{"id":331557,"date":"2024-11-19T09:00:44","date_gmt":"2024-11-19T17:00:44","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=331557"},"modified":"2024-11-19T11:02:28","modified_gmt":"2024-11-19T19:02:28","slug":"secure-ai-applications-through-code","status":"publish","type":"post","link":"https:\/\/www2.paloaltonetworks.com\/blog\/2024\/11\/secure-ai-applications-through-code\/","title":{"rendered":"Empower Developers to Secure AI Applications Through Code"},"content":{"rendered":"

We understand that every organization\u2019s AI security needs and infrastructure are different. Palo Alto Networks wants to enable AI security in a manner that best aligns with those needs. Some customers have told us they want to stop threats at the network layer with no app changes, while others want to detect and prevent threats in app code without changing their network, and \u200b\u200bsome want to do defense-in-depth with both options. Now, that choice is yours with AI Runtime Security<\/a>.<\/p>\n

As organizations continue to build new AI applications and infuse existing applications with AI functionality, the risks of AI threats increase. However, all this growth comes with added risks. Hugging Face alone hosts over 1 million models, datasets and apps, and it has over 19 million users every month. Open-source technologies and a new wave of threats<\/a> means your developers need to prepare to defend your AI ecosystem.<\/p>\n

Earlier this year, Palo Alto Networks enabled infrastructure security teams<\/a> to deploy a network layer enforcement to help secure AI ecosystems by protecting AI applications, models and data. Today, Palo Alto Networks is set to redefine AI security by offering AI security as code to our Palo Alto Networks product portfolio. In a market first, we are pleased to announce that AI Runtime Security is now available with both a network and API-based enforcement points.<\/p>\n

<\/a>AI Runtime Security-as-Code<\/h2>\n

Through this new API functionality, Palo Alto Networks brings AI security-as-code to market to enable AI security in a fast and easy way. Developers get access to a RESTful API and can embed the custom-generated code template within their existing application code. This enables the analysis of the payload within the prompts and responses users create between any developed AI apps and any models that power them. Customers send their prompts and model responses to the API in their app code and then receive a verdict. This indicates if a threat was detected, alongside the recommended action that should be taken.<\/p>\n

\"Screenshot<\/span><\/div>
Sample code template generated for developers to embed.<\/figcaption><\/figure>\n

To fine-tune their AI protection, organizations can define a security profile within Strata Cloud Manager<\/a> and then apply those policies universally. These profiles enable security teams to control how certain threats are handled (allow or block), such as with prompt injections, malicious URLs and sensitive data leaks.<\/p>\n

\"Screen<\/span><\/div>
Developers can define a security profile along with actions to be taken for each threat type.<\/figcaption><\/figure>\n

<\/a>Flexible Deployment with Granular Security<\/h2>\n

Due to its lightweight and flexible form factor, the AI Runtime Security API also provides significant advantages for nimble, AI-focused organizations:<\/p>\n