{"id":362239,"date":"2026-07-16T07:50:53","date_gmt":"2026-07-16T14:50:53","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=362239"},"modified":"2026-07-16T12:04:00","modified_gmt":"2026-07-16T19:04:00","slug":"announcing-general-availability-of-prisma-airs-ai-gateway","status":"publish","type":"post","link":"https:\/\/www2.paloaltonetworks.com\/blog\/2026\/07\/announcing-general-availability-of-prisma-airs-ai-gateway\/","title":{"rendered":"Announcing the General Availability of Prisma AIRS AI Gateway"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">Every modern enterprise is moving from an organization run by software to one orchestrated by AI, creating a tension between velocity and control. To resolve this tension, organizations require a unified architecture. Today, we are announcing the general availability of the <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/ai-security\/ai-gateway\"><b>Prisma AIRS AI Gateway<\/b><\/a><span style=\"font-weight: 400;\">, the AI control plane for the enterprise.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Driven by the absolute conviction that an AI Gateway is foundational to the modern AI infrastructure stack, <\/span><b>we are bringing AI innovations from the <\/b><a href=\"https:\/\/www.paloaltonetworks.com\/company\/press\/2026\/palo-alto-networks-completes-acquisition-of-portkey-to-secure-ai-agents\"><b>Portkey acquisition<\/b><\/a><b> to Prisma AIRS just six weeks after closing<\/b><span style=\"font-weight: 400;\">. You can now scale AI at machine speed without compromising on enterprise-grade security and control.<\/span><\/p>\n<h1><span style=\"font-weight: 400;\">Your AI Footprint is Outpacing Controls<\/span><\/h1>\n<p><span style=\"font-weight: 400;\">Our next-generation firewall telemetry reveals that <\/span><b>MCP activity climbed from 11% late last year to 41.4% by mid-2026<\/b><span style=\"font-weight: 400;\">. <\/span><b>Monthly AI transaction volume grew twelve-fold over the same six months; some individual sessions moved hundreds of megabytes of enterprise data outbound.<\/b><span style=\"font-weight: 400;\"> The AI footprint you can govern today is the smallest it will ever be.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Some of the most rapid AI adoption is happening with \u2013 coding assistants, enterprise agents and copilots.<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Coding agents<\/b><span style=\"font-weight: 400;\"> access code repositories, file systems, configurations, and credentials. When this context, including source code and secrets, is sent to a frontier model, it risks exposing sensitive data, and a runaway loop could burn a fortune in tokens overnight.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Enterprise agents<\/b><span style=\"font-weight: 400;\"> run with broad access and standing privileges sharing context with each other. A single agent stretched beyond its scope can massively increase the risk of data breach, impact business reputation and customer trust.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Copilots<\/b><span style=\"font-weight: 400;\"> now sit inside the SaaS and productivity tools employees already use. Copilots with broad access can surface data an employee was never meant to see.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">As this enterprise data leaves when an AI request goes out, it creates a security and governance challenge at an unprecedented scale and speed.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">What breaks when every team adopts AI\u00a0<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">AI adoption rapidly outpaces the security and governance infrastructure meant to secure it:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Shadow AI (Cost and usage are both hidden)<\/b><span style=\"font-weight: 400;\">: You can't see the AI your teams already use or what it costs.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Data Exposure (Sensitive data leaves without a trace)<\/b><span style=\"font-weight: 400;\">: AI interactions can expose sensitive data, bypass policy and trigger unsafe outputs.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Agents Overstep (Actions run without accountability):<\/b><span style=\"font-weight: 400;\"> Agents act across systems without clear identity, permission, or accountability. Keys get shared and agents run with broad, standing privileges, so no one can say which identity authorized a specific action or reverse it when an agent takes a wrong turn at machine speed.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Faced with this, most leaders either <\/span><b><i>block traffic entirely<\/i><\/b><span style=\"font-weight: 400;\"> or <\/span><b><i>stay permissive and promise to govern later<\/i><\/b><span style=\"font-weight: 400;\">. Both approaches fail because they skip the critical step: seeing what agents do at runtime and controlling their actions while they happen.<\/span><\/p>\n<h1><span style=\"font-weight: 400;\">Accelerate AI Adoption with Control<\/span><\/h1>\n<p><span style=\"font-weight: 400;\">To scale AI adoption safely, you need a single control plane sitting between every AI interaction and the backend models. Prisma AIRS AI Gateway brings AI governance, identity and runtime controls together in one place. With the AI Gateway, you can:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Discover AI usage<\/b><span style=\"font-weight: 400;\">: Know exactly which apps, models, users, teams and agents are active, what they are accessing, and what they cost in a single unified view.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Govern AI interactions<\/b><span style=\"font-weight: 400;\">: Enforce central rules for model access, tool use and budgets while inspecting prompts and responses inline to prevent data leaks.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Secure every agent<\/b><span style=\"font-weight: 400;\">: Verify agent identities and enforce just-in-time, least-privilege access so autonomous systems only touch what they need, when they need it.<\/span><\/li>\n<\/ul>\n<h1><span style=\"font-weight: 400;\">How the AI Gateway works\u00a0<\/span><\/h1>\n<p><span style=\"font-weight: 400;\">Prisma AIRS AI Gateway sits inline between every AI interaction, model provider, and agentic interaction (Agent\/AI App to LLMs, MCP Tool Calls, and A2A). It acts as a unified LLM, MCP, and A2A Gateway with a single enforcement point for all operational and security controls. Your teams keep using their existing coding assistants, enterprise agents, and copilots, while enforcement moves to the infrastructure layer where the platform team can own it.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Capabilities delivered through this unified control plane are:<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/p>\n<p><b>Observability<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Every request maps to a single unified view: tracking usage, users, projects, token counts, latency and cost so you can retire shadow AI infrastructure immediately.<\/span><\/p>\n<p><b><\/b><b>Governance<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Centrally define approved models, tools, and access without touching developer configurations. To drive FinOps and usage management, track every request's cost, tokens, and latency by team or project. Answer cost questions instantly, shut down unsanctioned AI usage, and proactively enforce budgets and rate limits before access is granted.<\/span><\/p>\n<p><b><\/b><b>Coding Assistant Security<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Protect credentials, proprietary code and development systems from risky AI actions. The gateway replaces raw provider keys with scoped credentials per user and team.<\/span><\/p>\n<p><b><\/b><b>Operational Controls<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Apply data protection, usage limits and policy checks as AI interactions happen. Traffic distributes via a Universal API across providers ensuring quotas are enforced and outages never stall your pipeline.<\/span><\/p>\n<p><b><\/b><b>Agent Identity<\/b> <b>Security<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Establish trusted identities by binding a verifiable, ephemeral identity to agents at execution. The AI Gateway acts as an enforcement point to enable only authenticated agents to make approved calls.<\/span><\/p>\n<p><b><\/b><b>Runtime Security\u00a0<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Powered by <\/span><a href=\"https:\/\/www.paloaltonetworks.in\/prisma\/prisma-ai-runtime-security\/ai-runtime-security\" rel=\"nofollow,noopener\" ><b>Prisma AIRS AI Runtime Security<\/b><\/a><span style=\"font-weight: 400;\">, the gateway inspects every prompt and response inline, stopping source code, secrets and customer data from leaving the network while neutralizing prompt injection attempts aligned with the OWASP LLM Top 10 and <\/span><a href=\"https:\/\/www.paloaltonetworks.in\/resources\/ebooks\/owasp-agentic-top-10-survival-guide\" rel=\"nofollow,noopener\" ><span style=\"font-weight: 400;\">OWASP Top 10 for Agentic Applications<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><div style=\"max-width:100%\" data-width=\"2560\"><span class=\"ar-custom\" style=\"padding-bottom:56.25%;\"><img loading=\"lazy\" decoding=\"async\"  class=\"aligncenter size-full wp-image-362745 lozad\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2026\/07\/Prisma-AIRS-AI-Gateway-Marktecture-1-scaled.jpg\" alt=\"the ai control plane of every enterprise\" width=\"2560\" height=\"1440\" srcset=\"https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2026\/07\/Prisma-AIRS-AI-Gateway-Marktecture-1-scaled.jpg 2560w, https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2026\/07\/Prisma-AIRS-AI-Gateway-Marktecture-1-230x129.jpg 230w, https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2026\/07\/Prisma-AIRS-AI-Gateway-Marktecture-1-500x281.jpg 500w, https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2026\/07\/Prisma-AIRS-AI-Gateway-Marktecture-1-768x432.jpg 768w, https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2026\/07\/Prisma-AIRS-AI-Gateway-Marktecture-1-1536x864.jpg 1536w, https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2026\/07\/Prisma-AIRS-AI-Gateway-Marktecture-1-2048x1152.jpg 2048w, https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2026\/07\/Prisma-AIRS-AI-Gateway-Marktecture-1-510x287.jpg 510w, https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2026\/07\/Prisma-AIRS-AI-Gateway-Marktecture-1-71x40.jpg 71w, https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2026\/07\/Prisma-AIRS-AI-Gateway-Marktecture-1-533x300.jpg 533w\" sizes=\"auto, (max-width: 2560px) 100vw, 2560px\" \/><\/span><\/div><\/p>\n<h1><span style=\"font-weight: 400;\">The AI Control Plane for the Enterprise<\/span><\/h1>\n<p><span style=\"font-weight: 400;\">Prisma AIRS AI Gateway brings AI governance, identity and runtime controls together in one place. Point products filter text strings or route a single API call and they buckle under real enterprise volume.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\">Most products fail at scale. Prisma AIRS AI Gateway is built on an architecture tested in the most demanding enterprises for their ever evolving AI workloads:\u00a0<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>68 Trillion+ tokens processed<\/b><span style=\"font-weight: 400;\"> in the last month alone.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Sub-millisecond routing latency <\/b><span style=\"font-weight: 400;\">and inline inspection secures AI interactions without degrading user experience.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>99.999% availability<\/b><span style=\"font-weight: 400;\"> helps ensure your AI operational pipeline does not experience a single point of failure.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Learn about <a href=\"https:\/\/www.paloaltonetworks.com\/ai-security\/ai-gateway\">Prisma AIRS AI Gateway<\/a> and register for our webinar to see the AI Gateway in action.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Your developers have already adopted their agents. The agentic enterprise is a reality. As the recently named <\/span><a href=\"https:\/\/www.gartner.com\/en\/documents\/8015569\" rel=\"nofollow,noopener\" ><b>\"company to beat\" in AI Security Platforms by Gartner<\/b><\/a><span style=\"font-weight: 400;\">, Palo Alto Networks is uniquely positioned to help you. <a href=\"https:\/\/www.paloaltonetworks.com\/ai-security\/ai-gateway#contact\">Let\u2019s build it securely, together<\/a>.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Every modern enterprise is moving from an organization run by software to one orchestrated by AI, creating a tension between velocity and control. To resolve this tension, organizations require a unified architecture. &hellip;<\/p>\n","protected":false},"author":824,"featured_media":362531,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[9943,308,6717],"tags":[],"coauthors":[7477],"class_list":["post-362239","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ai-security","category-announcement","category-products-and-services","ai_security_category-agent-security","ai_security_category-ai-governance","ai_security_category-develop-ai-safely"],"jetpack_featured_media_url":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2026\/07\/Prisma_Airs_AI_Gateway_Featured.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/362239","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/824"}],"replies":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=362239"}],"version-history":[{"count":12,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/362239\/revisions"}],"predecessor-version":[{"id":362765,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/362239\/revisions\/362765"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/362531"}],"wp:attachment":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=362239"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=362239"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=362239"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=362239"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}