSON +code... +``` + +3. **Endpoint Schema** + +AI Red Teaming uses this schema to identify the endpoint to run the threat simulations. It sends automated attacks to your genAI application. +The schema may contain any endpoint designed to take in text prompts and return text responses (for example, an application workload endpoint or a model endpoint). +Configure the endpoint schema to be externally accessible. +The maximum character size limit of the endpoint schema file is 64KB. + +```yaml +type: azure_openai + +deployment: + api_key: {your_API_key} + azure_endpoint: {your_azure_endpoint} // model name in URL path +``` diff --git a/products/prisma-airs/api/airuntimesecurity/airuntimesecurityapi.md b/products/prisma-airs/api/airuntimesecurity/airuntimesecurityapi.md new file mode 100644 index 000000000..608b2d42c --- /dev/null +++ b/products/prisma-airs/api/airuntimesecurity/airuntimesecurityapi.md @@ -0,0 +1,62 @@ +--- +id: airuntimesecurityapi +title: "PRISMA AIRS AI Runtime Security: API Intercept" +sidebar_label: "PRISMA AIRS AI Runtime Security: API Intercept" +slug: /prisma-airs/scan/api +keywords: + - AIRS + - Reference + - Cloud + - API +--- + +**Prisma AIRS AI Runtime Security: API Intercept** is a threat detection service designed to secure AI applications. It helps discover and protect applications using REST APIs by embedding Security-as-Code directly into your source code. + +The scan API service scans prompts and responses in real-time to identify potential threats and provide threat assessments with actionable recommendations. +These APIs protect your AI models, AI applications, and AI datasets by programmatically scanning prompts and models for threats. These detection APIs enable robust protection across public and private models with model-agnostic functionality. + +The APIs efficiently scan for various threats, including prompt injections, insecure outputs, AI agentic threats, and sensitive data loss. +To use these APIs, send prompts or model responses from your application and receive a threat assessment with recommended actions based on your AI security profile. + +For licensing, onboarding, activation, and to obtain the API authentication key and profile name, refer to the [Prisma AIRS AI Runtime Security: API intercept](https://docs.paloaltonetworks.com/ai-runtime-security/activation-and-onboarding/ai-runtime-security-api-intercept-overview) administration documentation. + +## Scan API Endpoints + +The following are the API endpoints based on the regions you selected while creating Prisma AIRS AI Runtime Security: API intercept deployment profile: + +- US: https://service.api.aisecurity.paloaltonetworks.com +- EU (Germany): https://service-de.api.aisecurity.paloaltonetworks.com + +## Prerequisites + +1. Create and associate a [deployment profile](https://docs.paloaltonetworks.com/ai-runtime-security/activation-and-onboarding/ai-runtime-security-api-intercept-overview/ai-deployment-profile-airs-api-intercept) for Prisma AIRS AI Runtime Security: API intercept in your Customer Support Portal. +2. [Onboard Prisma AIRS AI Runtime Security: API Intercept](https://docs.paloaltonetworks.com/ai-runtime-security/activation-and-onboarding/ai-runtime-security-api-intercept-overview/onboard-api-runtime-security-api-intercept-in-scm) in Strata Cloud Manager. +3. [Manage applications, API keys, security profiles, and custom topics](https://docs.paloaltonetworks.com/ai-runtime-security/administration/prevent-network-security-threats/airs-apirs-manage-api-keys-profile-apps) in Strata Cloud Manager. + +## Requirements for API Usage + +1. **API Key Token**: This token is generated during the onboarding process in Strata Cloud Manager (see the onboarding prerequisite step above). +Include the API key token in all API requests using the `x-pan-token` header. +2. **AI Security Profile Name**: This is the API security profile you created during the onboarding process in Strata Cloud Manager (see the prerequisite step on creating an API security profile above). +Specify this profile name or the profile ID in the API request payload in the `ai_profile` field. + +:::info +You can manage API keys and AI security profiles in Strata Cloud Manager. + +1. Log in to [Strata Cloud Manager](http://stratacloudmanager.paloaltonetworks.com/). +2. Navigate to **Insights > Prisma AIRS > Prisma AIRS AI Runtime Security: API Intercept**. +3. In the top right corner, click: + +- **Manage > API Keys** to copy, regenerate, or rotate the API key token. +- **Manage > Security Profiles** to fetch details or update AI security profiles. +- **Manage > Custom Topics** create or update custom topics for custom topic guardrails threat detections. + +For complete details, refer to adminstration guide for the section on how to "manage applications, API Keys, security profiles, and custom topics". +::: + +## Limitations + +- One AI security profile per Tenant Service Group (TSG) - Limited to one security profile per group. +- One API key per deployment profile - Each deployment profile in the [Customer Support Portal](https://support.paloaltonetworks.com/Support/Index) allows a single API key. +- 2 MB maximum payload size per synchronous scan request - Limited to a maximum of 100 URLs per request. +- 5 MB maximum payload size per asynchronous scan request - Limited to a maximum of 100 URLs per request. diff --git a/products/ai-runtime-security/api/pythonsdk.md b/products/prisma-airs/api/airuntimesecurity/pythonsdk.md similarity index 100% rename from products/ai-runtime-security/api/pythonsdk.md rename to products/prisma-airs/api/airuntimesecurity/pythonsdk.md diff --git a/products/ai-runtime-security/api/pythonsdkasynciousage.md b/products/prisma-airs/api/airuntimesecurity/pythonsdkasynciousage.md similarity index 100% rename from products/ai-runtime-security/api/pythonsdkasynciousage.md rename to products/prisma-airs/api/airuntimesecurity/pythonsdkasynciousage.md diff --git a/products/ai-runtime-security/api/pythonsdkusage.md b/products/prisma-airs/api/airuntimesecurity/pythonsdkusage.md similarity index 100% rename from products/ai-runtime-security/api/pythonsdkusage.md rename to products/prisma-airs/api/airuntimesecurity/pythonsdkusage.md diff --git a/products/ai-runtime-security/api/usecases.md b/products/prisma-airs/api/airuntimesecurity/usecases.md similarity index 97% rename from products/ai-runtime-security/api/usecases.md rename to products/prisma-airs/api/airuntimesecurity/usecases.md index e61924e63..7995746ba 100644 --- a/products/ai-runtime-security/api/usecases.md +++ b/products/prisma-airs/api/airuntimesecurity/usecases.md @@ -1,6 +1,6 @@ --- id: usecases -title: "Use Cases: AI Runtime Security: API Intercept" +title: "Use Cases: Prisma AIRS AI Runtime Security: API Intercept" sidebar_label: "Scan APIs Use Cases" keywords: - AIRS @@ -11,16 +11,16 @@ keywords: - API --- -This document outlines key use cases for AI Runtime Security: API intercept detection features. -Each use case includes the sample code or API requests, API security profile configurations, along with the expected responses, demonstrating how to leverage the AI Runtime Security: API intercept for enhanced protection. +This document outlines key use cases for Prisma AIRS AI Runtime Security: API intercept detection features. +Each use case includes the sample code or API requests, API security profile configurations, along with the expected responses. The use cases demonstrate how to leverage Prisma AIRS AI Runtime Security: API intercept for enhanced protection. ## Prerequisites -1. Log in to [Strata Cloud Manager](http://stratacloudmanager.paloaltonetworks.com/). -2. Navigate to **Insights > AI Runtime Security**. -3. Choose **Get Started** under the API section. -4. Onboard AI Runtime Security API intercept in Strata Cloud Manager. -5. Configure the API security profile with below settings for the respective use cases: +Before you begin, + +1. Refer to the prerequsities section in the [Prisma AIRS AI Runtime Security: API intercept](airuntimesecurityapi.md) overview page. +2. Review the Scan API Endpoints in the Scan API Endpoints overview page. +3. Configure the API security profile with below settings for the respective use cases: - **Enable** the detection types (Basic or Advanced) in the API security profile based on the use cases. - Set **Action** to **Block** when the threat is detected. @@ -34,12 +34,6 @@ For details on the protections and the features available while creating an API ::: -The following are the API endpoints based on the regions you selected while creating AI Runtime Security: API Intercept deployment profile: - -- US: https://service.api.aisecurity.paloaltonetworks.com - -- EU (Germany): https://service-de.api.aisecurity.paloaltonetworks.com - ## Use Cases ### Detect Prompt Injection diff --git a/products/ai-runtime-security/docs/home.md b/products/prisma-airs/docs/home.md similarity index 100% rename from products/ai-runtime-security/docs/home.md rename to products/prisma-airs/docs/home.md diff --git a/products/prisma-airs/sidebars.ts b/products/prisma-airs/sidebars.ts new file mode 100644 index 000000000..f1d59c0df --- /dev/null +++ b/products/prisma-airs/sidebars.ts @@ -0,0 +1,46 @@ +module.exports = { + airuntimesecurity_api: [ + { + type: "doc", + id: "prisma-airs/api/airuntimesecurity/airuntimesecurityapi", + }, + { + type: "doc", + id: "prisma-airs/api/airuntimesecurity/usecases", + }, + { + label: "Python SDK", + type: "category", + collapsed: false, + items: [ + { + type: "doc", + id: "prisma-airs/api/airuntimesecurity/pythonsdk", + }, + { + type: "doc", + id: "prisma-airs/api/airuntimesecurity/pythonsdkusage", + }, + { + type: "doc", + id: "prisma-airs/api/airuntimesecurity/pythonsdkasynciousage", + }, + ], + }, + require("./api/airuntimesecurity/sidebar"), + ], + airedteaming_api: [ + { + type: "doc", + id: "prisma-airs/api/airedteaming/airedteamingoverview", + }, + require("./api/airedteaming/sidebar"), + ], + aimodelscanning_api: [ + { + type: "doc", + id: "prisma-airs/api/aimodelscanning/aimodelscanning", + }, + require("./api/aimodelscanning/sidebar"), + ], +}; \ No newline at end of file