This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

AI Access Security FAQs

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

AI Access Security FAQs

emgarcia
Community Team Member

‎08-28-2024 03:01 PM - edited ‎08-28-2024 04:28 PM

No ratings

 

  • What is AI Access Security?
  • Palo Alto Networks AI Access Security is a solution for managing GenAI applications, providing visibility, access control, data and threat protection. It enables customers to safely adopt GenAI applications, and ensure protection against sensitive data leaks and cyber threats.

 

  • What is the value proposition for our customers?
  • For all its extraordinary capabilities, GenAI applications and LLMs open up new security issues and expand the attack surface for organizations. The value proposition for AI Access Security revolves around three main pillars:

 

Visibility & Control

AI Access Security provides organizations with comprehensive visibility into their GenAI application footprint, who’s using which apps, and the level of risk.


It boasts the most up-to-date GenAI app dictionary (600+ apps) with robust taxonomy that classifies and assesses risk, detects anomalies and visualizes insights across 60+ AI-specific attributes. With the increasing adoption and use of unsanctioned apps, AI Access Security helps organizations get visibility into sanctioned and Shadow AI.


Once discovered, organizations can apply controls to approve, block or limit its usage. They can also take action on AI Access-provided recommendations to review and enable policies, classify applications, block sensitive data and more. 

Data Security

Employees are leveraging GenAI tools to generate code, summarize meetings, create content and more. Without proper controls, this opens the door for users to input sensitive data like company trade secrets, proprietary code, customer data and more.


LLM-powered data classification and context-aware models augment traditional DLP techniques for unparalleled sensitive data discovery. These inline data detections help organizations prevent sensitive data loss and ensure compliance, esp. for organizations within heavily regulated industries. 

Threat Protection

Despite all the operational efficiencies and productivity gains that GenAI tools deliver, they can, however, be compromised by adversaries to respond with malicious URLs and files. AI Access Security inspects responses and blocks malicious URLs and files inline and in real-time. AI Access Security leverages AI security services delivered via NGFW or Prisma Access to provide Threat protection.



  • How are the GenAI discovery capabilities with AI Access Security different from our NG-CASB product?
  •  

Capabilities

AI Access Security

NG-CASB-X

Everything in AI Access Security, plus…

Vision

For teams making an early commitment to enabling safe AI adoption across the enterprise

For teams scaling and enabling safe SaaS adoption across the enterprise with sophisticated security and compliance requirements

Visibility

600+ GenAI applications

66,000+ SaaS applications

Control

600+ GenAI applications

66,000+ SaaS applications

Granular Data Protection

30+ GenAI apps supported via Enterprise DLP at launch (60+ by end of Q1 FY25)

100+ SaaS apps supported via Enterprise DLP

User Education

GenAI apps supported via Slack, MS Teams, Email, Toast (Q1 FY25)

SaaS apps supported via Slack, MS Teams, Email, Toast

Data at Rest Scanning via API

Integration with ChatGPT Enterprise Compliance API. Additional integrations will follow post GA.

Integrations with 27 SaaS apps

Security Posture

Integrations with GenAI apps

Integrations with 80+ SaaS apps

Security for Interconnected SaaS

Consolidated visibility and control for Gen AI plugins detected in supported marketplaces

Integration with SaaS Platforms and associated marketplaces with complete visibility and control for all plugins detected.



  • Are there prerequisites for AI Access Security?
  • Strata Logging Services (SLS) is required. For the initial launch, Prisma Access and/or NGFW will also be required to deploy AI Access Security. 

Note: VM-series NGFWs are not supported. 

 

 

  • What are some specific use cases?
  • Financial institution wants to understand employee use of GenAI apps and prevent leakage of sensitive financial data
    • Understand GenAI application footprint to prevent Shadow AI
    • Apply controls and monitor usage to proactively mitigate risk of sensitive data loss; and respond to security incidents if needed
    • Ensure compliance with regulatory mandates

 

  • Healthcare company wants to reduce their attack surface after recent breach
    • Monitor employee use of GenAI apps to prevent cybercriminals from gaining entry or stealing credentials via this emerging attack vector
    • Ensure compliance with HIPAA through robust security and data controls
    • Prevent unauthorized access or leakage of sensitive patient data through effective monitoring and access management

 

  • Tech company wants to protect its proprietary source code from being leaked
    • Identify and block sensitive company code from being leaked into GenAI-based developer platforms like Github Copilot and Codeium
    • Identify and block access tokens, API keys, and other credentials from being accidentally entered into public LLM models and datasets
    • Prevent malicious code, generated from compromised AI tools, from entering company systems

 

  • How is AI Access Security able to detect GenAI apps?
  • Palo Alto Networks employs App-ID technology to identify applications on a network accurately. App-ID uses a comprehensive approach that includes application signatures, protocol decoding, and heuristics to recognize apps regardless of port, protocol, encryption, or evasion techniques. Specifically, signatures are used to match unique app traits, decryption is applied to inspect encrypted traffic, and reliance on port numbers is minimized to counteract evasion attempts by apps using non-standard ports.

 

  • What is the GenAI Risk Score, and how are we calculating it?
  • Palo Alto Networks evaluates an application's risk score using this process:
    • Attribute Identification: Key security attributes are identified across Compliance, Identity Access Management, and Security & Privacy categories. For Generative AI apps, additional factors like use case (e.g., conversational chat, code generation, image creation, writing assistance), prompt interface (text, audio, video), customer data used for training, and enterprise plan availability are considered.
    • Attribute Value Determination: Attribute values are determined through analysis of publicly available documentation or direct assessment of the application.
    • Attribute Weight Assignment: Attributes are weighted on a scale of 0-100 to impact the overall risk score, subject to adjustments over time.
    • Risk Score Calculation: Individual attribute risk scores are calculated and averaged, considering their weights, to produce a final score between 1 (low risk) and 5 (high risk).

Regular updates are made to attribute determinations and weights to keep the risk scoring current with the evolving threat landscape.

 

  • Will existing NG-CASB customers be able to get AI Access Security?
  • Existing customers with our CASB-X or CASB-PA bundles will automatically receive access to AI Access Security capabilities.

 

  • Where can customers find technical information such as sizing and deployment guidance?
  • Please find information here for starting with AI Access 
  • Activity and onboarding information can be found here

 

  • Can we demo the product today?
  • Yes, we can demo the product starting August 19, 2024.

 

  • What PAN-OS version will AI Access Security be released with?

 

PAN-OS version

AI Access Functionality that will be available for Net New AI Access Customers

AI Access Functionality that will be available for existing CASB-X/PA Customers

10.2.X

11.1.X
  • Visibility and control for the Gen AI app library (~88)
  • Ability to create policies for Gen AI apps (~88)
  • AI access dashboard via SCM with visibility into GenAI Apps and Users 
  • Visibility and control for the Gen AI app library (600+)
  • Ability to create policies for Gen AI apps (600+)
  • DLP inspection for all supported GenAI apps (~30)
  • AI access dashboard via SCM with visibility into GenAI Apps, Users and Sensitive Data 

11.2.2-h1 (GA) 

11.2.3 (TAC Preferred) 
  • Visibility and control for the Gen AI app library (600+)
  • Ability to create policies for Gen AI apps (600+) 
  • DLP inspection for all supported GenAI apps (~30)
  • AI access dashboard via SCM with visibility into GenAI apps, users and sensitive data
  • Tag workflows for classifying apps as Sanctioned/Tolerated (Cloud Managed)

 

Note: Net New AI Access, Panorama-managed customers will also need to install the 5.0.4 panorama plugin to ensure DLP inspection capabilities are available. 

 

  • What version of Prisma Access is required for AI Access Security?
  • First, customers must have SLS (Strata Logging Services) enabled; and secondly, their Prisma Access version must support software 5.1 Innovations and data plane version 11.2.2
  • Net New AI Access, Panorama-managed customers must be on plugin version 5.0.4

 

  • What Professional Services are available for customers?
  • Yes.
Rate this article:
0 Likes Likes
  • 45 Views
  • 0 comments
  • 0 Likes
Register or Sign-in
Contributors
Article Dashboard
Version history
Last Updated:
‎08-28-2024 04:28 PM
Updated by:
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks