AI Access Security Licenses
AI Access Security Setup Prerequisites
|
Where Can I Use This? |
What Do I Need? |
|
One of the following:
|
Review the available AI Access Security licenses to begin safely adopting and controlling access to generative AI (GenAI) applications on your network.
- AI Access Security License
The AI Access Security license is a standalone license. It includes the following three types of license:
- AI Access Security EVAL —Evaluation license for AI Access Security. If you have the EVAL license active, you must convert the evaluation license to a production license after the evaluation period has ended to continue safely controlling access to and safely adopting GenAI apps.
- AI Access Security LAB —AI Access Security license specific for your lab environments. This license isn't intended for a production environment.
- AI Access Security —Production license for AI Access Security.
- CASB-PA and CASB-X
AI Access Security is included by default with both the CASB-PA and CASB-X licenses. No additional action is needed to activate AI Access Security. You can begin using AI Access Security to safely adopt GenAI apps after activating either of these licenses.
What's Included with an AI Access Security License?
What's included with AI Access Security depends on whether other licenses are active on the tenant.
The included AI Access Security functionality is dependent on the PAN-OS or dataplane version currently running on the NGFW or Prisma Access tenant. Refer to the Setup Prerequisites for more information on what functionality is included.
Expand all
Collapse all
- AI Access Security only
This applies to NGFW or Prisma Access managed by Panorama or Strata Cloud Manager when only the AI Access Security license is active.
|
PAN-OS or Dataplane Version |
NGFW and Prisma Access (Managed by Panorama or Strata Cloud Manager ) |
|
11.2.2-h1 and later Prisma Access 5.1 Innovation |
Traffic matches containing sensitive data are not forwarded to Enterprise DLP for inspection and verdict rendering for non-GenAI apps .
( Panorama ) This includes the predefined Sanctioned and Tolerated app tags.
|
- AI Access Security and Enterprise DLP Licenses
This applies to NGFW or Prisma Access managed by Panorama or Strata Cloud Manager when both the AI Access Security and Enterprise DLP licenses are active.
|
PAN-OS or Dataplane Version |
NGFW and Prisma Access (Managed by Panorama or Strata Cloud Manager ) |
|
11.2.2-h1 and later Prisma Access 5.1 Innovation |
( Panorama ) This includes the predefined Sanctioned and Tolerated app tags.
|
- CASB-PA and CASB-X Licenses
This applies to NGFW or Prisma Access managed by Strata Cloud Manager when the CASB-PA or CASB-X licenses are active.
|
PAN-OS or Dataplane Version |
CASB-PA and CASB-X |
|
10.2 11.1 Prisma Access 5.0 Preferred and Innovation Prisma Access 5.1 Preferred |
|
|
11.2.2-h1 and later Prisma Access 5.1 Innovation |
( Panorama ) This includes the predefined Sanctioned and Tolerated app tags.
|
AI Access Security Setup Prerequisites
Activate the AI Access Security License
|
Where Can I Use This? |
What Do I Need? |
|
One of the following:
|
Review the prerequisites for using AI Access Security. The prerequisites describe the minimum PAN-OS and Prisma Access dataplane versions and any additional services required to use AI Access Security.
Review the different AI Access Security license and PAN-OS version combinations to learn more about what functionality AI Access Security supports.
Expand all
Collapse all
- NGFW and Prisma Access (Managed by Panorama)
Refer to the AI Access Security License prerequisites when managing your AI Access Security configuration from Panorama and only have the AI Access Security license active.
Refer to the CASB-PA and CASB-X Licenses prerequisites when managing your AI Access Security configuration from Panorama and have an active CASB-PA or CASB-X license.
|
Prerequisite |
AI Access Security License |
CASB-PA and CASB-X Licenses |
|
PAN-OS or dataplane |
PAN-OS 11.2.2-h1 |
Review the Prisma Access Release Notes for minimum required Prisma Access version details. |
|
Data Filtering |
Enterprise DLP plugin 5.0.4 or later |
Review the Compatibility Matrix for the Enterprise DLP plugin version supported on your PAN-OS version. |
|
AI Access Security includes Enterprise DLP when you activate the AI Access Security, CASB-PA, and CASB-X licenses . |
||
|
Cloud Services Plugin |
Cloud Services plugin 5.1 |
|
|
Logging |
Strata Logging Service |
|
- NGFW and Prisma Access (Managed by Strata Cloud Manager)
Refer to the AI Access Security License prerequisites when managing your AI Access Security configuration from Strata Cloud Manager and only have the AI Access Security license active.
Refer to the CASB-PA and CASB-X Licenses prerequisites when managing your AI Access Security configuration from Strata Cloud Manager and have an activated CASB-PA or CASB-X license.
|
Prerequisite |
AI Access Security License |
CASB-PA and CASB-X Licenses |
|
PAN-OS or dataplane |
PAN-OS 11.2.2-h1 |
Review the Prisma Access Release Notes for minimum required Prisma Access version details. |
|
Data Filtering |
AI Access Security includes Enterprise DLP when you activate the AI Access Security, CASB-PA, and CASB-X licenses . |
|
|
Logging |
Strata Logging Service |
|
Activate the AI Access Security License
AI Access Security Setup Prerequisites
Convert an AI Access Security Evaluation License to a Production License
|
Where Can I Use This? |
What Do I Need? |
|
One of the following:
|
Activate your AI Access Security license to enable your organization to safely adopt generative AI (GenAI) applications by your employees. AI Access Security activation is performed using a magic link provided by Palo Alto Networks after purchase of the AI Access Security license. These procedures assume you already have all the required license auth codes and magic links required for activation.
After you purchase your AI Access Security license, you must activate the license using a magic link sent to you by Palo Alto Networks. AI Access Security is included when you activate a CASB-PA or CASB-X license. No further action is required to activate the AI Access Security after you activate a CASB-PA or CASB-X license.
- Install and perform the initial configuration for your NGFW.
This includes activating all the required support licenses.
- Set up management for your NGFW or Prisma Access tenant.
Expand all
Collapse all
- NGFW (Managed by Panorama)
- Set up Panorama.
- M-Series Appliance —Set up the M-Series appliance in Management Only or Panorama mode .
- Panorama Virtual Appliance — Install the Panorama virtual appliance on your preferred hypervisor in Management Only or Panorama mode
- Deploy Strata Logging Service.
- Register Panorama.
- Activate the Panorama support license.
- Activate the Panorama device management license ( M-Series Appliance or Panorama Virtual Appliance ).
- Add your managed firewalls to Panorama management.
- Upgrade Panorama to the minimum PAN-OS version supported for AI Access Security.
- Upgrade your NGFW to the minimum PAN-OS version supported for AI Access Security.
- NGFW (Managed by Strata Cloud Manager)
- Activate the AIOps for NGFW Premium license.
- Deploy Strata Logging Service.
- Onboard your NGFW to Strata Cloud Manager.
- Install the latest dynamic content updates and upgrade your NGFW to the minimum PAN-OS version supported for AI Access Security.
- Prisma Access (Managed by Panorama)
- Set up Panorama.
- M-Series Appliance —Set up the M-Series appliance in Management Only or Panorama mode .
- Panorama Virtual Appliance — Install the Panorama virtual appliance on your preferred hypervisor in Management Only or Panorama mode
- Deploy Strata Logging Service.
- Register Panorama.
- Activate the Panorama support license.
- Activate the Panorama device management license ( M-Series Appliance or Panorama Virtual Appliance ).
- Upgrade Panorama to the minimum PAN-OS version supported for AI Access Security.
- Install the Cloud Services plugin on Panorama.
- Set up Panorama Managed Prisma Access.
- Prisma Access (Managed by Strata Cloud Manager)
- Set up Enterprise Data Loss Prevention (E-DLP).
Expand all
Collapse all
- NGFW (Managed by Panorama)
- Install the Enterprise DLP plugin on Panorama.
- Enable Enterprise DLP for NGFW.
- Edit the Enterprise DLP cloud content , data filtering , and snippet settings as needed.
- NGFW (Managed by Strata Cloud Manager)
- Enable Enterprise DLP for NGFW.
- Edit the Enterprise DLP data filtering and snippet settings as needed.
- Prisma Access (Managed by Panorama)
- Install the Enterprise DLP plugin on Panorama.
- Enable Enterprise DLP for Prisma Access.
- Edit the Enterprise DLP cloud content , data filtering , and snippet settings as needed.
- Prisma Access (Managed by Strata Cloud Manager)
- Enable Enterprise DLP for NGFW.
- Edit the Enterprise DLP data filtering and snippet settings as needed.
- Click the magic link provided to you by Palo Alto Networks when you purchase the AI Access Security subscription.
- Click Activate Subscription to begin activating AI Access Security.
- Enter your Palo Alto Networks Customer Support Portal (CSP) Email Address . This email address must match the email address that received the magic link to activate AI Access Security.
Create a New Account if the email address that received the AI Access Security activation link does not already have a valid CSP account. The newly created account is automatically associated with the same tenant for which you're activating AI Access Security and assigned a Multitenant Superuser role .
- ( Multitenancy only ) In the Customer Support Account section, select the Palo Alto Networks Customer Support Account associated with the tenant for which you activating the AI Access Security license.
Skip this step if you have a single tenant Customer Support Portal account. Your Customer Support Account is selected by default.
- ( Multitenancy only ) In the Allocate This Subscription section, select the tenant service group (TSG) for which you want to activate AI Access Security. You can select the parent tenant or a child tenant.
AI Access Security is activated for only the selected tenant. If you select a parent tenant, AI Access Security isn't activated for any child tenant.
Skip this step if you only have a single tenant Customer Support Portal account. It is selected by default.
- Review the tenant Region . This region is pre-populated based on the deployed NGFW or Prisma Access tenant region and can't be changed.
- In the Assign Licenses section, click Done to assign all your AI Access Security licenses. Verify that your AI Access Security License is Fully Assigned
- Verify that your Data Loss Prevention instance is selected if you have Enterprise Data Loss Prevention (E-DLP) active on your tenant.
Your Enterprise DLP instance is selected by default if active already on your tenant.
Skip this step if you don't have Enterprise DLP already active. Enterprise DLP is not required to enable AI Access Security. If Enterprise DLP instance is not already active then one is created as part of the license activation. Review what happens to Enterprise DLP if you don't renew your AI Access Security license.
- Agree to the Terms and Conditions .
- Activate .
You're redirected to the Tenant Management page where the AI Access Security Activation Status starts Initializing .
The AI Access Security license displays as Data Security and has a serial number that begins with AIX . Continue to the next step after the Activation Status is Complete .
- ( NGFW only ) Associate the AI Access Security license with your NGFW.
Associating the AI Access Security license is required to activate the license for your NGFW.
1. In the Strata Cloud Manager menu, select SettingsDevice Associations .
The Strata Cloud Manager menu is located in the bottom-left corner of Strata Cloud Manager.
2. Associate Apps .
3. In the Licensed Products, select Data Security .
4. Select the NGFW for which you want to activate AI Access Security.
5. Save .
- Verify you successfully activated AI Access Security.
1. Log in to the Palo Alto Networks Customer Support Portal (CSP).
2. Select ProductsAssets .
3. Select NGFW or Prisma Access tenant based on the enforcement point for which you activated AI Access Security.
4. Use the filters to locate your NGFW or Prisma Access tenant.
5. Expand the list of active licenses or click Licenses & Subscriptions .
6. Verify that the AI Access Security license is active.
- Get Started with AI Access Security.
This procedure assumes you only need to activate the AI Access Security license and that all prerequisite licenses are activate and have successfully set up your NGFW, Prisma Access, Panorama™ management server, and Strata Cloud Manager as needed.
- Click the magic link provided to you by Palo Alto Networks when you purchase the AI Access Security subscription.
- Click Activate Subscription to begin activating AI Access Security.
- Enter your Palo Alto Networks Customer Support Portal (CSP) Email Address . This email address must match the email address that received the magic link to activate AI Access Security.
Create a New Account if the email address that received the AI Access Security activation link does not already have a valid CSP account. The newly created account is automatically associated with the same tenant for which you're activating AI Access Security and assigned a Multitenant Superuser role .
- ( Multitenancy only ) In the Customer Support Account section, select the Palo Alto Networks Customer Support Account associated with the tenant for which you activating the AI Access Security license.
Skip this step if you have a single tenant Customer Support Portal account. Your Customer Support Account is selected by default.
- ( Multitenancy only ) In the Allocate This Subscription section, select the tenant service group (TSG) for which you want to activate AI Access Security. You can select the parent tenant or a child tenant.
AI Access Security is activated for only the selected tenant. If you select a parent tenant, AI Access Security isn't activated for any child tenant.
Skip this step if you only have a single tenant Customer Support Portal account. It is selected by default.
- Review the tenant Region . This region is pre-populated based on the deployed NGFW or Prisma Access tenant region and can't be changed.
- In the Assign Licenses section, click Done to assign all your AI Access Security licenses. Verify that the AI Access Security License is Fully Assigned
- Verify that your Data Loss Prevention instance is selected if you have Enterprise Data Loss Prevention (E-DLP) active on your tenant.
Your Enterprise DLP instance is selected by default if active already on your tenant.
Skip this step if you don't have Enterprise DLP already active. Enterprise DLP is not required to enable AI Access Security. If Enterprise DLP instance is not already active then one is created as part of the license activation. Review what happens to Enterprise DLP if you don't renew your AI Access Security license.
- Agree to the Terms and Conditions .
- Activate .
You're redirected to the Tenant Management page where the AI Access Security Activation Status starts Initializing .
The AI Access Security license displays as Data Security and has a serial number that begins with AIX . Continue to the next step after the Activation Status is Complete .
- ( NGFW only ) Associate the AI Access Security license with your NGFW.
Associating the AI Access Security license is required to activate the license for your NGFW.
- In the Strata Cloud Manager menu, select SettingsDevice Associations .
The Strata Cloud Manager menu is located in the bottom-left corner of Strata Cloud Manager.
- Associate Apps .
- In the Licensed Products, select Data Security .
- Select the NGFW for which you want to activate AI Access Security.
- Save .
- Verify you successfully activated AI Access Security.
- Log in to the Palo Alto Networks Customer Support Portal (CSP).
- Select ProductsAssets .
- Select NGFW or Prisma Access tenant based on the enforcement point for which you activated AI Access Security.
- Use the filters to locate your NGFW or Prisma Access tenant.
- Expand the list of active licenses or click Licenses & Subscriptions .
- Verify that the AI Access Security license is active.
- Get Started with AI Access Security
Convert an AI Access Security Evaluation License to a Production License
Activate the AI Access Security License
Renew an AI Access Security License
|
Where Can I Use This? |
What Do I Need? |
|
One of the following:
|
If you have the AI Access Security EVAL license active you must convert the evaluation license to a production license to continue safely controlling access to and adopting GenAI apps once the evaluation period ends. If you don't convert the evaluation license into a production license:
- Traffic containing sensitive data is no longer forwarded to Enterprise Data Loss Prevention (E-DLP) for inspection and verdict rendering.
- Enterprise DLP is no longer accessible.
- Panorama™ management server — ObjectsDLP
- Strata Cloud Manager — ManageConfigurationData Loss Prevention
- Web Security and Security policy rules created for AI Access Security are preserved.
- Log in to Strata Cloud Manager.
- In the Strata Cloud Manager menu, select SettingsSubscriptions .
The Strata Cloud Manager menu is located in the bottom-left corner of Strata Cloud Manager.
- Find the AI Access Security evaluation license and select ActionsEval to Prod Request .
- Specify the production license terms you want for your tenant. The request is reviewed by your Palo Alto Networks account representative to create a quote.
Specify the following information in your production license request.
- License Quantity —Number of individuals that can use AI Access Security.
- Term —Length of your AI Access Security subscription.
- Send Request .
Renew an AI Access Security License
Convert an AI Access Security Evaluation License to a Production License
Introducing AI Access Security
|
Where Can I Use This? |
What Do I Need? |
|
One of the following:
|
You can renew your expiring AI Access Security license to continue safely adopting GenAI apps. An expiring AI Access Security does not automatically renew and requires you to manually renew it. If the AI Access Security expires:
- Traffic containing sensitive data is no longer forwarded to Enterprise Data Loss Prevention (E-DLP) for inspection and verdict rendering.
- Enterprise DLP is no longer accessible.
- Panorama™ management server — ObjectsDLP
- Strata Cloud Manager — ManageConfigurationData Loss Prevention
- Web Security and Security policy rules created for AI Access Security are preserved.
- Contact your Palo Alto Networks sales representative and request a renewal for your AI Access Security license.
- Log in to Strata Cloud Manager.
- From the bottom-left menu, select SettingsTenants .
- Select the tenant for which you're renewing the AI Access Security license.
You can select a parent tenant or a child tenant. A tenant with a license that requires immediate action to renew the license is marked with a blue circle.
- Edit the tenant licenses.
- Agree to the terms and conditions and Activate Now .
Introducing AI Access Security
Renew an AI Access Security License
What's Supported with AI Access Security?
|
Where Can I Use This? |
What Do I Need? |
|
One of the following:
|
GenAI apps are AI apps capable of generating text, images, videos, and other forms of data in response to user prompts and continuously learn based on user inputs. Their usage is proliferating at an astonishing rate and offer limitless opportunities for businesses. However, the nature by which GenAI apps contentiously improve presents a new danger to businesses and security administrators—how can you ensure your employees are not exposing sensitive or proprietary data to GenAI apps?
Palo Alto Networks introduced AI Access Security to enable businesses to safely adopt GenAI apps across their organization by mitigating the risks associated with data leakage in prompts and malicious content in responses. AI Access Security includes an extensive dictionary of Generative artificial intelligence (GenAI) apps to help you identify GenAI apps alongside contextual, fine-grained access control policy rules to help you prevent exfiltration of sensitive data. AI Access Security also provides detailed monitoring capabilities that enable you to filter for specific GenAI apps, users, and GenAI use cases, which in turn enables you to write targeted Security policy rules to strengthen your security posture that help you control the data leaving your organization for GenAI appls allowed within your organization.
AI Access Security follows a set of core principals allowing your organization to safely leverage GenAI apps while ensuring your sensitive or proprietary data isn't exposed.
AI Access Security provides robust tools to identify and control GenAI app usage on your network. Hundreds of GenAI apps have been categorized and mapped with AI-specific attributes to generate bespoke risk scores that empower InfoSec teams to make informed decisions. What’s more, AI Access Security not only helps businesses understand GenAI adoption and usage, it prevents sensitive data loss and provides real-time threat detection for both sanctioned and shadow AI apps. Security administrators can immediately improve risk posture while simultaneously empowering users to securely harness the power of GenAI.
Attributes —AI Access Security provides a detailed description of the GenAI app functionality and the attributes AI Access Security uses to calculate the risk score for each GenAI app.
Access Control —Create an Internet Access policy rules to control access to GenAI apps. You can control access to GenAI apps for:
- User groups for sanctioned, unsanctioned, or tolerated GenAI apps. You can also control GenAI app usage based on description, risk, or use case.
- Block or allow specific functionality within a specific GenAI app or for a category of GenAI apps.
- Control access for GenAI app browser extensions, plugins, and custom GPTs.
Enterprise Accounts and Custom GenAI Apps —You can sanction user group access to a GenAI app when using an enterprise account while blocking access to publicly available GenAI apps. Additionally, you can control user group access for custom GenAI apps that have outbound internet access.
AI Access Security administration is managed entirely on Strata Cloud Manager for a single pane of glass management experience across your security enforcement channels includes a detailed dashboard with trends allowing you to filter and explore usage based on users, data transfers, GenAI apps, and use cases across all channels.
AI Access Security provides a comprehensive dictionary of over 500 GenAI apps and 60+ attributes to accurately discovers and monitor GenAI adoption, usage and risk. Additionally, AI Access Security uses context-aware LLM-powered data classification with over 300 classifiers to provide high accurate sensitive data discovery capabilities.
AI Access Security includes support for persona-based access with the ability to grant role-based access controls for administrators focused on setting policy or mitigating risk.
AI Access Security provides data protection, posture management, and zero trust security all in one solution across all your enforcement points. Enterprise DLP, Palo Alto Networks' cloud-based data loss prevention service that uses AI and supervised machine learning algorithms, is the detection engine that fuels AI Access Security's ability to block exfiltration of sensitive data for file and nonfile based traffic and text prompts. Enterprise DLP data patterns and data profiles specify the match criteria used to determine whether traffic that matches a Web Security policy rule contains sensitive data. You can create custom data patterns and profiles or use predefined data patterns and profiles to detect personally identifiable information (PII), propriety source code, intellectual property, customer data, and more.
AI Access Security also inspects responses from sanctioned and tolerated GenAI apps to ensure threat actors don't gain access to your network or initiate an attack in the event a GenAI application is compromised. AI Access Security inspects all files, URLs, and code snippets returned by a GenAI in response to a user prompt for sanctioned and tolerated GenAI apps.
What's Supported with AI Access Security?
Introducing AI Access Security
Perform Initial AI Access Security Configuration
|
Where Can I Use This? |
What Do I Need? |
|
One of the following:
|
AI Access Security gives you visibility into hundreds of generative AI (GenAI) apps that fall into one of many predefined GenAI app Use Cases. Review the list of predefined Use Cases to understand how different GenAI apps are grouped based on their functionality and usage, as well as details about the associated risks posed to your organization by each.
The GenAI apps list describes all the GenAI apps traffic that AI Access Security has visibility into. This means that you can use the AI Access Security Insights dashboard to discover activity and risky behavior related to users accessing these GenAI apps.
Enterprise Data Loss Prevention (E-DLP) is the detection engine that powers AI Access Security and prevents exfiltration of sensitive data to GenAI apps. Review the list GenAI apps supported by Enterprise DLP to learn more about which GenAI apps you can safely adopt in your organization. To use Enterprise DLP to prevent exfiltration of sensitive data to GenAI apps:
- All GenAI app support requires PAN-OS 10.2.3 or later release.
This applies to NGFW, Panorama™ management server, and the Prisma Access dataplane version.
- All GenAI apps support only nonfile inspection unless otherwise specified in the list of supported GenAI apps.
In the event Enterprise DLP doesn't support a particular GenAI app, you can choose to block access to the GenAI app if it is not sanctioned for use by your organization.
You can safely adopt GenAI apps using AI Access Security based on the following use cases. One GenAI app can be associated with more than one use case.
Expand all
Collapse all
- Audio Generators
Audio Generators use AI models to create sound effects, music, and other audio clips from text prompts or audio reference inputs provided by the user.
Associated Risks
- Copyright Infringement —Audio Generators can be trained on data sets of existing music and sound effects that can include copyrighted materials. This can lead to generated outputs that reproduce copyrighted material.
- Data Privacy —Audio Generators can recreate an individual's voice, speech patterns, or other identifiable audio characteristics without consent, which poses privacy risks.
- Exposure of Sensitive Information —Audio Generators can receive audio as an input that can contain proprietary or sensitive information. By providing this proprietary or sensitive data as an input, you risk that data being used to train the GenAI app, which may then be exposed to users outside of your organization.
- Conversational Agent
Conversational Agents provide assistance with a wide variety of tasks in a natural, user-friendly manner similar to how to how humans interact with each other. They are typically in the form of chatbots that accept text and files as input.
Associated Risks
- Malicious Prompting —Bad actors can exploit Conversational Agents by crafting and injecting indirect prompts that could exfiltrate sensitive information.
- Exposure of Sensitive Information —Conversational Agents are trained on user shared data. If you share data with sensitive information, it might inadvertently be exposed to other users through the Conversational Agent's responses.
- Insecure Plugin Configurations —Some Conversational Agents allow launching plugins that enable interaction with external applications and services but might have an insecure configuration. This significantly increases your attack surface and weakens your security posture.
- Hallucinations, Bias, and Ethical Concerns —Conversational Agents can generate biased, inaccurate, or misleading information.
- Code Assistants & Generators
Code Assistant & Generators can significantly boost developer productivity by generating code snippets and suggestions.
Associated Risks
- Security Vulnerabilities —Code generated by a Code Assistant & Generator could contain flaws, vulnerabilities, or malware that could be exploited thereby compromising application security.
- Intellectual Property Violations —Code generated by models trained on public repositories could violate licenses or reproduce copyrighted code.
- Exposure of Sensitive Information —Code Assistant & Generators might leak your priority algorithms because you're training a third-party model on your code.
- Developer Platforms
Developer Platforms streamline and orchestrate the process of building a GenAI application.
Associated Risks
- Exposure of Sensitive Information —Fine-tuning large language models (LLM) often requires training them with proprietary data. A security breach or unauthorized access could lead to severe data leaks.
- Enterprise Searches
Enterprise Searches aim to provide a centralized search experience across an organization's data sources.
Associated Risks
- Data Privacy and Security —Enterprise Searches have access to a wide range of sensitive data of the organization by design. A security breach or unauthorized access could lead to severe data leaks.
- Malicious Prompting —Bad actors can exploit these Enterprise Searches by crafting and injecting indirect prompts that could exfiltrate sensitive information.
- Image Editor & Generators
Image Editor & Generators leverage AI models to generate, manipulate, and edit images based on text prompts or input images.
Associated Risks
- Copyright Infringement —Image Editor & Generators can be trained on copyrighted image data, potentially leading to generated content that violates intellectual property rights.
- Deepfake Misuse — Image Editor & Generators can be used to generate highly realistic deepfakes, which could be weaponized for misinformation campaigns.
- Bias and Ethical Concerns —Image Editor & Generators can generate content that can perpetuate societal biases, generating harmful and offensive content.
- Meeting Assistants
Meeting Assistants offer capabilities such as meeting summarization, including action items and follow-up task list generation.
Associated Risks
- Privacy and Confidentiality Breaches —You risk training Meeting Assistants on sensitive or proprietary information discussed during meetings. Additionally, they could store this data in their cloud environments that might not follow the best security standards.
- Productivity Assistants
Productivity Assistants provide general task assistance synthesizing information directly within familiar productivity tools. They are privy to all data, proprietary documents, confidential information, and trade secrets that the productivity tools have access to.
Associated Risks
- Data Privacy and Security —Productivity Assistants by design have access to a wide range of sensitive data of the organization. A security breach or unauthorized access could lead to severe data leaks.
- Excessive Agency —Productivity Assistants have integrations and might support multiple types of plugins and extensions that enable interaction with external applications and services but might have an insecure configuration. This significantly increases your attack surface and weakens your security posture.
- Malicious Prompting —Bad actors could exploit these assistants by crafting and injecting indirect prompts that could exfiltrate sensitive information.
- Video Editors & Generators
Video Editor & Generators use AI models to generate, manipulate, and edit videos based on text prompts or input images.
Associated Risks
- Copyright Infringement —Video Editor & Generators can be trained data sets of existing image or video data that can include copyrighted images and videos. This can lead to generated outputs that reproduce copyrighted material.
- Deepfake Misuse —Video Editors & Generators can be used to generate highly realistic deepfakes, which could be weaponized for misinformation campaigns.
- Bias and Ethical Concerns —Video Editor & Generators can generate content that can perpetuate societal biases, generating harmful and offensive content.
- Writing Assistants
Writing Assistants enhance productivity by offering writing suggestions, grammar corrections, and content generation capabilities.
Associated Risks
- Plagiarism and Copyright Infringement —Writing Assistants can be trained on data sets of existing text that can include copyrighted writing. This can lead to generated outputs that directly reproduce material without proper attribution.
- Exposure of Sensitive Information —Writing Assistants often have access to sensitive information such as proprietary documents, personal data, or confidential communications. A security breach or unauthorized access could lead to a severe data leak.
- Bias and Ethical Concerns —Writing Assistants can generate content that can perpetuate societal biases, generating harmful and offensive content.
With SaaS Security — SaaS Security Inline , Data Security , and SaaS Security Posture Management combined—you have an integrated CASB solution that offers better security outcomes without the complexity of third-party integrations and the overhead and cost of managing the large number of vendors who exist with legacy CASBs. Use SaaS Security Inline to discover and manage risks posed by unsanctioned SaaS apps. Data Security scans assets in the cloud space for at-rest detection, inspection, and remediation across all user, folder, and file activity within sanctioned SaaS applications. SaaS Security Posture Management helps detect misconfiguration using built-in best practices, categorizes misconfiguration by severity to help you prioritize risks. It also provides misconfiguration alerts and the ability to remediate issues quickly across applications with one click of a button or manually using straightforward instructions.
Data Security
AI Access Security uses Data Security get visibility and control of data-at-rest residing in the ChatGPT Enterprise app in your network. Select InsightsAI Access and review the data-at-rest information in the Sensitive Data Assets widget to see the sensitive assets already transferred to ChatGPT. Navigate to Data Security to investigate the sensitive assets uploaded to ChatGPT Enterprise using the following steps:
- Select ManageConfigureSaaS SecurityData SecurityData Assets .
- Apply the Sensitive Asset: Yes and Application (Instance): ChatGPT Enterprise filter.
SaaS Security Inline
AI Access Security uses SaaS Security Inline to get visibility into hundreds of GenAI Apps . You can review GenAI applications and their attributes in the SaaS Security Inline Application Dictionary ( ManageConfigureSaaS SecurityDiscovered AppsApplication Dictionary ) to Add Filter and apply the GenAI Applications filter.
SaaS Security Posture Management
AI Access Security uses SaaS Security Posture Management to get visibility into third-party GenAI plugins from app marketplaces for various SaaS apps. You can view these in the Plugins widget. Alternatively, you can go to the SaaS Security Posture Management third-party plugins page ( ManageConfigureSaaS SecurityPosture Security3rd Party PluginsPlugins ) to Add Filter and apply the GenAI Applications filter.
Perform Initial AI Access Security Configuration
What's Supported with AI Access Security?
Enable Role Based Access to AI Access Security
|
Where Can I Use This? |
What Do I Need? |
|
One of the following:
|
An initial configuration is required before you can begin using AI Access Security to safely adopt generative AI (GenAI) apps across your organization. This includes enabling role-based access, setting up and configuring Enterprise Data Loss Prevention (E-DLP) to prevent exfiltration of sensitive data, and creating a Vulnerability Protection profile to stop attempts to exploit system flaws or gain unauthorized access to systems.
This procedure assumes you already activated the AI Access Security license.
- Set up and configure Enterprise Data Loss Prevention (E-DLP).
Enterprise DLP is the detection engine that prevents exfiltration of sensitive data to GenAI apps. Associate an Enterprise DLP data profile with a Security policy rule to define what is considered sensitive data and the action Enterprise DLP takes when sensitive data is detected.
- Set Up Enterprise DLP.
- Edit the Enterprise DLP cloud content , data filtering , and snippet settings as needed
- Review the supported advanced Detection Methods to use in your Enterprise DLP configuration.
The are advanced traffic match detection techniques used to prevent exfiltration of sensitive data. They can be used alongside any combination of predefined, custom regex, or file property data patterns in an advanced data profile.
- Create data patterns and data profiles to define your sensitive data match criteria.
Palo Alto Networks recommends creating advanced data profiles as they allow you to use advanced detection method techniques to strengthen your security posture.
- ( Strata Cloud Manager only ) Modify the DLP Rule to specify the impacted file types and file direction (upload or download) and the action Enterprise DLP takes when sensitive data is detected.
- Enable Role Based Access to define the access privileges for your security administrators.
Configuring access privileges AI Access Security and Enterprise DLP, as well as for the management interface (Panorama™ management server or Strata Cloud Manager.
This snippet gives your organization a starting point to implement Security policy rules that use best practices for GenAI app adoption recommended by Palo Alto Networks. This snippet allows you to quickly allow access to Sanctioned GenAI apps and blocks a wide range of potentially risky GenAI apps by default. This helps your organization maintain control over GenAI app usage while still enabling productivity-enhancing tools.
AI Access Security associates the Gen-AI-Best-Practice snippet with the default Global configuration folder by default. You can choose to leave it associated with the Global configuration folder or reassign it to specific folders or enforcement points.
This snippet is required to support tag-based policy rule enforcement. The Application-Tagging snippet contains tagging information to indicate which GenAI apps are approved for use within your organization. Tags are written to, and read from, the Application-Tagging snippet to determine whether an app is tagged as Sanctioned or Tolerated. Apps that are not explicitly tagged as Sanctioned or Tolerated are considered Unsanctioned. Tags are displayed in AI Access Security, the Activity Insights Applications page, and the Strata Cloud Manager Command Center from the information in the Application-Tagging snippet.
- Create a Vulnerability Protection profile .
Vulnerability Protection profiles are associated with your Security policy rule and stop attempts to exploit system flaws or gain unauthorized access to systems.
- ( NGFW only ) Create an internal trust zone and an outbound untrusted zone.
Zones are a logical way to group physical and virtual interfaces on the NGFW to control and log the traffic that traverses specific interfaces on your network. Policy rules on the NGFW use zones to identify where the traffic comes from and where it's going.
The internal trust zone designates traffic originating from within your organization while the outbound untrusted zone designates traffic destined for the internet.
- Create application filters to dynamically group GenAI apps for which you want to apply the same Security policy requirements.
AI Access Security includes dynamic predefined GenAI application filters based on the GenAI app use case .
- Create Custom Security policy rules to begin safely adopting GenAI apps in your organization.
Enable Role Based Access to AI Access Security
Perform Initial AI Access Security Configuration
Enable the Gen-AI-Best-Practice Snippet
|
Where Can I Use This? |
What Do I Need? |
|
One of the following:
|
Configure role-based access to AI Access Security by assigning a predefined role to your security administrators. The predefined roles you assign to your security administrators define which parts of AI Access Security they have full or partial read and write access privileges. Review the table below to understand the predefined roles that grant role-based access to AI Access Security. This information pertains only to access privileges specific to AI Access Security. For detailed information about all predefined roles and what other access privileges they grant, review the Roles and Permissions .
Custom roles are not supported.
|
Predefined AI Access Security Role |
Privileges |
|
Data Security admin |
Full read and write access privileges for AI Access Security. |
|
Multitenant Superuser |
Full read and write privileges for all available system-wide functions for all tenants in the particular multitenant hierarchy where the role is assigned. |
|
Security Administrator |
Read and write access for AI Access Security. |
|
Superuser |
Full read and write privileges for the tenant, including AI Access Security. In a multitenant hierarchy, the Superuser role is specific to a child tenant and not to the top-level parent tenant or to other child tenants. |
|
View Only Administrator |
Read-only privileges for AI Access Security |
- NGFW (Managed by Panorama)
- Prisma Access (Managed by Panorama)
- NGFW (Managed by Strata Cloud Manager)
- Prisma Access (Managed by Strata Cloud Manager)
- Configure a Panorama administrator account and admin role .
Administrator accounts specify authentication and admin role privileges for a Panorama admin. A custom admin role allows granular customized access privileges for the Panorama admin. For example, if the assigned role privilege does not allow the admin access to Security policy rules then the admin can't implement policy rules to control access to GenAI apps.
- Enable role-based access for Enterprise Data Loss Prevention (E-DLP).
This defines the access privileges to configure Enterprise DLP data patterns and profiles that define what is considered sensitive data that must be blocked. Skip this step if you have already configured role-based access to Enterprise DLP or don't want to configure access to Enterprise DLP for the user.
- Assign role-based access for AI Access Security.
- Select User and for the Identity Address , enter the email address for which you granted access in the previous step.
- For Apps & Services , select AI Access Security .
- Select a predefined Common Services Role .
- Submit .
Enable the Gen-AI-Best-Practice Snippet
Enable Role Based Access to AI Access Security
Associate the Application-Tagging Snippet
|
Where Can I Use This? |
What Do I Need? |
|
One of the following:
|
Activating AI Access Security gives you access to the predefined Gen-AI-Best-Practice snippet . This snippet gives your organization a starting point to implement Security policy rules that use best practices for GenAI app adoption recommended by Palo Alto Networks. This snippet allows you to quickly allow access to Sanctioned GenAI apps and blocks a wide range of potentially risky GenAI apps by default. This helps your organization maintain control over GenAI app usage while still enabling productivity-enhancing tools. AI Access Security associates the Gen-AI-Best-Practice snippet with the default Global configuration folder by default.
Review the two Security policy rules associated with the predefined Gen-AI-Best-Practice snippet for details about what each includes.
Expand all
Collapse all
- Sanctioned GenAI Access
The Sanctioned GenAI Access Security policy rule allows access to all GenAI apps classified as a Sanctioned app. The Sanctioned GenAI Access policy rule is part of the pre-rule rulebase so policy rule evaluation takes precedence over deployment-specific policy rules and the post-rule rulebase.
- Location — ManageConfigurationNGFW and Prisma AccessSecurity ServicesSecurity PolicyInternet Security .
- Allows access to Sanctioned GenAI apps.
- Disabled by default. You need to manually enable this Security policy rule.
- Applies the predefined Sanctioned GenAI Apps application filter .
This application filter groups GenAI apps based on their classification to dynamically enforce Security policy rules without the need to modify the Security policy rule.
- Applies to any source and destination address and user.
- Default GenAI App Access
The Sanctioned GenAI Access Security policy rule blocks access to all GenAI apps classified not classified as a Sanctioned or Tolerated app. The Default GenAI App Access policy rule is part of the post-rule rulebase so policy rule evaluation occurs after deployment-specific policy rules and the pre-rule rulebase.
- Location — ManageConfigurationNGFW and Prisma AccessSecurity ServicesSecurity PolicyInternet Security .
- Disabled by default. You need to manually enable this Security policy rule.
- Blocks access to Tolerated or Unsanctioned GenAI apps, or to any GenAI not explicitly allowed by a Security policy rule evaluated before the Default GenAI App Access policy rule in the policy rulebase hierarchy.
- Applies the predefined AI Access Security GenAI Apps application filters .
The application filter groups GenAI apps based on the GenAI Apps classification tag to dynamically enforce Security policy rules without the need to modify the Security policy rule. All traffic from GenAI apps have this classification tag applied by default.
- Applies to any source and destination address and user.
- Log in to Strata Cloud Manager.
- Select ManageConfigurationNGFW and Prisma AccessSecurity ServicesSecurity PolicyInternet Security .
- Toggle the setting in the State column for both the Sanctioned GenAI Access and Default GenAI App Access policy rules to enable.
- ( Optional ) Create and apply Security Profiles to the Sanctioned GenAI Access policy rule.
Security Profiles allow you to apply additional security settings to allowed traffic to strengthen your security posture. For example, you can associate a DLP rule with the Sanctioned GenAI Access policy rule to prevent exfiltration of sensitive data to Sanctioned GenAI apps. Alternatively, you can use the AI Access Security Recommendations to enable your network security admins to quickly address gaps and strengthen your security posture when adopting GenAI apps.
Associate the Application-Tagging Snippet
Enable the Gen-AI-Best-Practice Snippet
Discover Risks Posed by GenAI Apps
|
Where Can I Use This? |
What Do I Need? |
|
One of the following:
|
To support tagging, a predefined snippet named Application-Tagging is available in Strata Cloud Manager. This snippet is required to support tag-based policy rule enforcement. The Application-Tagging snippet contains tagging information to indicate which GenAI apps are approved for use within your organization. Tags are written to, and read from, the Application-Tagging snippet to determine whether an app is tagged as Sanctioned or Tolerated. Apps that are not explicitly tagged as Sanctioned or Tolerated are considered Unsanctioned. Tags are displayed in AI Access Security, the Activity Insights Applications page, and the Strata Cloud Manager Command Center from the information in the Application-Tagging snippet.
You can re-tag an app based on a GenAI app’s risk score and other considerations. The changes that you apply are written to the Application-Tagging snippet. You can then push the new tags as configuration changes to the NGFW or Prisma Access deployment. If you have tagging-based rules on the NGFW or Prisma Access deployment, traffic for the re-tagged app will be enforced according to the app's new tag. For example, you might have a rule on the NGFW that allows traffic only for Sanctioned or Tolerated apps. By tagging an app as Sanctioned and pushing the changes to the NGFW, you can allow traffic for the app without having to modify the rule.
To push tags to your NGFW or Prisma Access deployment, you must first associate the Application-Tagging snippet with the appropriate scope. Make sure that you associate the Application-Tagging snippet only with NGFWs or Prisma Access deployments that have the App‑ID Cloud Engine (ACE) enabled. The Application-Tagging snippet uses ACE because the AI Access Security, CASB-PA license, and CASB-X licenses give you access to a wider array of apps through the ACE service. Apps are identified in the Application-Tagging snippet by using ACE App-IDs. For this reason, the configuration push will fail if the NGFW or Prisma Access deployment isn't configured to receive App-IDs from ACE.
- Log in to Strata Cloud Manager.
- Tag GenAI apps in the Application-Tagging snippet to match the existing tags that you applied to app.
- Remove the existing Sanctioned and Tolerated app tags from all Configuration Scopes.
In September 2024, we updated the way application tagging is implemented. If you tagged apps prior to this update, be aware that tag information displayed in the AI Access Security, the Activity Insights Applications page, and the Strata Cloud Manager Command Center might no longer reflect what is being enforced on the NGFW or Prisma Access deployment. The predefined Sanctioned and Tolerated tags that you applied prior to this update can still affect tag-based policy enforcement on the NGFW or Prisma Access deployment. To ensure correct tag-based policy enforcement, remove all Sanctioned or Tolerated app tags applied prior to this September 2024 update.
- Select Manage ConfigurationNGFW and Prisma AccessObjectsApplicationApplications .
- Remove all Sanctioned and Tolerated app tags from all other Configuration Scopes.
- Change the Configuration Scope to the folder where you previously managed your app tags.
For example, if you manage your app tags from the Global folder, select Global in the Configuration Scope.
- Select your apps from the list of Matching Applications .
You can use the Sanctioned and Tolerated Tags filters to quickly narrow down the list of tagged apps.
- Remove Tag and confirm to remove existing tags.
This only removes tags added by an admin and not any of the predefined tags associated with the app by default.
- Repeat this step to remove all Sanctioned and Tolerated tags from all apps in all Configuration Scopes.
- Select ManageConfigurationNGFW and Prisma AccessOverview .
- Select Configuration ScopeSnippetsApplication-Tagging .
- In the Snippet Associations area, select the settings gear icon to display the scopes that you can associate with the Application-Tagging snippet.
- Select the scopes that you want to associate with the Application-Tagging snippet. Remember to make sure that you associate the Application-Tagging snippet only with NGFWs or Prisma Access deployments that have ACE enabled.
If you tag apps as Sanctioned or Tolerated from the Applications page in Strata Cloud Manager ( ManageConfigurationNGFW and Prisma AccessObjectsApplicationApplications ), make sure you set the Configuration Scope to the Application-Tagging snippet.
Tagging to the Application-Tagging scope is important for the following reasons:
- The tags that are displayed in AI Access Security, the Activity Insights Applications page, and the Strata Cloud Manager Command Center are read from the Application-Tagging snippet. If you tag an application in a different scope, the tags that are enforced by policy might not be the same as the tags shown in the various user interfaces.
- If the app that is tagged in the Application-Tagging scope and also tagged in a different scope, tag-based policy enforcement will be based on an evaluation order that might cause unexpected enforcement behavior.