Enterprise Security in the Agentic AI Era

Palo Alto Prisma AIRS (AI Runtime Security)

3 min read

Palo Alto Prisma AIRS (AI Runtime Security)

Prisma AIRS is Palo Alto Networks’ end-to-end AI security platform protecting the full lifecycle of AI applications and agents — model security, posture management, runtime firewalling, API-based inline guardrails, and AI red teaming. It is branded under the Prisma family alongside Prisma Cloud (CNAPP) and Prisma SASE (Access), positioned as the dedicated AI security pillar.

Capabilities

CapabilityDescription
AI Runtime Firewall + AI Runtime API (API Intercept)Inline enforcement against prompt injection, jailbreaks, tool misuse, malicious agent behavior; PII/secret redaction; outbound data-leak prevention
AI Model SecurityModel scanning for malicious models, vulnerabilities, supply-chain risk (from the Protect AI acquisition: Guardian, ModelScan tooling)
AI Red TeamingContinuous autonomous adversarial testing of deployed models and agents
Posture ManagementConfiguration and access risk for AI services (distinct from Prisma Cloud’s AI-SPM, which came from Dig Security)
Agent defenseReal-time agent behavior monitoring added in 2.0 (October 2025)

Deployment

SaaS control plane with multiple enforcement modes:

ModeUse case
API-based interceptDeveloper-integrated guardrails via the AI Runtime API (documented at pan.dev/airs); applications POST prompts/responses for inspection before delivery
Network-inlineExisting PAN-OS NGFW or Prisma Access enforcement points inspect AI traffic
SDK / proxy partner integrationsPortkey AI Gateway (announced August 2025) and LiteLLM proxy guardrails — Prisma AIRS as a guardrail backend for OSS AI gateways

Role in the RA

In the Agentic AI Security RA, Prisma AIRS appears in multiple planes:

PlaneCapabilityRole
RuntimeInput filtering / prompt-injection detectionCommercial alternative to LlamaFirewall / Lakera Guard
RuntimeTopic / content safetyPII/secret redaction; output filtering
EgressTool authorization (via API Intercept)Inline policy enforcement on agent-to-tool communications
DataModel scanning + supply-chainFrom Protect AI integration
ObservabilityAI Security Posture ManagementDistinct from Wiz AI-SPM; tighter PA stack integration
ObservabilityAI red teaming integrationContinuous CART; competes with Mindgard CART

The enterprise recommended stack lists Prisma AIRS for organizations with existing Palo Alto Networks platform commitments (Prisma SASE, Prisma Cloud, Cortex). Its strongest competitive position is as a unified AI security pillar integrated into a broader PA portfolio rather than as a best-of-breed point solution.

Comparison with peers

ComparisonPrisma AIRSAlternative
vs LlamaFirewall (input filtering)Commercial SaaS; managed updates; broader scopeOSS; self-hosted; published benchmarks
vs Lakera Guard (content safety)Tighter PA portfolio integration; bundled with model scanning + red teamingSpecialist focus; Gandalf-fed continuous detection updates
vs Wiz AI-SPM (posture)Tied to PA stack; built on Dig Security acquisitionMulti-cloud graph; not tied to a runtime stack
vs Mindgard CART (red teaming)Bundled in 2.0; enterprise scopeBest-of-breed CART specialist

The strategic positioning: Prisma AIRS is breadth across the AI lifecycle, sacrificing depth in any single capability for unified policy and reporting under the PA portfolio.

Timeline

DateEvent
April 28, 2025Prisma AIRS launched (initial GA)
August 2025Portkey AI Gateway integration with Prisma AIRS announced
October 29, 2025Prisma AIRS 2.0 GA — Protect AI integration completes; agent-lifecycle protection expanded
2026CyberArk acquisition by Palo Alto (~$25B) — integration with CyberArk Conjur expected, bringing identity-side coverage under the Prisma AIRS umbrella

Marketing positioning at 2.0 launch: “78% of organizations transforming with AI but only 6% have guardrails.”

CMM positioning

  • D3 (Runtime Guardrails) L3+: Inline prompt-injection, jailbreak, tool-misuse detection
  • D6 (Supply Chain) L3: Model scanning from Protect AI integration
  • D7 (Observability & Audit) L3: AI-SPM via Dig Security lineage
  • D7 (Red Teaming) L4: Continuous AI red teaming (CART) capability

Two AI-SPM products under Palo Alto

Palo Alto has two distinct AI-SPM offerings: (1) Prisma Cloud AI-SPM — built on the Dig Security acquisition and integrated into Prisma Cloud CNAPP; (2) Prisma AIRS posture management — the AIRS-native posture component. Buyers evaluating Palo Alto’s AI security portfolio should confirm which AI-SPM their license includes.

Graph View

Backlinks